directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbenn...@apache.org
Subject svn commit: r486187 [25/49] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/ admin-api/src/main/ admin-api/src/main/java/ admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/ admin-api/src/main/java/org/safehaus/triplesec/ a...
Date Tue, 12 Dec 2006 15:24:14 GMT
Added: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java (added)
+++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,850 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.store.interceptor;
+
+
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SchemaViolationException;
+
+import junit.framework.Assert;
+
+import org.apache.directory.server.core.unit.AbstractAdminTestCase;
+import org.apache.directory.server.core.schema.bootstrap.SystemSchema;
+import org.apache.directory.server.core.schema.bootstrap.CoreSchema;
+import org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema;
+import org.apache.directory.server.core.configuration.Configuration;
+import org.apache.directory.server.core.configuration.MutablePartitionConfiguration;
+import org.apache.directory.server.core.configuration.MutableInterceptorConfiguration;
+import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
+import org.safehaus.triplesec.store.ProfileObjectFactory;
+import org.safehaus.triplesec.store.ProfileStateFactory;
+import org.safehaus.triplesec.store.schema.SafehausSchema;
+
+
+/**
+ * Test case for the PolicyProtectionInterceptor.
+ *
+ * @author Trustin Lee
+ * @version $Rev: 957 $, $Date: 2006-09-22 09:03:23 -0400 (Fri, 22 Sep 2006) $
+ */
+public class PolicyProtectionInterceptorITest extends AbstractAdminTestCase
+{
+    private DirContext ctx;
+
+
+    public void setUp() throws Exception
+    {
+        Set schemas = super.configuration.getBootstrapSchemas();
+        schemas.add( new CoreSchema() );
+        schemas.add( new SystemSchema() );
+        schemas.add( new Krb5kdcSchema() );
+        schemas.add( new SafehausSchema() );
+        super.configuration.setBootstrapSchemas( schemas );
+        super.configuration.setShutdownHookEnabled( false );
+        super.configuration.setAccessControlEnabled( true );
+        
+        MutablePartitionConfiguration partitionCfg = new MutablePartitionConfiguration();
+        partitionCfg.setName( "example" );
+        partitionCfg.setSuffix( "dc=example,dc=com" );
+        Attributes ctxEntry = new BasicAttributes();
+        ctxEntry.put( "objectClass", "top" );
+        ctxEntry.put( "dc", "example" );
+        partitionCfg.setContextEntry( ctxEntry );
+        partitionCfg.setContextPartition( new JdbmPartition() );
+
+        Set partitions = super.configuration.getContextPartitionConfigurations();
+        partitions.add( partitionCfg );
+        super.configuration.setContextPartitionConfigurations( partitions );
+
+        List interceptors = super.configuration.getInterceptorConfigurations();
+        MutableInterceptorConfiguration interceptorCfg = new MutableInterceptorConfiguration();
+        interceptorCfg.setName( "protector" );
+        interceptorCfg.setInterceptor( new PolicyProtectionInterceptor() );
+        interceptors.add( interceptorCfg );
+        super.configuration.setInterceptorConfigurations( interceptors );
+
+        super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() );
+        super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() );
+        super.setLdifPath( "/interceptor.ldif", getClass() );
+        super.setUp();
+
+        Hashtable env = new Hashtable();
+        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
+        env.put( Context.PROVIDER_URL, "" );
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
+        env.put( Context.SECURITY_CREDENTIALS, "secret" );
+        env.put( Configuration.JNDI_KEY, super.configuration );
+        env.put( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() );
+        env.put( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() );
+
+        ctx = new InitialDirContext( env );
+    }
+
+
+    public void tearDown() throws Exception
+    {
+        super.tearDown();
+    }
+
+
+    public void testAdd() throws Exception
+    {
+        Attribute attr;
+
+        // Adding unrelated entries should be OK.
