HIVE-14927: Remove code duplication from tests in TestLdapAtnProviderWithMiniDS (Illya Yalovyy via Chaoyu Tang)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/8888fe4d Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/8888fe4d Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/8888fe4d Branch: refs/heads/hive-14535 Commit: 8888fe4d88d6459f7b3672d3cc32e87b3c742214 Parents: b597ab2 Author: ctang <ct...@cloudera.com> Authored: Tue Oct 18 17:04:50 2016 -0400 Committer: ctang <ct...@cloudera.com> Committed: Tue Oct 18 17:04:50 2016 -0400 ---------------------------------------------------------------------- .../auth/TestLdapAtnProviderWithMiniDS.java | 1093 ++++++------------ .../auth/ldap/LdapAuthenticationTestCase.java | 142 +++ .../org/apache/hive/service/auth/ldap/User.java | 99 ++ 3 files changed, 605 insertions(+), 729 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/8888fe4d/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java ---------------------------------------------------------------------- diff --git a/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java index 8c723cf..cd62935 100644 --- a/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java +++ b/service/src/test/org/apache/hive/service/auth/TestLdapAtnProviderWithMiniDS.java @@ -20,12 +20,6 @@ package org.apache.hive.service.auth; -import java.util.HashMap; -import java.util.Map; -import java.util.Iterator; - -import javax.security.sasl.AuthenticationException; - import org.apache.directory.server.annotations.CreateLdapServer; import org.apache.directory.server.annotations.CreateTransport; import org.apache.directory.server.core.annotations.ApplyLdifFiles; @@ -36,14 +30,12 @@ import org.apache.directory.server.core.annotations.CreatePartition; import org.apache.directory.server.core.integ.AbstractLdapTestUnit; import org.apache.directory.server.core.integ.FrameworkRunner; -import org.apache.hadoop.hive.conf.HiveConf; -import static org.junit.Assert.assertTrue; +import org.apache.hive.service.auth.ldap.LdapAuthenticationTestCase; +import org.apache.hive.service.auth.ldap.User; import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; +import static org.junit.Assert.assertTrue; /** @@ -78,22 +70,39 @@ import org.junit.runner.RunWith; @ApplyLdifFiles("ldap/example.com.ldif") public class TestLdapAtnProviderWithMiniDS extends AbstractLdapTestUnit { - private static LdapAuthenticationProviderImpl ldapProvider; - Map<String, String> ldapProperties; - - static final User USER1 = new User("user1", "user1", "uid=user1,ou=People,dc=example,dc=com"); - static final User USER2 = new User("user2", "user2", "uid=user2,ou=People,dc=example,dc=com"); - static final User USER3 = new User("user3", "user3", "cn=user3,ou=People,dc=example,dc=com"); - static final User USER4 = new User("user4", "user4", "cn=user4,ou=People,dc=example,dc=com"); - - @Before - public void setup() throws Exception { - ldapProperties = new HashMap<>(); - } - - @BeforeClass - public static void init() throws Exception { - ldapProvider = new LdapAuthenticationProviderImpl(new HiveConf()); + private static final String GROUP1_NAME = "group1"; + private static final String GROUP2_NAME = "group2"; + private static final String GROUP3_NAME = "group3"; + private static final String GROUP4_NAME = "group4"; + + private static final User USER1 = User.builder() + .id("user1") + .useIdForPassword() + .dn("uid=user1,ou=People,dc=example,dc=com") + .build(); + + private static final User USER2 = User.builder() + .id("user2") + .useIdForPassword() + .dn("uid=user2,ou=People,dc=example,dc=com") + .build(); + + private static final User USER3 = User.builder() + .id("user3") + .useIdForPassword() + .dn("cn=user3,ou=People,dc=example,dc=com") + .build(); + + private static final User USER4 = User.builder() + .id("user4") + .useIdForPassword() + .dn("cn=user4,ou=People,dc=example,dc=com") + .build(); + + private LdapAuthenticationTestCase testCase; + + private LdapAuthenticationTestCase.Builder defaultBuilder() { + return LdapAuthenticationTestCase.builder().ldapServer(ldapServer); } @AfterClass @@ -103,633 +112,322 @@ public class TestLdapAtnProviderWithMiniDS extends AbstractLdapTestUnit { } } - private void initLdapAtn() throws Exception { - String ldapUrl = "ldap://localhost:"; + ldapServer.getPort(); - - HiveConf hiveConf = new HiveConf(); - hiveConf.set("hive.root.logger", "DEBUG,console"); - hiveConf.set("hive.server2.authentication.ldap.url", ldapUrl); - - for (Map.Entry<String, String> entry : ldapProperties.entrySet()) { - hiveConf.set(entry.getKey(), entry.getValue()); - } - - ldapProvider = new LdapAuthenticationProviderImpl(hiveConf); - } - @Test public void testLDAPServer() throws Exception { - initLdapAtn(); assertTrue(ldapServer.isStarted()); assertTrue(ldapServer.getPort() > 0); } @Test - public void testUserBindPositiveWithShortname() throws Exception { - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - initLdapAtn(); - String user; - - user = USER1.getUID(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password " - + USER1.getPassword() + ", expected to succeed"); - } - - user = USER2.getUID(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + