directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r109953 - in incubator/directory/eve/trunk/jndi-provider/src: java/org/apache/eve java/org/apache/eve/jndi java/org/apache/eve/jndi/ibs test/org/apache/eve/jndi
Date Mon, 06 Dec 2004 06:30:21 GMT
Author: akarasulu
Date: Sun Dec  5 22:30:20 2004
New Revision: 109953

URL: http://svn.apache.org/viewcvs?view=rev&rev=109953
Log:
Changes ...

 o reimplemented authentication functionality to be really simple
   - uid=admin,ou=system is the super-user with password secret on 1st start
   - admin must change passwd afterwords
   - no defaults all is simple
   - users that have a userPassword can authenticate: try example non-super-user
     uid=akarasulu,ou=users,ou=system
 o corrected some dependent functionality in authorization module
 o cleaned up in general 
 o removed all test functionality that depended on system pw being set
 
Notes: 

 o I was sloppy - somebody should cleanup all the constants and start using
   the constant for passwd for example rather than "secret" 

Modified:
   incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
   incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java
   incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
   incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
   incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java
   incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java
   incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java
   incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java
   incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
   incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java

Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
Sun Dec  5 22:30:20 2004
@@ -43,12 +43,14 @@
 {
     /** the default user principal or DN */
     public final static String ADMIN_PRINCIPAL = "uid=admin,ou=system";
+    /** the admin super user uid */
+    public final static String ADMIN_UID = "admin";
+    /** the initial admin passwd set on startup */
+    public static final byte[] ADMIN_PW = "secret".getBytes();
     /** the base dn under which all users reside */
     public final static String USERS_BASE_DN = "ou=users,ou=system";
     /** the base dn under which all groups reside */
     public final static String GROUPS_BASE_DN = "ou=groups,ou=system";
-    /** the admin super user uid */
-    public final static String ADMIN_UID = "admin";
 
     /**
      * System backend suffix constant.  Should be kept down to a single Dn name 

Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java
Sun Dec  5 22:30:20 2004
@@ -17,21 +17,17 @@
 package org.apache.eve.jndi;
 
 
-import java.util.Hashtable;
 import javax.naming.Context;
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.Attribute;
 
 import org.apache.eve.RootNexus;
-import org.apache.eve.SystemPartition;
 import org.apache.eve.auth.LdapPrincipal;
 import org.apache.ldap.common.exception.*;
 import org.apache.ldap.common.message.ResultCodeEnum;
 import org.apache.ldap.common.util.ArrayUtils;
 import org.apache.ldap.common.name.LdapName;
-import org.apache.ldap.common.name.NameComponentNormalizer;
-import org.apache.ldap.common.name.DnParser;
 
 
 /**
@@ -42,17 +38,17 @@
  */
 public class AuthenticationService implements Interceptor
 {
-
-    private static final String TYPE = Context.SECURITY_AUTHENTICATION;
+    /** short for Context.SECURITY_AUTHENTICATION */
+    private static final String AUTH_TYPE = Context.SECURITY_AUTHENTICATION;
+    /** short for Context.SECURITY_PRINCIPAL */
     private static final String PRINCIPAL = Context.SECURITY_PRINCIPAL;
-    private static final String ADMIN = SystemPartition.ADMIN_PRINCIPAL;
+    /** short for Context.SECURITY_CREDENTIALS */
+    private static final String CREDS = Context.SECURITY_CREDENTIALS;
 
     /** the root nexus to all database partitions */
     private final RootNexus nexus;
     /** whether or not to allow anonymous users */
     private boolean allowAnonymous = false;
-    /** the normalizing DnParser to use while parsing names */
-    private final DnParser parser;
 
 
     /**
@@ -60,49 +56,97 @@
      *
      * @param nexus the root nexus to access all database partitions
      */
-    public AuthenticationService( RootNexus nexus, NameComponentNormalizer normalizer,
-                                  boolean allowAnonymous ) throws NamingException
+    public AuthenticationService( RootNexus nexus, boolean allowAnonymous )
     {
         this.nexus = nexus;
         this.allowAnonymous = allowAnonymous;
-        this.parser = new DnParser( normalizer );
     }
 
 
     public void invoke( Invocation invocation ) throws NamingException
     {
+        // only handle preinvocation state
         if ( invocation.getState() != InvocationStateEnum.PREINVOCATION )
         {
             return;
         }
 