+        ctx.bind( "ou=test,dc=example,dc=com", null, new BasicAttributes( "objectClass", "top" ) );
+
+        // Test adding permissions
+        Attributes perm = new BasicAttributes();
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( "policyPermission" );
+        perm.put( attr );
+        perm.put( "permName", "permX" );
+
+        _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm );
+
+        // Test adding roles
+        Attributes role = new BasicAttributes();
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( "policyRole" );
+        role.put( attr );
+        role.put( "roleName", "roleX" );
+
+        _testAdd( "roleName=roleX", "roleName=mockRole0", "ou=roles", role );
+
+        // Test adding profiles
+        Attributes profile = new BasicAttributes();
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( "policyProfile" );
+        profile.put( attr );
+        profile.put( "profileId", "profileX" );
+        profile.put( "user", "akarasulu" );
+
+        _testAdd( "profileId=profileX", "profileId=mockProfile0", "ou=profiles", profile );
+        
+        
+        // Test adding a role with non-existing permissions
+        role = new BasicAttributes();
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( "policyRole" );
+        role.put( attr );
+        role.put( "roleName", "roleY" );
+        role.put( "grants", "unknownPerm" );
+        try
+        {
+            ctx.bind(
+                    "roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                    null, role);
+            Assert.fail();
+        }
+        catch( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        // Test adding a profile with a non-existing role
+        profile = new BasicAttributes();
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( "policyProfile" );
+        profile.put( attr );
+        profile.put( "profileId", "profileY" );
+        profile.put( "roles", "unknownRole" );
+        
+        try
+        {
+            ctx.bind(
+                    "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                    null, profile);
+            Assert.fail();
+        }
+        catch( SchemaViolationException e )
+        {
+            // OK
+        }
+        
+        // Test adding a profile with non-existing permissions
+        profile = new BasicAttributes();
+        attr = new BasicAttribute( "objectClass" );
+        attr.add( "top" );
+        attr.add( "policyProfile" );
+        profile.put( attr );
+        profile.put( "uid", "profileY" );
+        profile.put( "grants", "unknownPerm" );
+        
+        try
+        {
+            ctx.bind(
+                    "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                    null, profile);
+            Assert.fail();
+        }
+        catch( SchemaViolationException e )
+        {
+            // OK
+        }
+        
+        // Test adding non-existing permission to a role
+        try
+        {
+            ctx.modifyAttributes(
+                    "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                    DirContext.ADD_ATTRIBUTE,
+                    new BasicAttributes( "grants", "unknownPerm" ) );
+            Assert.fail();
+        }
+        catch( SchemaViolationException e )
+        {
+            // OK
+        }
+        
+        // Test adding non-existing permission to a profile
+        try
+        {
+            ctx.modifyAttributes(
+                    "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                    DirContext.ADD_ATTRIBUTE,
+                    new BasicAttributes( "grants", "unknownPerm" ) );
+            Assert.fail();
+        }
+        catch( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        // Test adding non-existing role to a profile
+        try
+        {
+            ctx.modifyAttributes(
+                    "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                    DirContext.ADD_ATTRIBUTE,
+                    new BasicAttributes( "roles", "unknownRole" ) );
+            Assert.fail();
+        }
+        catch( SchemaViolationException e )
+        {
+            // OK
+        }
+    }
+
+
+    private void _testAdd( String rn, String siblingRN, String parentRN, Attributes entry ) throws NamingException
+    {
+        try
+        {
+            ctx.bind( rn + ", dc=example,dc=com", null, entry );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        try
+        {
+            ctx.bind( rn + ", ou=applications, dc=example,dc=com", null, entry );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        try
+        {
+            ctx.bind( rn + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        Attributes wrongEntry = ( Attributes ) entry.clone();
+        wrongEntry.put( "objectClass", "top" ); // Remove other classes
+
+        try
+        {
+            ctx.bind( rn + ", " + siblingRN + ", " + parentRN
+                + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, wrongEntry );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        ctx.bind( rn + ", " + parentRN + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry );
+
+        try
+        {
+            ctx.bind( rn + ", " + siblingRN + ", " + parentRN
+                + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+    }
+
+
+    public void testDelete() throws Exception
+    {
+        // Test deleting non-policy entries
+        ctx.unbind( "uid=akarasulu, ou=Users, dc=example,dc=com" );
+
+        // Test deleting permissions not in use
+        ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+
+        // Test deleting roles not in use
+        ctx.unbind( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+