USER2.getUID() + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password " - + USER2.getPassword() + ", expected to succeed"); - } + public void testUserBindPositiveWithShortname() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); } @Test - public void testUserBindPositiveWithShortnameOldConfig() throws Exception { - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com"); - initLdapAtn(); - String user; - - user = USER1.getUID(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password " - + USER1.getPassword() + ", expected to succeed"); - } + public void testUserBindPositiveWithShortnameOldConfig() { + testCase = defaultBuilder() + .baseDN("ou=People,dc=example,dc=com") + .build(); - user = USER2.getUID(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + USER2.getUID() + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + " with password " - + USER2.getPassword() + ", expected to succeed"); - } + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); } @Test - public void testUserBindNegativeWithShortname() throws Exception { - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - initLdapAtn(); - - try { - ldapProvider.Authenticate(USER1.getUID(), USER2.getPassword()); - Assert.fail("testUserBindNegative: Authentication succeeded for " + USER1.getUID() + " with password " - + USER2.getPassword() + ", expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + USER1.getUID() + " as expected", true); - } - - try { - ldapProvider.Authenticate(USER2.getUID(), "user"); - Assert.fail("testUserBindNegative: Authentication failed for " + USER2.getUID() + " with password user, expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + USER2.getUID() + " as expected", true); - } + public void testUserBindNegativeWithShortname() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .build(); + + testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithId()); + testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithId()); } @Test - public void testUserBindNegativeWithShortnameOldConfig() throws Exception { - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com"); - initLdapAtn(); - - try { - ldapProvider.Authenticate(USER1.getUID(), USER2.getPassword()); - Assert.fail("testUserBindNegative: Authentication succeeded for " + USER1.getUID() + " with password " - + USER2.getPassword() + ", expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + USER1.getUID() + " as expected", true); - } - - try { - ldapProvider.Authenticate(USER2.getUID(), "user"); - Assert.fail("testUserBindNegative: Authentication failed for " + USER2.getUID() + " with password user, expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + USER2.getUID() + " as expected", true); - } + public void testUserBindNegativeWithShortnameOldConfig() { + testCase = defaultBuilder() + .baseDN("ou=People,dc=example,dc=com") + .build(); + + testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithId()); + testCase.assertAuthenticateFails( + USER1.getDn(), + USER2.getPassword()); + testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithId()); } @Test - public void testUserBindPositiveWithDN() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER1.getPassword() + ", expected to succeed:" + e.getMessage()); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " user as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER2.getPassword() + ", expected to succeed:" + e.getMessage()); - } + public void testUserBindPositiveWithDN() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testUserBindPositiveWithDNOldConfig() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com"); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER1.getPassword() + ", expected to succeed"); - } + public void testUserBindPositiveWithDNOldConfig() { + testCase = defaultBuilder() + .baseDN("ou=People,dc=example,dc=com") + .build(); - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER2.getPassword() + ", expected to succeed"); - } + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testUserBindPositiveWithDNWrongOldConfig() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=DummyPeople,dc=example,dc=com"); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER1.getPassword() + ", expected to succeed"); - } + public void testUserBindPositiveWithDNWrongOldConfig() { + testCase = defaultBuilder() + .baseDN("ou=DummyPeople,dc=example,dc=com") + .build(); - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " - + USER2.getPassword() + ", expected to succeed"); - } + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testUserBindPositiveWithDNWrongConfig() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=DummyPeople,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=DummyGroups,dc=example,dc=com"); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER1.getPassword() + ", expected to succeed"); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER2.getPassword() + ", expected to succeed"); - } + public void