+        // check if we are already authenticated and if so we return making
+        // sure first that the credentials are not exposed within context
         EveContext ctx = ( EveLdapContext ) invocation.getContextStack().peek();
         if ( ctx.getPrincipal() != null )
         {
-            if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
+            if ( ctx.getEnvironment().containsKey( CREDS ) )
             {
-                ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
+                ctx.removeFromEnvironment( CREDS );
             }
 
             return;
         }
 
-        String principal = getPrincipal( ctx.getEnvironment() );
+        // check the kind of authentication being performed
+        if ( ctx.getEnvironment().containsKey( AUTH_TYPE ) )
+        {
+            // authentication type can be anything
+
+            String auth = ( String ) ctx.getEnvironment().get( AUTH_TYPE );
+            if ( auth.equalsIgnoreCase( "none" ) )
+            {
+                doAuthNone( ctx );
+            }
+            else if ( auth.equalsIgnoreCase( "simple" ) )
+            {
+                doAuthSimple( ctx );
+            }
+            else
+            {
+                doAuthSasl( ctx );
+            }
+        }
+        else if ( ctx.getEnvironment().containsKey( CREDS ) )
+        {
+            // authentication type is simple here
+            doAuthSimple( ctx );
+        }
+        else
+        {
+            // authentication type is anonymous
+            doAuthNone( ctx );
+        }
+
+        // remove creds so there is no security risk
+        ctx.removeFromEnvironment( CREDS );
+    }
+
+
+    private void doAuthSasl( EveContext ctx ) throws NamingException
+    {
+        ctx.getEnvironment(); // shut's up idea's yellow light
+        ResultCodeEnum rc = ResultCodeEnum.AUTHMETHODNOTSUPPORTED; 
+        throw new LdapAuthenticationNotSupportedException( rc );
+    }
+
 
-        if ( principal.length() == 0 )
+    private void doAuthNone( EveContext ctx ) throws NamingException
+    {
+        if ( this.allowAnonymous )
         {
             if ( allowAnonymous )
             {
                 ctx.setPrincipal( LdapPrincipal.ANONYMOUS );
-                return;
             }
             else
             {
                 throw new LdapNoPermissionException( "Anonymous bind NOT permitted!" );
             }
         }
+    }
+
+
+    private void doAuthSimple( EveContext ctx ) throws NamingException
+    {
+        Object creds = ctx.getEnvironment().get( CREDS );
 
-        Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
         if ( creds == null )
         {
             creds = ArrayUtils.EMPTY_BYTE_ARRAY;
@@ -112,6 +156,21 @@
             creds = ( ( String ) creds ).getBytes();
         }
 
+        // let's get the principal now
+        String principal;
+        if ( ! ctx.getEnvironment().containsKey( PRINCIPAL ) )
+        {
+            throw new LdapAuthenticationException();
+        }
+        else
+        {
+            principal = ( String ) ctx.getEnvironment().get( PRINCIPAL );
+            if ( principal == null )
+            {
+                throw new LdapAuthenticationException();
+            }
+        }
+
         LdapName principalDn = new LdapName( principal );
         Attributes userEntry = nexus.lookup( principalDn );
         if ( userEntry == null )
@@ -139,89 +198,6 @@
             throw new LdapAuthenticationException();
         }
 