+        // Test deleting permissions in use
+        try
+        {
+            ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        // Test deleting roles in use
+        try
+        {
+            ctx.unbind( "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        // Test deleting profiles (should be deleted without any confirmation)
+        ctx.unbind( "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+    }
+
+
+    public void testModify1() throws Exception
+    {
+        // Test modifications on non-policy entry
+        ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", DirContext.ADD_ATTRIBUTE,
+            new BasicAttributes( "telephonenumber", "+1 904 982 6888" ) );
+        ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", DirContext.REMOVE_ATTRIBUTE,
+            new BasicAttributes( "telephonenumber", "+1 904 982 6888" ) );
+
+        // Test modifications on permissions
+
+        // test attribute is not a valid schema defined attribute
+
+        //        ctx.modifyAttributes(
+        //                "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.ADD_ATTRIBUTE,
+        //                new BasicAttributes( "test", "test" ) );
+        //        ctx.modifyAttributes(
+        //                "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.REMOVE_ATTRIBUTE,
+        //                new BasicAttributes( "test", "test" ) );
+        //        try
+        //        {
+        //            ctx.modifyAttributes(
+        //                    "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+        //                    DirContext.REMOVE_ATTRIBUTE,
+        //                    new BasicAttributes( "objectclass", "policyPermission" ) );
+        //            Assert.fail();
+        //        }
+        //        catch( SchemaViolationException e )
+        //        {
+        //            // OK
+        //        }
+        ctx.modifyAttributes(
+            "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+            DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+        ctx.modifyAttributes(
+            "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+            DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+
+        // Test modifications on roles
+        //        ctx.modifyAttributes(
+        //                "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.ADD_ATTRIBUTE,
+        //                new BasicAttributes( "test", "test" ) );
+        //        ctx.modifyAttributes(
+        //                "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.REMOVE_ATTRIBUTE,
+        //                new BasicAttributes( "test", "test" ) );
+        //        try
+        //        {
+        //            ctx.modifyAttributes(
+        //                    "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+        //                    DirContext.REMOVE_ATTRIBUTE,
+        //                    new BasicAttributes( "objectclass", "policyRole" ) );
+        //            Assert.fail();
+        //        }
+        //        catch( SchemaViolationException e )
+        //        {
+        //            // OK
+        //        }
+        ctx.modifyAttributes( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+            DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+        ctx.modifyAttributes( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+            DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+
+        // Test modifications on profiles
+        //        ctx.modifyAttributes(
+        //                "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.ADD_ATTRIBUTE,
+        //                new BasicAttributes( "test", "test" ) );
+        //        ctx.modifyAttributes(
+        //                "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.REMOVE_ATTRIBUTE,
+        //                new BasicAttributes( "test", "test" ) );
+        //        try
+        //        {
+        //            ctx.modifyAttributes(
+        //                    "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                    DirContext.REMOVE_ATTRIBUTE,
+        //                    new BasicAttributes( "objectclass", "policyProfile" ) );
+        //            Assert.fail();
+        //        }
+        //        catch( SchemaViolationException e )
+        //        {
+        //            // OK
+        //        }
+        //        ctx.modifyAttributes(
+        //                "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.ADD_ATTRIBUTE,
+        //                new BasicAttributes( "objectclass", "test" ) );
+        //        ctx.modifyAttributes(
+        //                "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                DirContext.REMOVE_ATTRIBUTE,
+        //                new BasicAttributes( "objectclass", "test" ) );
+    }
+
+
+    public void testModify2() throws Exception
+    {
+        // Test modifications on non-policy entry
+        ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com",
+            new ModificationItem[]
+                { new ModificationItem( DirContext.ADD_ATTRIBUTE, new BasicAttribute( "telephonenumber",
+                    "+1 904 982 6888" ) ) } );
+        ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", new ModificationItem[]
+            { new ModificationItem( DirContext.REMOVE_ATTRIBUTE, new BasicAttribute( "telephonenumber",
+                "+1 904 982 6888" ) ) } );
+
+        // Test modifications on permissions
+        //        ctx.modifyAttributes(
+        //                "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+        //                new ModificationItem[] {