testUserBindPositiveWithDNWrongConfig() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=DummyPeople,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=DummyGroups,dc=example,dc=com") + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testUserBindPositiveWithDNBlankConfig() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", " "); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", " "); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER1.getPassword() + ", expected to succeed"); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER2.getPassword() + ", expected to succeed"); - } + public void testUserBindPositiveWithDNBlankConfig() { + testCase = defaultBuilder() + .userDNPatterns(" ") + .groupDNPatterns(" ") + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test public void testUserBindPositiveWithDNBlankOldConfig() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", ""); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); + testCase = defaultBuilder() + .baseDN("") + .build(); - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER1.getPassword() + ", expected to succeed"); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserBindPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserBindPositive: Authentication failed for user:" + user + - " with password " + USER2.getPassword() + ", expected to succeed"); - } + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testUserBindNegativeWithDN() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserBindNegative: Authentication succeeded for " + user + " with password " + - USER2.getPassword() + ", expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + user + " as expected", true); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, "user"); - Assert.fail("testUserBindNegative: Authentication failed for " + user + " with password user, " + - "expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + user + " as expected", true); - } + public void testUserBindNegativeWithDN() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .build(); + + testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithDn()); + testCase.assertAuthenticateFails( + USER1.getDn(), + USER2.getPassword()); + testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithDn()); } @Test - public void testUserBindNegativeWithDNOldConfig() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com"); - initLdapAtn(); - assertTrue(ldapServer.getPort() > 0); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserBindNegative: Authentication succeeded for " + user + " with password " + - USER2.getPassword() + ", expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + user + " as expected", true); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, "user"); - Assert.fail("testUserBindNegative: Authentication failed for " + user + " with password user, " + - "expected to fail"); - } catch (AuthenticationException e) { - assertTrue("testUserBindNegative: Authentication failed for " + user + " as expected", true); - } + public void testUserBindNegativeWithDNOldConfig() { + testCase = defaultBuilder() + .baseDN("ou=People,dc=example,dc=com") + .build(); + + testCase.assertAuthenticateFailsUsingWrongPassword(USER1.credentialsWithDn()); + testCase.assertAuthenticateFails( + USER1.getDn(), + USER2.getPassword()); + testCase.assertAuthenticateFailsUsingWrongPassword(USER2.credentialsWithDn()); } @Test - public void testUserFilterPositive() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER2.getUID()); - initLdapAtn(); - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER2.getUID(); - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserFilterPositive: Authentication failed for " + user + ",user expected to pass userfilter"); - } - - ldapProperties = new HashMap<>(); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER1.getUID()); - initLdapAtn(); - - try { - user = USER1.getDN(); - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER1.getUID(); - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserFilterPositive: Authentication failed for " + user + ",user expected to pass userfilter"); - } - - ldapProperties = new HashMap<>(); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER2.getUID() + "," + USER1.getUID()); - initLdapAtn(); - - try { - user = USER1.getDN(); - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER2.getUID(); - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserFilterPositive: Authentication succeeded for " + user + " as expected", true); - - } catch (AuthenticationException e) { - Assert.fail("testUserFilterPositive: Authentication failed for user, user is expected to pass userfilter"); - } + public void testUserFilterPositive() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .userFilters(USER1.getId()) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .userFilters(USER2.getId()) + .build(); + + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); + + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .userFilters( + USER1.getId(), + USER2.getId()) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testUserFilterNegative() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER2.getUID()); - initLdapAtn(); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - Assert.fail("testUserFilterNegative: Authentication succeeded for " + user + ",user is expected to fail userfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserFilterNegative: Authentication failed for " + user + " as expected", true); - } - - user = USER1.getUID(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - Assert.fail("testUserFilterNegative: Authentication succeeded for " + user + ",user is expected to fail userfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserFilterNegative: Authentication failed for " + user + " as expected", true); - } - - ldapProperties = new HashMap<>(); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER1.getUID()); - initLdapAtn(); - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserFilterNegative: Authentication succeeded for " + user + ",user is expected to fail userfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserFilterNegative: Authentication failed for " + user + " as expected", true); - } - - user = USER2.getUID(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserFilterNegative: Authentication succeeded for " + user + ",user is expected to fail userfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserFilterNegative: Authentication failed for " + user + " as expected", true); - } - - ldapProperties = new HashMap<>(); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER3.getUID()); - initLdapAtn(); - - user = USER1.getUID(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - Assert.fail("testUserFilterNegative: Authentication succeeded for " + user + ",user expected to fail userfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserFilterNegative: Authentication failed for " + user + " as expected", true); - } - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserFilterNegative: Authentication succeeded for " + user + ",user expected to fail userfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserFilterNegative: Authentication failed for " + user + " as expected", true); - } + public void testUserFilterNegative() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .userFilters(USER2.getId()) + .build(); + + testCase.assertAuthenticateFails(USER1.credentialsWithId()); + testCase.assertAuthenticateFails(USER1.credentialsWithDn()); + + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .userFilters(USER1.getId()) + .build(); + + testCase.assertAuthenticateFails(USER2.credentialsWithId()); + testCase.assertAuthenticateFails(USER2.credentialsWithDn()); + + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .userFilters(USER3.getId()) + .build(); + + testCase.assertAuthenticateFails(USER1.credentialsWithId()); + testCase.assertAuthenticateFails(USER2.credentialsWithId()); } @Test - public void testGroupFilterPositive() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group1,group2"); - initLdapAtn(); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER1.getUID(); - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER2.getDN(); - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testGroupFilterPositive: Authentication failed for " + user + ",user expected to pass groupfilter"); - } - - ldapProperties = new HashMap<>(); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group2"); - initLdapAtn(); - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testGroupFilterPositive: Authentication failed for " + user + ",user expected to pass groupfilter"); - } + public void testGroupFilterPositive() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .groupFilters( + GROUP1_NAME, + GROUP2_NAME) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); + + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .groupFilters(GROUP2_NAME) + .build(); + + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testGroupFilterNegative() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group1"); - initLdapAtn(); - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testGroupFilterNegative: Authentication succeeded for " + user + ",user expected to fail groupfilter"); - } catch (AuthenticationException e) { - assertTrue("testGroupFilterNegative: Authentication failed for " + user + " as expected", true); - } + public void testGroupFilterNegative() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .groupFilters(GROUP2_NAME) + .build(); - ldapProperties = new HashMap<>(); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group2"); - initLdapAtn(); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - Assert.fail("testGroupFilterNegative: Authentication succeeded for " + user + ",user expected to fail groupfilter"); - } catch (AuthenticationException e) { - assertTrue("testGroupFilterNegative: Authentication failed for " + user + " as expected", true); - } - } - @Test - public void testUserAndGroupFilterPositive() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER1.getUID() + "," + USER2.getUID()); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group1,group2"); - initLdapAtn(); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserAndGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER1.getUID(); - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testUserAndGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - - } catch (AuthenticationException e) { - Assert.fail("testUserAndGroupFilterPositive: Authentication failed for " + user + ",user expected to pass