-        synchronized( parser )
-        {
-            ctx.setPrincipal( new LdapPrincipal( parser.parse( principal ) ) );
-        }
-
-        // remove creds so there is no security risk
-        ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
-    }
-
-
-    /**
-     * Gets the effective principal associated with a JNDI context's environment.
-     *
-     * @param env the JNDI Context environment
-     * @return the effective principal
-     * @throws NamingException if certain properties are not present or present
-     * in wrong values or present in the wrong combinations
-     */
-    private String getPrincipal( Hashtable env ) throws NamingException
-    {
-        if ( "strong".equalsIgnoreCase( ( String ) env.get( TYPE ) ) )
-        {
-            throw new LdapAuthenticationNotSupportedException( ResultCodeEnum.AUTHMETHODNOTSUPPORTED
);
-        }
-
-        // --------------------------------------------------------------------
-        // if both the authtype and principal keys not defined then the
-        // princial is set to the admin user for the system
-        // --------------------------------------------------------------------
-        if ( ! env.containsKey( TYPE ) && ! env.containsKey( PRINCIPAL ) )
-        {
-            return SystemPartition.ADMIN_PRINCIPAL;
-        }
-
-        // the authtype is set but the principal is not
-        if ( env.containsKey( TYPE ) && ! env.containsKey( PRINCIPAL ) )
-        {
-            Object val = env.get( TYPE );
-
-            // princial is set to the anonymous user if authType is "none"
-            if ( "none".equalsIgnoreCase( ( String ) val ) )
-            {
-                return "";
-            }
-            // princial is set to the admin user if authType is "simple"
-            else if ( "simple".equalsIgnoreCase( ( String ) val ) )
-            {
-                return ADMIN;
-            }
-
-            // blow chuncks if we see any other authtype values
-            throw new LdapConfigurationException( "Unknown value for property " + TYPE +
": " + val );
-        }
-
-        // both are set
-        if ( env.containsKey( TYPE ) && env.containsKey( PRINCIPAL ) )
-        {
-            Object val = env.get( TYPE );
-
-            // princial is set to the anonymous user if authType is "none"
-            if ( "none".equalsIgnoreCase( ( String ) val ) )
-            {
-                String msg = "Ambiguous configuration: " + TYPE;
-                msg += " is set to none and the security principal";
-                msg += " is set using " + PRINCIPAL + " as well";
-                throw new LdapConfigurationException( msg );
-            }
-            // princial is set to the admin user if authType is "simple"
-            else if ( "simple".equalsIgnoreCase( ( String ) val ) )
-            {
-                return ( String ) env.get( PRINCIPAL );
-            }
-
-            // blow chuncks if we see any other authtype values
-            throw new LdapConfigurationException( "Unknown value for property " + TYPE +
": " + val );
-        }
-
-        // we have the principal key so we set that as the value
-        if ( env.containsKey( PRINCIPAL ) )
-        {
-            return ( String ) env.get( PRINCIPAL );
-        }
-
-        return ADMIN;
+        ctx.setPrincipal( new LdapPrincipal( principalDn ) );
     }
 }

Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
Sun Dec  5 22:30:20 2004
@@ -36,7 +36,6 @@
 import org.apache.ldap.common.schema.Normalizer;
 import org.apache.ldap.common.message.LockableAttributesImpl;
 import org.apache.ldap.common.message.ResultCodeEnum;
-import org.apache.ldap.common.util.ArrayUtils;
 import org.apache.ldap.common.util.DateUtils;
 import org.apache.ldap.common.util.PropertiesUtils;
 import org.apache.ldap.common.ldif.LdifIterator;
@@ -306,21 +305,12 @@
         attributes.put( "objectClass", "organizationalPerson" );
         attributes.put( "objectClass", "inetOrgPerson" );
         attributes.put( "uid", SystemPartition.ADMIN_UID );
+        attributes.put( "userPassword", SystemPartition.ADMIN_PW );
         attributes.put( "displayName", "Directory Superuser" );
         attributes.put( "creatorsName", ADMIN );
         attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
         attributes.put( "displayName", "Directory Superuser" );
 
-        if ( initialEnv.containsKey( Context.SECURITY_CREDENTIALS ) )
-        {
-            attributes.put( "userPassword", initialEnv.get(
-                    Context.SECURITY_CREDENTIALS ) );
-        }
-        else
-        {
-            attributes.put( "userPassword", ArrayUtils.EMPTY_BYTE_ARRAY );
-        }
-
         nexus.add( ADMIN, ADMIN_NAME, attributes );
         return true;
     }
@@ -430,9 +420,7 @@
             InvocationStateEnum.PREINVOCATION
         };
         boolean allowAnonymous = initialEnv.containsKey( ANONYMOUS_ENV );
-        ConcreteNameComponentNormalizer normalizer;
-        normalizer = new ConcreteNameComponentNormalizer( globalRegistries.getAttributeTypeRegistry()
);
-        Interceptor interceptor = new AuthenticationService( nexus, normalizer, allowAnonymous
);
+        Interceptor interceptor = new AuthenticationService( nexus, allowAnonymous );
         provider.addInterceptor( interceptor, state );
 