+        //                        new ModificationItem(
+        //                                DirContext.ADD_ATTRIBUTE,
+        //                                new BasicAttribute( "test", "test" ) )
+        //                } );
+        //        ctx.modifyAttributes(
+        //                "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+        //                new ModificationItem[] {
+        //                        new ModificationItem(
+        //                                DirContext.REMOVE_ATTRIBUTE,
+        //                                new BasicAttribute( "test", "test" ) )
+        //                } );
+        //        try
+        //        {
+        //            ctx.modifyAttributes(
+        //                    "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+        //                    new ModificationItem[] {
+        //                            new ModificationItem(
+        //                                    DirContext.REMOVE_ATTRIBUTE,
+        //                                    new BasicAttribute( "objectclass", "policyPermission" ) )
+        //                    } );
+        //            Assert.fail();
+        //        }
+        //        catch( SchemaViolationException e )
+        //        {
+        //            // OK
+        //        }
+        /* This test doesn't work thanks to ApacheDS bug.
+         ctx.modifyAttributes(
+         "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+         new ModificationItem[] {
+         new ModificationItem(
+         DirContext.ADD_ATTRIBUTE,
+         new BasicAttribute( "objectclass", "unknown" ) )
+         } );
+         ctx.modifyAttributes(
+         "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+         new ModificationItem[] {
+         new ModificationItem(
+         DirContext.REMOVE_ATTRIBUTE,
+         new BasicAttribute( "objectclass", "unknown" ) )
+         } );
+         */
+
+        // Test modifications on roles
+        //        ctx.modifyAttributes(
+        //                "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+        //                new ModificationItem[] {
+        //                        new ModificationItem(
+        //                                DirContext.ADD_ATTRIBUTE,
+        //                                new BasicAttribute( "test", "test" ) )
+        //                } );
+        //        ctx.modifyAttributes(
+        //                "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+        //                new ModificationItem[] {
+        //                        new ModificationItem(
+        //                                DirContext.REMOVE_ATTRIBUTE,
+        //                                new BasicAttribute( "test", "test" ) )
+        //                } );
+        //        try
+        //        {
+        //            ctx.modifyAttributes(
+        //                    "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+        //                    new ModificationItem[] {
+        //                            new ModificationItem(
+        //                                    DirContext.REMOVE_ATTRIBUTE,
+        //                                    new BasicAttribute( "objectclass", "policyRole" ) )
+        //                    } );
+        //            Assert.fail();
+        //        }
+        //        catch( SchemaViolationException e )
+        //        {
+        //            // OK
+        //        }
+        /* This test doesn't work thanks to ApacheDS bug.
+         ctx.modifyAttributes(
+         "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+         new ModificationItem[] {
+         new ModificationItem(
+         DirContext.ADD_ATTRIBUTE,
+         new BasicAttribute( "objectclass", "test" ) )
+         } );
+         ctx.modifyAttributes(
+         "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+         new ModificationItem[] {
+         new ModificationItem(
+         DirContext.REMOVE_ATTRIBUTE,
+         new BasicAttribute( "objectclass", "test" ) )
+         } );
+         */
+
+        // Test modifications on profiles
+        //        ctx.modifyAttributes(
+        //                "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                new ModificationItem[] {
+        //                        new ModificationItem(
+        //                                DirContext.ADD_ATTRIBUTE,
+        //                                new BasicAttribute( "test", "test" ) )
+        //                } );
+        //        ctx.modifyAttributes(
+        //                "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                new ModificationItem[] {
+        //                        new ModificationItem(
+        //                                DirContext.REMOVE_ATTRIBUTE,
+        //                                new BasicAttribute( "test", "test" ) )
+        //                } );
+        //        try
+        //        {
+        //            ctx.modifyAttributes(
+        //                    "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+        //                    new ModificationItem[] {
+        //                            new ModificationItem(
+        //                                    DirContext.REMOVE_ATTRIBUTE,
+        //                                    new BasicAttribute( "objectclass", "policyProfile" ) )
+        //                    } );
+        //            Assert.fail();
+        //        }
+        //        catch( SchemaViolationException e )
+        //        {
+        //            // OK
+        //        }
+        /* This test doesn't work thanks to ApacheDS bug.