groupfilter"); - } + testCase.assertAuthenticateFails(USER1.credentialsWithId()); + testCase.assertAuthenticateFails(USER1.credentialsWithDn()); - user = USER2.getUID(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testUserAndGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testUserAndGroupFilterPositive: Authentication failed for " + user + ",user expected to pass groupfilter"); - } + + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .groupFilters(GROUP1_NAME) + .build(); + + testCase.assertAuthenticateFails(USER2.credentialsWithId()); + testCase.assertAuthenticateFails(USER2.credentialsWithDn()); } @Test - public void testUserAndGroupFilterNegative() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "uid=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userFilter", USER1.getUID() + "," + USER2.getUID()); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group1"); - initLdapAtn(); - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserAndGroupFilterNegative: Authentication succeeded for " + user + ",user expected to fail groupfilter"); - - user = USER2.getUID(); - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testUserAndGroupFilterNegative: Authentication succeeded for " + user + ",user expected to fail groupfilter"); - - user = USER3.getUID(); - ldapProvider.Authenticate(user, USER3.getPassword()); - Assert.fail("testUserAndGroupFilterNegative: Authentication succeeded for " + user + ",user expected to fail groupfilter"); - } catch (AuthenticationException e) { - assertTrue("testUserAndGroupFilterNegative: Authentication failed for " + user + " as expected", true); - } + public void testUserAndGroupFilterPositive() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .userFilters( + USER1.getId(), + USER2.getId()) + .groupFilters( + GROUP1_NAME, + GROUP2_NAME) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); } @Test - public void testCustomQueryPositive() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com:uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "cn=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.customLDAPQuery", "(&(objectClass=person)(|(uid=" - + USER1.getUID() + ")(uid=" + USER4.getUID() + ")))"); - initLdapAtn(); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testCustomQueryPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER1.getUID(); - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testCustomQueryPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER4.getDN(); - ldapProvider.Authenticate(user, USER4.getPassword()); - assertTrue("testCustomQueryPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testCustomQueryPositive: Authentication failed for " + user + ",user expected to pass custom LDAP Query"); - } + public void testUserAndGroupFilterNegative() { + testCase = defaultBuilder() + .userDNPatterns("uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("uid=%s,ou=Groups,dc=example,dc=com") + .userFilters( + USER1.getId(), + USER2.getId()) + .groupFilters( + GROUP3_NAME, + GROUP3_NAME) + .build(); + + testCase.assertAuthenticateFails(USER2.credentialsWithDn()); + testCase.assertAuthenticateFails(USER2.credentialsWithId()); + testCase.assertAuthenticateFails(USER3.credentialsWithDn()); + testCase.assertAuthenticateFails(USER3.credentialsWithId()); } @Test - public void testCustomQueryNegative() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "ou=People,dc=example,dc=com"); - // ldap query will only return user1 - ldapProperties.put("hive.server2.authentication.ldap.customLDAPQuery", "(&(objectClass=person)(uid=" - + USER1.getUID() + "))"); - initLdapAtn(); - - user = USER2.getDN(); - try { - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testCustomQueryNegative: Authentication succeeded for " + user + ",user expected to fail custom LDAP Query"); - } catch (AuthenticationException e) { - assertTrue("testCustomQueryNegative: Authentication failed for " + user + " as expected", true); - } + public void testCustomQueryPositive() { + testCase = defaultBuilder() + .baseDN("ou=People,dc=example,dc=com") + .userDNPatterns( + "cn=%s,ou=People,dc=example,dc=com", + "uid=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("cn=%s,ou=People,dc=example,dc=com") + .customQuery( + String.format("(&(objectClass=person)(|(uid=%s)(uid=%s)))", + USER1.getId(), + USER4.getId())) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER4.credentialsWithId()); + testCase.assertAuthenticatePasses(USER4.credentialsWithDn()); + } - try { - user = USER2.getUID(); - ldapProvider.Authenticate(user, USER2.getPassword()); - Assert.fail("testCustomQueryNegative: Authentication succeeded for " + user + ",user expected to fail custom LDAP Query"); - } catch (AuthenticationException e) { - assertTrue("testCustomQueryNegative: Authentication failed for " + user + " as expected", true); - } + @Test + public void testCustomQueryNegative() { + testCase = defaultBuilder() + .baseDN("ou=People,dc=example,dc=com") + .customQuery( + String.format("(&(objectClass=person)(uid=%s))", + USER1.getId())) + .build(); + + testCase.assertAuthenticateFails(USER2.credentialsWithDn()); + testCase.assertAuthenticateFails(USER2.credentialsWithId()); } /** @@ -740,164 +438,101 @@ public class TestLdapAtnProviderWithMiniDS