         /*
@@ -449,6 +437,9 @@
          * interceptor chain.
          */
         state = new InvocationStateEnum[]{ InvocationStateEnum.PREINVOCATION };
+        ConcreteNameComponentNormalizer normalizer;
+        AttributeTypeRegistry atr = globalRegistries.getAttributeTypeRegistry();
+        normalizer = new ConcreteNameComponentNormalizer( atr );
         interceptor = new AuthorizationService( normalizer, filterService );
         provider.addInterceptor( interceptor, state );
 

Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
Sun Dec  5 22:30:20 2004
@@ -336,6 +336,12 @@
             {
                 if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) )
                 {
+                    // allow for self reads
+                    if ( dn.toString().equals( principalDn.toString() ) )
+                    {
+                        return;
+                    }
+
                     String msg = "Access to user account '" + dn + "' not permitted";
                     msg += " for user '" + principalDn + "'.  Only the admin can";
                     msg += " access user account information";
@@ -344,6 +350,12 @@
 
                 if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN ) )
                 {
+                    // allow for self reads
+                    if ( dn.toString().equals( principalDn.toString() ) )
+                    {
+                        return;
+                    }
+
                     String msg = "Access to group '" + dn + "' not permitted";
                     msg += " for user '" + principalDn + "'.  Only the admin can";
                     msg += " access group information";
@@ -352,6 +364,12 @@
 
                 if ( dn.equals( ADMIN_DN ) )
                 {
+                    // allow for self reads
+                    if ( dn.toString().equals( principalDn.toString() ) )
+                    {
+                        return;
+                    }
+
                     String msg = "Access to admin account not permitted for user '";
                     msg += principalDn + "'.  Only the admin can";
                     msg += " access admin account information";

Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java
Sun Dec  5 22:30:20 2004
@@ -64,16 +64,14 @@
         doDelete( new File( "target" + File.separator + "eve" ) );
 
         extras.put( EveContextFactory.EVE_LDAP_PORT,
-                String.valueOf( AvailablePortFinder.getNextAvailable( 1025 ) ) );
+                String.valueOf( AvailablePortFinder.getNextAvailable( 1024 ) ) );
 
-        setSysRoot( "uid=admin,ou=system", "testing" );
+        setSysRoot( "uid=admin,ou=system", "secret" );
     }
 
 
     /**
      * Deletes the Eve working directory.
-     *
-     * @throws IOException if there are failures while deleting.
      */
     protected void doDelete( File wkdir )
     {
@@ -148,7 +146,7 @@
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
         env.put( EveContextFactory.SHUTDOWN_OP_ENV, "" );
         env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
-        env.put( Context.SECURITY_CREDENTIALS, "testing" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         try { new InitialContext( env ); } catch( Exception e ) {}
         sysRoot = null;
     }

Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java
Sun Dec  5 22:30:20 2004
@@ -108,7 +108,8 @@
     {
         Hashtable env = new Hashtable();
         env.put( Context.PROVIDER_URL, "dc=example" );
-        env.put( Context.SECURITY_CREDENTIALS, "testing" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
         InitialContext initialContext = new InitialContext( env );
         DirContext appRoot = ( DirContext ) initialContext.lookup( "" );
@@ -128,7 +129,8 @@
     {
         Hashtable env = new Hashtable();
         env.put( Context.PROVIDER_URL, "ou=testing" );
-        env.put( Context.SECURITY_CREDENTIALS, "testing" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
         InitialContext initialContext = new InitialContext( env );
         DirContext appRoot = ( DirContext ) initialContext.lookup( "" );

Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java
Sun Dec  5 22:30:20 2004
@@ -88,7 +88,7 @@
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
         env.put( EveContextFactory.SHUTDOWN_OP_ENV, "" );
         env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
-        env.put( Context.SECURITY_CREDENTIALS, "testing" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         try { new InitialContext( env ); } catch( Exception e ) {}
     }
 