+         ctx.modifyAttributes(
+         "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+         new ModificationItem[] {
+         new ModificationItem(
+         DirContext.ADD_ATTRIBUTE,
+         new BasicAttribute( "objectclass", "test" ) )
+         } );
+         ctx.modifyAttributes(
+         "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+         new ModificationItem[] {
+         new ModificationItem(
+         DirContext.REMOVE_ATTRIBUTE,
+         new BasicAttribute( "objectclass", "test" ) )
+         } );
+         */
+    }
+
+
+    public void testModifyRn() throws Exception
+    {
+        ctx.rename( "uid=akarasulu, ou=Users, dc=example,dc=com", "uid=akarasuluX, ou=Users, dc=example,dc=com" );
+
+        // Test renaming group entries
+        try
+        {
+            ctx.rename( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "ou=profilesX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+        try
+        {
+            ctx.rename( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "ou=rolesX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+        try
+        {
+            ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        // Test renaming entries not in use
+        ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+            "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+        ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+            "roleName=mockRoleX, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+        ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+            "profileId=mockProfileX, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+
+        // Test renaming entries in use
+        try
+        {
+            ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+        try
+        {
+            ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "roleName=mockRoleY, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+    }
+
+
+    public void testMove1() throws Exception
+    {
+        ctx.rename( "uid=akarasulu, ou=Users, dc=example,dc=com", "uid=akarasulu, dc=example,dc=com" );
+
+        // Test renaming group entries
+        try
+        {
+            ctx.rename( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "ou=profiles,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+        try
+        {
+            ctx.rename( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "ou=roles,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+        try
+        {
+            ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "ou=permissions,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+
+        // Test renaming entries not in use
+        ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+            "permName=mockPerm8, ou=applications,dc=example,dc=com" );
+        ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+            "roleName=mockRole0, ou=applications,dc=example,dc=com" );
+        ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+            "profileId=mockProfile0, ou=applications,dc=example,dc=com" );
+
+        // Test renaming entries in use
+        try
+        {
+            ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+        try
+        {
+            ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+                "roleName=mockRole1, appName=mockApplication,ou=applications,dc=example,dc=com" );
+            Assert.fail();
+        }
+        catch ( SchemaViolationException e )
+        {
+            // OK
+        }
+    }
+
+
+    /* This doesn't work thanks to ApacheDS problem
+     public void testMove2() throws Exception
+     {
+     InvocationStack.getInstance().push(
+     new Invocation(ctx, "move")
+     );
+
+     InterceptorChain chain = ContextFactoryService.getInstance().getConfiguration().getInterceptorChain();
+     
+     chain.move(
+     new LdapName( "uid=akarasulu, ou=Users, dc=example,dc=com" ),
+     new LdapName( "dc=example,dc=com" ),
+     "uid=akarasuluX", true );
+
+     // Test renaming group entries
+     try
+     {
+     chain.move(
+     new LdapName( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "ou=applications,dc=example,dc=com" ),
+     "ou=profilesX", true );
+     Assert.fail();
+     }
+     catch( SchemaViolationException e )
+     {
+     // OK
+     }
+     try
+     {
+     chain.move(
+     new LdapName( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "ou=applications,dc=example,dc=com" ),
+     "ou=rolesX", true );
+     Assert.fail();
+     }
+     catch( SchemaViolationException e )
+     {
+     // OK
+     }
+     try
+     {
+     chain.move(
+     new LdapName( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "ou=applications,dc=example,dc=com" ),
+     "ou=permissionsX", true );
+     Assert.fail();
+     }
+     catch( SchemaViolationException e )
+     {
+     // OK
+     }
+     
+     // Test renaming entries not in use
+     chain.move(
+     new LdapName( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "ou=applications,dc=example,dc=com" ),
+     "permName=mockPermX", true );
+     chain.move(
+     new LdapName( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "ou=applications,dc=example,dc=com" ),