extends AbstractLdapTestUnit { "hive.server2.authentication.ldap.groupMembershipKey" */ @Test - public void testCustomQueryWithGroupsPositive() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com:uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.customLDAPQuery", - "(&(objectClass=groupOfNames)(|(cn=group1)(cn=group2)))"); - initLdapAtn(); - - user = USER1.getDN(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testCustomQueryWithGroupsPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER2.getUID(); - ldapProvider.Authenticate(user, USER2.getPassword()); - assertTrue("testCustomQueryWithGroupsPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testCustomQueryWithGroupsPositive: Authentication failed for " + user + ",user expected to pass custom LDAP Query"); - } + public void testCustomQueryWithGroupsPositive() { + testCase = defaultBuilder() + .baseDN("dc=example,dc=com") + .userDNPatterns( + "cn=%s,ou=People,dc=example,dc=com", + "uid=%s,ou=People,dc=example,dc=com") + .customQuery( + String.format("(&(objectClass=groupOfNames)(|(cn=%s)(cn=%s)))", + GROUP1_NAME, + GROUP2_NAME)) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER2.credentialsWithId()); + testCase.assertAuthenticatePasses(USER2.credentialsWithDn()); /* the following test uses a query that returns a group and a user entry. the ldap atn should use the groupMembershipKey to identify the users for the returned group and the authentication should succeed for the users of that group as well as the lone user4 in this case */ - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com:uid=%s,ou=People,dc=example,dc=com"); - // following query should return group1 and user2 - ldapProperties.put("hive.server2.authentication.ldap.customLDAPQuery", - "(|(&(objectClass=groupOfNames)(cn=group1))(&(objectClass=person)(sn=user4)))"); - initLdapAtn(); - - user = USER1.getUID(); - try { - ldapProvider.Authenticate(user, USER1.getPassword()); - assertTrue("testCustomQueryWithGroupsPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER4.getUID(); - ldapProvider.Authenticate(user, USER4.getPassword()); - assertTrue("testCustomQueryWithGroupsPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testCustomQueryWithGroupsPositive: Authentication failed for " + user + ",user expected to pass custom LDAP Query"); - } - - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com:uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupMembershipKey", "uniqueMember"); - ldapProperties.put("hive.server2.authentication.ldap.customLDAPQuery", - "(&(objectClass=groupOfUniqueNames)(cn=group4))"); - initLdapAtn(); - - user = USER4.getDN(); - try { - ldapProvider.Authenticate(user, USER4.getPassword()); - assertTrue("testCustomQueryWithGroupsPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER4.getUID(); - ldapProvider.Authenticate(user, USER4.getPassword()); - assertTrue("testCustomQueryWithGroupsPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testCustomQueryWithGroupsPositive: Authentication failed for " + user + ",user expected to pass custom LDAP Query"); - } + testCase = defaultBuilder() + .baseDN("dc=example,dc=com") + .userDNPatterns( + "cn=%s,ou=People,dc=example,dc=com", + "uid=%s,ou=People,dc=example,dc=com") + .customQuery( + String.format("(|(&(objectClass=groupOfNames)(cn=%s))(&(objectClass=person)(sn=%s)))", + GROUP1_NAME, + USER4.getId())) + .build(); + + testCase.assertAuthenticatePasses(USER1.credentialsWithId()); + testCase.assertAuthenticatePasses(USER1.credentialsWithDn()); + testCase.assertAuthenticatePasses(USER4.credentialsWithId()); + testCase.assertAuthenticatePasses(USER4.credentialsWithDn()); + + + testCase = defaultBuilder() + .baseDN("dc=example,dc=com") + .userDNPatterns( + "cn=%s,ou=People,dc=example,dc=com", + "uid=%s,ou=People,dc=example,dc=com") + .groupMembership("uniqueMember") + .customQuery( + String.format("(&(objectClass=groupOfUniqueNames)(cn=%s))", + GROUP4_NAME)) + .build(); + + testCase.assertAuthenticatePasses(USER4.credentialsWithId()); + testCase.assertAuthenticatePasses(USER4.credentialsWithDn()); } @Test - public void testCustomQueryWithGroupsNegative() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.baseDN", "dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com:uid=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.customLDAPQuery", - "(&(objectClass=groupOfNames)(|(cn=group1)(cn=group2)))"); - initLdapAtn(); - - user = USER3.getDN(); - try { - ldapProvider.Authenticate(user, USER3.getPassword()); - Assert.fail("testCustomQueryNegative: Authentication succeeded for " + user + ",user expected to fail custom LDAP Query"); - } catch (AuthenticationException e) { - assertTrue("testCustomQueryNegative: Authentication failed for " + user + " as expected", true); - } - - try { - user = USER3.getUID(); - ldapProvider.Authenticate(user, USER3.getPassword()); - Assert.fail("testCustomQueryNegative: Authentication succeeded for " + user + ",user expected to fail custom LDAP Query"); - } catch (AuthenticationException e) { - assertTrue("testCustomQueryNegative: Authentication failed for " + user + " as expected", true); - } + public void testCustomQueryWithGroupsNegative() { + testCase = defaultBuilder() + .baseDN("dc=example,dc=com") + .userDNPatterns( + "cn=%s,ou=People,dc=example,dc=com", + "uid=%s,ou=People,dc=example,dc=com") + .customQuery( + String.format("(&(objectClass=groupOfNames)(|(cn=%s)(cn=%s)))", + GROUP1_NAME, + GROUP2_NAME)) + .build(); + + testCase.assertAuthenticateFails(USER3.credentialsWithDn()); + testCase.assertAuthenticateFails(USER3.credentialsWithId()); } @Test - public void testGroupFilterPositiveWithCustomGUID() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "cn=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.guidKey", "cn"); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group3"); - initLdapAtn(); - - user = USER3.getDN(); - try { - ldapProvider.Authenticate(user, USER3.