@@ -104,6 +104,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );
@@ -121,6 +123,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );
@@ -141,6 +145,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );
@@ -164,6 +170,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );
@@ -196,6 +204,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );
@@ -228,6 +238,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );
@@ -262,6 +274,8 @@
         Hashtable env = new Hashtable();
         env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
         env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
         InitialContext initCtx = new InitialContext( env );
         assertNotNull( initCtx );

Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java
Sun Dec  5 22:30:20 2004
@@ -44,7 +44,7 @@
 
         try
         {
-            setSysRoot( "uid=admin,ou=system", "testing" );
+            setSysRoot( "uid=admin,ou=system", "secret" );
         }
         finally
         {
@@ -66,7 +66,7 @@
 
         try
         {
-            setSysRoot( "uid=admin,ou=system", "testing" );
+            setSysRoot( "uid=admin,ou=system", "secret" );
         }
         finally
         {
@@ -76,6 +76,6 @@
         assertNotNull( sysRoot );
 
         // restart the system now
-        setSysRoot( "uid=admin,ou=system", "testing" );
+        setSysRoot( "uid=admin,ou=system", "secret" );
     }
 }

Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
Sun Dec  5 22:30:20 2004
@@ -18,10 +18,11 @@
 
 
 import java.io.File;
-import java.io.IOException;
 import java.util.Hashtable;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.Attribute;
 import javax.naming.*;
 import javax.naming.ldap.LdapContext;
 import javax.naming.ldap.InitialLdapContext;
@@ -42,10 +43,8 @@
 {
     /**
      * Cleans up old database files on creation.
-     *
-     * @throws IOException if we can't clean the files
      */
-    public SimpleAuthenticationTest() throws IOException
+    public SimpleAuthenticationTest()
     {
         doDelete( new File( "target" + File.separator + "eve" ) );
     }
@@ -58,11 +57,9 @@
      *   <li>sets doDelete to false for test1AdminAccountCreation</li>
      *   <li>sets doDelete to false for test2AccountExistsOnRestart</li>
      *   <li>sets doDelete to true for all other cases</li>
-     *   <li>bypasses normal setup for test3BuildDbNoNothing</li>
      *   <li>bypasses normal setup for test5BuildDbNoPassWithPrincAuthNone</li>
      *   <li>bypasses normal setup for test4BuildDbNoPassNoPrincAuthNone</li>
      *   <li>bypasses normal setup for test6BuildDbNoPassNotAdminPrinc</li>
-     *   <li>bypasses normal setup for test7BuildDbNoPassNoPrincAuthNoneAnonOff</li>
      * </ul>
      *
      * @throws Exception
@@ -79,10 +76,8 @@
             super.doDelete = true;
         }
 
-        if ( getName().equals( "test3BuildDbNoNothing" ) ||
-             getName().equals( "test5BuildDbNoPassWithPrincAuthNone" ) ||
+        if ( getName().equals( "test5BuildDbNoPassWithPrincAuthNone" ) ||
                 getName().equals( "test6BuildDbNoPassNotAdminPrinc" ) ||
-                getName().equals( "test7BuildDbNoPassNoPrincAuthNoneAnonOff" ) ||
              getName().equals( "test4BuildDbNoPassNoPrincAuthNone" ) )
         {
             return;
@@ -118,7 +113,7 @@
         DirContext ctx = ( DirContext ) sysRoot.lookup( "uid=admin" );
         Attributes attrs = ctx.getAttributes( "" );
         performAdminAccountChecks( attrs );
-        assertTrue( attrs.get( "userPassword" ).contains( "testing" ) );
+        assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), "secret".getBytes()
));
     }
 
 
@@ -133,38 +128,40 @@
         Attributes attrs = ctx.getAttributes( "" );
 
         performAdminAccountChecks( attrs );
-        assertTrue( attrs.get( "userPassword" ).contains( "testing" ) );
+        assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), "secret".getBytes()
));
     }
 