+     "roleName=mockRoleX", true );
+     chain.move(
+     new LdapName( "uid=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "ou=applications,dc=example,dc=com" ),
+     "uid=mockProfileX", true );
+
+     // Test renaming entries in use
+     try
+     {
+     chain.move(
+     new LdapName( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     "permName=mockPermY", true);
+     Assert.fail();
+     }
+     catch( SchemaViolationException e )
+     {
+     // OK
+     }
+     try
+     {
+     chain.move(
+     new LdapName( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     new LdapName( "appName=mockApplication,ou=applications,dc=example,dc=com" ),
+     "roleName=mockRoleY", true );
+     Assert.fail();
+     }
+     catch( SchemaViolationException e )
+     {
+     // OK
+     }
+     }
+     */
+
+    public static void main( String[] args )
+    {
+        junit.textui.TestRunner.run( PolicyProtectionInterceptorITest.class );
+    }
+
+}

Added: directory/trunks/triplesec/store/src/test/resources/interceptor.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/interceptor.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/resources/interceptor.ldif (added)
+++ directory/trunks/triplesec/store/src/test/resources/interceptor.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,393 @@
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#  
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License. 
+#  
+#
+#
+#   EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+#   http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+#
+
+#
+# This ACI allows brouse access to the root suffix and one level below that to anyone.
+# At this level there is nothing critical exposed.  Everything that matters is one or
+# more levels below this.
+#
+
+dn: cn=browseRootAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { maximum 1 }
+prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } }
+
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+#
+# This ACI allows users to modify a limited set of attributes in their own user
+# entry as well as read, compare those attributes.  The user's entry must be
+# browseable and the DN must be returnable.
+#
+
+dn: cn=allowSelfModificationsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+#
+# This ACI allows users to access a limited set of attributes in their own user
+# entry as well as compare those attributes.  The user's entry must be browseable
+# and the DN must be returnable.
+#
+
+dn: cn=allowSelfAccessAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+dn: uid=akarasulu, ou=Users, dc=example, dc=com
+cn: Alex Karasulu
+sn: Karasulu
+givenname: Alex
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: extensibleObject
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Jacksonville
+uid: akarasulu
+krb5PrincipalName: akarasulu@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: akarasulu@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 666
+apacheSamType: 7
+safehausUid: akarasulu
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: maxwell
+
+dn: uid=lockedout, ou=Users, dc=example, dc=com
+cn: Risky
+sn: Lockedout
+givenname: Unlucky
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: DummyCity
+uid: lockedout
+krb5PrincipalName: lockedout@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: lockedout@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 699
+safehausUid: lockedout
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 101347012
+safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r
+safehausFailuresInEpoch: 20
+safehausResynchCount: -1
+safehausInfo: unlucky account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: asdfasdf
+
+dn: uid=erodriguez, ou=Users, dc=example, dc=com
+cn: Enrique Rodriguez
+sn: Rodriguez
+givenname: Enrique
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Boston
+uid: erodriguez
+krb5PrincipalName: erodriguez@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+safehausUid: erodriguez
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: noices
+
+dn: uid=krbtgt, ou=Users, dc=example, dc=com
+cn: Kerberos Server
+sn: Server
+givenname: Kerberos
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: kahuna
+
+dn: uid=hostssh, ou=Users, dc=example, dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/www.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: uid=hostssh2, ou=Users, dc=example, dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalunit
+ou: applications
+
+dn: appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyApplication
+appName: mockApplication
+userPassword:: dGVzdGluZw==
+
+dn: ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: permissions
+
+dn: permName=mockPerm0,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm0
+
+dn: permName=mockPerm1,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm1
+
+dn: permName=mockPerm2,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm2
+
+dn: permName=mockPerm3,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm3
+
+dn: permName=mockPerm4,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm4
+
+dn: permName=mockPerm5,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm5