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER3.getUID(); - ldapProvider.Authenticate(user, USER3.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testGroupFilterPositive: Authentication failed for " + user + ",user expected to pass groupfilter"); - } + public void testGroupFilterPositiveWithCustomGUID() { + testCase = defaultBuilder() + .userDNPatterns("cn=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("cn=%s,ou=Groups,dc=example,dc=com") + .groupFilters(GROUP3_NAME) + .guidKey("cn") + .build(); + + testCase.assertAuthenticatePasses(USER3.credentialsWithId()); + testCase.assertAuthenticatePasses(USER3.credentialsWithDn()); } @Test - public void testGroupFilterPositiveWithCustomAttributes() throws Exception { - String user; - ldapProperties.put("hive.server2.authentication.ldap.userDNPattern", "cn=%s,ou=People,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupDNPattern", "cn=%s,ou=Groups,dc=example,dc=com"); - ldapProperties.put("hive.server2.authentication.ldap.groupFilter", "group4"); - ldapProperties.put("hive.server2.authentication.ldap.guidKey", "cn"); - ldapProperties.put("hive.server2.authentication.ldap.groupMembershipKey", "uniqueMember"); - ldapProperties.put("hive.server2.authentication.ldap.groupClassKey", "groupOfUniqueNames"); - initLdapAtn(); - - user = USER4.getDN(); - try { - ldapProvider.Authenticate(user, USER4.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - - user = USER4.getUID(); - ldapProvider.Authenticate(user, USER4.getPassword()); - assertTrue("testGroupFilterPositive: Authentication succeeded for " + user + " as expected", true); - } catch (AuthenticationException e) { - Assert.fail("testGroupFilterPositive: Authentication failed for " + user + ",user expected to pass groupfilter"); - } - - } - - private static class User { - String uid; - String pwd; - String ldapDN; - - User(String uid, String password, String ldapDN) { - this.uid = uid; - this.pwd = password; - this.ldapDN = ldapDN; - } - - public String getUID() { - return uid; - } - - public String getPassword() { - return pwd; - } - - public String getDN() { - return ldapDN; - } + public void testGroupFilterPositiveWithCustomAttributes() { + testCase = defaultBuilder() + .userDNPatterns("cn=%s,ou=People,dc=example,dc=com") + .groupDNPatterns("cn=%s,ou=Groups,dc=example,dc=com") + .groupFilters(GROUP4_NAME) + .guidKey("cn") + .groupMembership("uniqueMember") + .groupClassKey("groupOfUniqueNames") + .build(); + + testCase.assertAuthenticatePasses(USER4.credentialsWithId()); + testCase.assertAuthenticatePasses(USER4.credentialsWithDn()); } } - http://git-wip-us.apache.org/repos/asf/hive/blob/8888fe4d/service/src/test/org/apache/hive/service/auth/ldap/LdapAuthenticationTestCase.java ---------------------------------------------------------------------- diff --git a/service/src/test/org/apache/hive/service/auth/ldap/LdapAuthenticationTestCase.java b/service/src/test/org/apache/hive/service/auth/ldap/LdapAuthenticationTestCase.java new file mode 100644 index 0000000..acde8c1 --- /dev/null +++ b/service/src/test/org/apache/hive/service/auth/ldap/LdapAuthenticationTestCase.java @@ -0,0 +1,142 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hive.service.auth.ldap; + +import javax.security.sasl.AuthenticationException; + +import com.google.common.base.Joiner; +import com.google.common.base.Preconditions; +import java.util.EnumMap; +import java.util.Map; +import org.apache.directory.server.ldap.LdapServer; +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hive.service.auth.LdapAuthenticationProviderImpl; +import org.junit.Assert; + +public final class LdapAuthenticationTestCase { + + private final LdapAuthenticationProviderImpl ldapProvider; + + public static Builder builder() { + return new Builder(); + } + + private LdapAuthenticationTestCase(Builder builder) { + this.ldapProvider = new LdapAuthenticationProviderImpl(builder.conf); + } + + public void assertAuthenticatePasses(Credentials credentials) { + try { + ldapProvider.Authenticate(credentials.getUser(), credentials.getPassword()); + } catch (AuthenticationException e) { + String message = String.format("Authentication failed for user '%s' with password '%s'", + credentials.getUser(), credentials.getPassword()); + throw new AssertionError(message, e); + } + } + + public void assertAuthenticateFails(Credentials credentials) { + assertAuthenticateFails(credentials.getUser(), credentials.getPassword()); + } + + public