 
-    /**
-     * Checks that we can give basically the minimal set of properties without
-     * any security information to build and bootstrap a new system.  The admin
-     * user is presumed and no password is set.  The admin password defaults to
-     * the empty byte array.
-     *
-     * @throws Exception if there are problems
-     */
-    public void test3BuildDbNoNothing() throws Exception
+    public void test3UseAkarasulu() throws NamingException
     {
-        // clean out the database
-        doDelete( new File( "target" + File.separator + "eve" ) );
-        LdapContext ctx = setSysRoot( new Hashtable() );
-        Attributes attributes = ctx.getAttributes( "uid=admin" );
-        assertNotNull( attributes );
-
-        // Eve has started now so we access another context w/o the wkdir
+        // now go in as anonymous user and we should be rejected
         Hashtable env = new Hashtable();
         env.put( Context.PROVIDER_URL, "ou=system" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "test" );
+        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
-        InitialContext initial = new InitialContext( env );
-        ctx = ( LdapContext ) initial.lookup( "uid=admin" );
-        assertNotNull( ctx );
-        attributes = ctx.getAttributes( "" );
-        assertNotNull( attributes );
-
-        performAdminAccountChecks( attributes );
-        assertTrue( attributes.get( "userPassword" ).contains( ArrayUtils.EMPTY_BYTE_ARRAY
) );
+        InitialDirContext ic = new InitialDirContext( env );
+        Attributes attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
+        Attribute ou = attrs.get( "ou" );
+        assertTrue( ou.contains( "Engineering" ) );
+        assertTrue( ou.contains( "People" ) );
+
+        Attribute objectClass = attrs.get( "objectClass" );
+        assertTrue( objectClass.contains( "top" ) );
+        assertTrue( objectClass.contains( "person" ) );
+        assertTrue( objectClass.contains( "organizationalPerson" ) );
+        assertTrue( objectClass.contains( "inetOrgPerson" ) );
+
+        assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
+        assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
+        assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
+        assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
+        assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
+        assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
+        assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
+        assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" )
);
+        assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
     }
 
 
@@ -281,40 +278,6 @@
 
 
     /**
-     * Tests to make sure we throw an error when Context.SECURITY_AUTHENTICATION
-     * is set to "none" when trying to get a context from an already
-     * bootstrapped system when anonymous users are not turned on.
-     *
-     * @throws Exception if anything goes wrong
-     */
-    public void test7BuildDbNoPassNoPrincAuthNoneAnonOff() throws Exception
-    {
-        // clean out the database
-        tearDown();
-        doDelete( new File( "target" + File.separator + "eve" ) );
-
-        // ok this should start up the system now as admin
-        InitialLdapContext ctx = ( InitialLdapContext ) setSysRoot( new Hashtable() );
-        assertNotNull( ctx );
-
-        // now go in as anonymous user and we should be rejected
-        Hashtable env = new Hashtable();
-        env.put( Context.PROVIDER_URL, "ou=system" );
-        env.put( Context.SECURITY_AUTHENTICATION, "none" );
-        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
-
-        try
-        {
-            new InitialContext( env );
-            fail( "should never get here due to an exception" );
-        }
-        catch ( NoPermissionException e )
-        {
-        }
-    }
-
-
-    /**
      * Tests to make sure we can authenticate after the database has already
      * been build as the admin user when simple authentication is in effect.
      *
@@ -326,7 +289,7 @@
         Hashtable env = new Hashtable();
         env.put( Context.PROVIDER_URL, "ou=system" );
         env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
-        env.put( Context.SECURITY_CREDENTIALS, "testing" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory"
);
         assertNotNull( new InitialContext( env ) );

Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java
(original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java
Sun Dec  5 22:30:20 2004
@@ -37,7 +37,7 @@
     public void testSyncNoException() throws Exception
     {
         overrides.put( EveContextFactory.SYNC_OP_ENV, "true" );
-        sysRoot = setSysRoot( "uid=admin,ou=system", "testing" );
+        sysRoot = setSysRoot( "uid=admin,ou=system", "secret" );
         assertNotNull( sysRoot );
     }
 
@@ -51,7 +51,7 @@
     public void testPostSyncLookup() throws Exception
     {
         overrides.put( EveContextFactory.SYNC_OP_ENV, "true" );
-        sysRoot = setSysRoot( "uid=admin,ou=system", "testing" );
+        sysRoot = setSysRoot( "uid=admin,ou=system", "secret" );
         Attributes users = sysRoot.getAttributes( "ou=users" );
 
         // assert making sure the entry is ok

Mime
View raw message