+
+dn: permName=mockPerm6,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm6
+
+dn: permName=mockPerm7,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm7
+
+dn: permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm8
+
+dn: permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm9
+
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
+dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: mockRole0
+
+dn: roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm0
+roleName: mockRole1
+
+dn: roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm1
+roleName: mockRole2
+
+dn: roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm3
+grants: mockPerm2
+roleName: mockRole3
+
+dn: roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm9
+grants: mockPerm7
+grants: mockPerm6
+grants: mockPerm5
+grants: mockPerm4
+roleName: mockRole4
+
+dn: ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: profiles
+
+dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+profileId: mockProfile0 
+user: akarasulu
+
+dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+user: akarasulu
+profileId: mockProfile1
+roles: mockRole2
+roles: mockRole1
+
+dn: profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+profileId: mockProfile2
+grants: mockPerm0
+user: akarasulu
+roles: mockRole2
+
+dn: profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+grants: mockPerm7
+grants: mockPerm0
+profileId: mockProfile3
+user: akarasulu
+roles: mockRole3
+
+dn: uid=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+denials: mockPerm7
+grants: mockPerm0
+roles: mockRole4
+roles: mockRole3
+user: akarasulu
+profileId: mockProfile4
+

Added: directory/trunks/triplesec/store/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/log4j.properties?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/resources/log4j.properties (added)
+++ directory/trunks/triplesec/store/src/test/resources/log4j.properties Tue Dec 12 07:23:31 2006
@@ -0,0 +1,6 @@
+log4j.rootCategory=ERROR, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
+

Added: directory/trunks/triplesec/store/src/test/resources/safehaus.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/safehaus.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/resources/safehaus.ldif (added)
+++ directory/trunks/triplesec/store/src/test/resources/safehaus.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,203 @@
+# -------------------------------------------------------------------
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#  
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License. 
+#  
+#
+# EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+# http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+# -------------------------------------------------------------------
+#
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+dn: uid=akarasulu, ou=Users, dc=example,dc=com
+cn: Alex Karasulu
+sn: Karasulu
+givenname: Alex
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: extensibleObject
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Jacksonville
+uid: akarasulu
+krb5PrincipalName: akarasulu@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: akarasulu@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 666
+apacheSamType: 7
+safehausUid: akarasulu
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy:sms
+userpassword: maxwell
+
+dn: uid=lockedout, ou=Users, dc=example,dc=com
+cn: Risky
+sn: Lockedout
+givenname: Unlucky
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: DummyCity
+uid: lockedout
+krb5PrincipalName: lockedout@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: lockedout@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 699
+safehausUid: lockedout
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 101347012
+safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r
+safehausFailuresInEpoch: 20
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausNotifyBy:sms
+safehausInfo: unlucky account
+userpassword: asdfasdf
+
+dn: uid=erodriguez, ou=Users, dc=example,dc=com
+cn: Enrique Rodriguez
+sn: Rodriguez
+givenname: Enrique
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Boston
+uid: erodriguez
+krb5PrincipalName: erodriguez@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+safehausUid: erodriguez
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausNotifyBy:sms
+safehausInfo: test account
+userpassword: noices
+
+dn: uid=krbtgt, ou=Users, dc=example,dc=com
+cn: Kerberos Server
+sn: Server
+givenname: Kerberos
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: kahuna
+
+dn: uid=hostssh, ou=Users, dc=example,dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/www.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: uid=hostssh2, ou=Users, dc=example,dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+

Added: directory/trunks/triplesec/swing-admin/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/pom.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-admin/pom.xml (added)
+++ directory/trunks/triplesec/swing-admin/pom.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+  
+    http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License. 