void assertAuthenticateFailsUsingWrongPassword(Credentials credentials) { + assertAuthenticateFails(credentials.getUser(), "not" + credentials.getPassword()); + } + + public void assertAuthenticateFails(String user, String password) { + try { + ldapProvider.Authenticate(user, password); + Assert.fail(String.format("Expected authentication to fail for %s", user)); + } catch (AuthenticationException expected) { + Assert.assertNotNull("Expected authentication exception", expected); + } + } + + public static final class Builder { + + private final Map<HiveConf.ConfVars, String> overrides = new EnumMap<>(HiveConf.ConfVars.class); + private HiveConf conf; + + public Builder baseDN(String baseDN) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, baseDN); + } + + public Builder guidKey(String guidKey) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GUIDKEY, guidKey); + } + + public Builder userDNPatterns(String... userDNPatterns) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, + Joiner.on(':').join(userDNPatterns)); + } + + public Builder userFilters(String... userFilters) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, + Joiner.on(',').join(userFilters)); + } + + public Builder groupDNPatterns(String... groupDNPatterns) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, + Joiner.on(':').join(groupDNPatterns)); + } + + public Builder groupFilters(String... groupFilters) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, + Joiner.on(',').join(groupFilters)); + } + + public Builder groupClassKey(String groupClassKey) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPCLASS_KEY, groupClassKey); + } + + public Builder ldapServer(LdapServer ldapServer) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_URL, + "ldap://localhost:"; + ldapServer.getPort()); + } + + public Builder customQuery(String customQuery) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY, customQuery); + } + + public Builder groupMembership(String groupMembership) { + return setVarOnce(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPMEMBERSHIP_KEY, groupMembership); + } + + private Builder setVarOnce(HiveConf.ConfVars confVar, String value) { + Preconditions.checkState(!overrides.containsKey(confVar), + "Property %s has been set already", confVar); + overrides.put(confVar, value); + return this; + } + + private void overrideHiveConf() { + conf.set("hive.root.logger", "DEBUG,console"); + for (Map.Entry<HiveConf.ConfVars, String> entry : overrides.entrySet()) { + conf.setVar(entry.getKey(), entry.getValue()); + } + } + + public LdapAuthenticationTestCase build() { + Preconditions.checkState(conf == null, + "Test Case Builder should not be reused. Please create a new instance."); + conf = new HiveConf(); + overrideHiveConf(); + return new LdapAuthenticationTestCase(this); + } + } +} http://git-wip-us.apache.org/repos/asf/hive/blob/8888fe4d/service/src/test/org/apache/hive/service/auth/ldap/User.java ---------------------------------------------------------------------- diff --git a/service/src/test/org/apache/hive/service/auth/ldap/User.java b/service/src/test/org/apache/hive/service/auth/ldap/User.java new file mode 100644 index 0000000..a7aa1aa --- /dev/null +++ b/service/src/test/org/apache/hive/service/auth/ldap/User.java @@ -0,0 +1,99 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hive.service.auth.ldap; + +import com.google.common.base.Preconditions; + +public final class User { + + private final String dn; + private final String id; + private final String password; + + private User(Builder builder) { + dn = builder.dn; + id = builder.id; + password = builder.password; + } + + public String getDn() { + return dn; + } + + public String getId() { + return id; + } + + public String getPassword() { + return password; + } + + public static Builder builder() { + return new Builder(); + } + + public Credentials credentialsWithDn() { + return Credentials.of(dn, password); + } + + public Credentials credentialsWithId() { + return Credentials.of(id, password); + } + + public static final class Builder { + private String dn; + private String id; + private String password; + + private Builder() { + } + + public Builder dn(String dn) { + Preconditions.checkNotNull(dn, "DN should not be NULL"); + Preconditions.checkState(this.dn == null, "DN has been set already"); + this.dn = dn; + return this; + } + + public Builder id(String id) { + Preconditions.checkNotNull(id, "ID should not be NULL"); + Preconditions.checkState(this.id == null, "ID has been set already"); + this.id = id; + return this; + } + + public Builder password(String password) { + Preconditions.checkNotNull(password, "Password should not be NULL"); + Preconditions.checkState(this.password == null, "Password has been set already"); + this.password = password; + return this; + } + + public Builder useIdForPassword() { + Preconditions.checkState(this.id != null, "User ID has not been set"); + return password(id); + } + + public User build() { + Preconditions.checkNotNull(this.dn, "DN is required"); + Preconditions.checkNotNull(this.id, "ID is required"); + Preconditions.checkNotNull(this.password, "Password is required"); + return new User(this); + } + } +}