+-->
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.safehaus.triplesec</groupId>
+    <artifactId>build</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <artifactId>triplesec-swing-admin</artifactId>
+  <name>Triplesec Admin App (Swing Based)</name>
+  <description>
+    A Swing based administration application for Triplesec server.
+  </description>
+  <packaging>jar</packaging>  
+  <dependencies>
+    <dependency>
+      <groupId>${pom.groupId}</groupId>
+      <artifactId>triplesec-main</artifactId>
+      <version>${pom.version}</version>
+    </dependency>
+    
+    <dependency>
+      <groupId>${pom.groupId}</groupId>
+      <artifactId>triplesec-integration</artifactId>
+      <version>${pom.version}</version>
+    </dependency>
+    
+    <dependency>
+      <groupId>${pom.groupId}</groupId>
+      <artifactId>triplesec-admin-api</artifactId>
+      <version>${pom.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>${pom.groupId}</groupId>
+      <artifactId>triplesec-guardian-ldap</artifactId>
+      <version>${pom.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>nlog4j</artifactId>
+      <version>1.2.25</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.directory.shared</groupId>
+      <artifactId>shared-ldap</artifactId>
+      <version>0.9.5.3-SNAPSHOT</version>
+    </dependency>
+  	
+    <dependency>
+      <groupId>commons-httpclient</groupId>
+      <artifactId>commons-httpclient</artifactId>
+      <version>2.0.2</version>
+    </dependency>
+
+    <dependency>
+      <groupId>javax.activation</groupId>
+      <artifactId>activation</artifactId>
+      <version>1.1</version>
+    </dependency>
+
+    <dependency>
+      <groupId>javax.mail</groupId>
+      <artifactId>mail</artifactId>
+      <version>1.4</version>
+    </dependency>
+
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <configuration>
+          <archive>
+            <manifestFile>src/main/manifest/MANIFEST.MF</manifestFile>
+            <manifest>
+              <mainClass>org.safehaus.triplesec.admin.swing.AdminFrame</mainClass>
+            </manifest>
+          </archive>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+  
+  <profiles>
+    <profile>
+      <id>default</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <artifactId>maven-surefire-plugin</artifactId>
+            <configuration>
+              <systemProperties>
+                <property>
+                  <name>settingsFile</name>
+                  <value>${basedir}/target/settingsFile</value>
+                </property>
+              </systemProperties>
+              <excludes>
+                <!-- Do not run this test since it never exists -->
+                <exclude>**/LaunchAdminFrame.java</exclude>
+                <!-- Avoid normal integration tests -->
+                <exclude>**/*ITest.java</exclude>
+                <exclude>**/*IntegrationTest.java</exclude>
+              </excludes>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+    <profile>
+      <id>integration</id>
+      <activation>
+        <property><name>integration</name></property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <artifactId>maven-surefire-plugin</artifactId>
+            <configuration>
+              <systemProperties>
+                <property>
+                  <name>settingsFile</name>
+                  <value>${basedir}/target/settingsFile</value>
+                </property>
+                <property>
+                  <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+                  <value>${basedir}/src/test/resources</value>
+                </property>
+              </systemProperties>
+              <excludes>
+                <!-- Do not run this test since it never exists -->
+                <exclude>**/LaunchAdminFrame.java</exclude>
+              </excludes>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+    <profile>
+      <id>ui</id>
+      <activation>
+        <property><name>ui</name></property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <artifactId>maven-surefire-plugin</artifactId>
+            <configuration>
+              <forkMode>pertest</forkMode>
+              <argLine>
+                -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
+              </argLine>
+              <systemProperties>
+                <property>
+                  <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+                  <value>${basedir}/src/test/resources</value>
+                </property>
+                <property>
+                  <name>serverConfigurationPath</name>
+                  <value>${basedir}/target/serverHome</value>
+                </property>
+              </systemProperties>
+              <includes>
+                <include>**/LaunchAdminFrame.java</include>
+              </includes>
+              <excludes>
+                <exclude>**/*Test.java</exclude>
+              </excludes>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
+</project>



Mime
View raw message