Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 27306 invoked from network); 12 Dec 2006 15:26:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Dec 2006 15:26:25 -0000 Received: (qmail 48468 invoked by uid 500); 12 Dec 2006 15:26:33 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 48428 invoked by uid 500); 12 Dec 2006 15:26:33 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 48412 invoked by uid 99); 12 Dec 2006 15:26:33 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Dec 2006 07:26:33 -0800 X-ASF-Spam-Status: No, hits=-8.2 required=10.0 tests=ALL_TRUSTED,EM_ROLEX,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Dec 2006 07:26:19 -0800 Received: by eris.apache.org (Postfix, from userid 65534) id DB7371A9888; Tue, 12 Dec 2006 07:24:40 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r486187 [25/49] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/ admin-api/src/main/ admin-api/src/main/java/ admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/ admin-api/src/main/java/org/safehaus/triplesec/ a... Date: Tue, 12 Dec 2006 15:24:14 -0000 To: commits@directory.apache.org From: tbennett@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20061212152440.DB7371A9888@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Added: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java?view=auto&rev=486187 ============================================================================== --- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java (added) +++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java Tue Dec 12 07:23:31 2006 @@ -0,0 +1,850 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.safehaus.triplesec.store.interceptor; + + +import java.util.Hashtable; +import java.util.List; +import java.util.Set; + +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.directory.Attribute; +import javax.naming.directory.Attributes; +import javax.naming.directory.BasicAttribute; +import javax.naming.directory.BasicAttributes; +import javax.naming.directory.DirContext; +import javax.naming.directory.InitialDirContext; +import javax.naming.directory.ModificationItem; +import javax.naming.directory.SchemaViolationException; + +import junit.framework.Assert; + +import org.apache.directory.server.core.unit.AbstractAdminTestCase; +import org.apache.directory.server.core.schema.bootstrap.SystemSchema; +import org.apache.directory.server.core.schema.bootstrap.CoreSchema; +import org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema; +import org.apache.directory.server.core.configuration.Configuration; +import org.apache.directory.server.core.configuration.MutablePartitionConfiguration; +import org.apache.directory.server.core.configuration.MutableInterceptorConfiguration; +import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition; +import org.safehaus.triplesec.store.ProfileObjectFactory; +import org.safehaus.triplesec.store.ProfileStateFactory; +import org.safehaus.triplesec.store.schema.SafehausSchema; + + +/** + * Test case for the PolicyProtectionInterceptor. + * + * @author Trustin Lee + * @version $Rev: 957 $, $Date: 2006-09-22 09:03:23 -0400 (Fri, 22 Sep 2006) $ + */ +public class PolicyProtectionInterceptorITest extends AbstractAdminTestCase +{ + private DirContext ctx; + + + public void setUp() throws Exception + { + Set schemas = super.configuration.getBootstrapSchemas(); + schemas.add( new CoreSchema() ); + schemas.add( new SystemSchema() ); + schemas.add( new Krb5kdcSchema() ); + schemas.add( new SafehausSchema() ); + super.configuration.setBootstrapSchemas( schemas ); + super.configuration.setShutdownHookEnabled( false ); + super.configuration.setAccessControlEnabled( true ); + + MutablePartitionConfiguration partitionCfg = new MutablePartitionConfiguration(); + partitionCfg.setName( "example" ); + partitionCfg.setSuffix( "dc=example,dc=com" ); + Attributes ctxEntry = new BasicAttributes(); + ctxEntry.put( "objectClass", "top" ); + ctxEntry.put( "dc", "example" ); + partitionCfg.setContextEntry( ctxEntry ); + partitionCfg.setContextPartition( new JdbmPartition() ); + + Set partitions = super.configuration.getContextPartitionConfigurations(); + partitions.add( partitionCfg ); + super.configuration.setContextPartitionConfigurations( partitions ); + + List interceptors = super.configuration.getInterceptorConfigurations(); + MutableInterceptorConfiguration interceptorCfg = new MutableInterceptorConfiguration(); + interceptorCfg.setName( "protector" ); + interceptorCfg.setInterceptor( new PolicyProtectionInterceptor() ); + interceptors.add( interceptorCfg ); + super.configuration.setInterceptorConfigurations( interceptors ); + + super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() ); + super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() ); + super.setLdifPath( "/interceptor.ldif", getClass() ); + super.setUp(); + + Hashtable env = new Hashtable(); + env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" ); + env.put( Context.PROVIDER_URL, "" ); + env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" ); + env.put( Context.SECURITY_AUTHENTICATION, "simple" ); + env.put( Context.SECURITY_CREDENTIALS, "secret" ); + env.put( Configuration.JNDI_KEY, super.configuration ); + env.put( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() ); + env.put( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() ); + + ctx = new InitialDirContext( env ); + } + + + public void tearDown() throws Exception + { + super.tearDown(); + } + + + public void testAdd() throws Exception + { + Attribute attr; + + // Adding unrelated entries should be OK. + ctx.bind( "ou=test,dc=example,dc=com", null, new BasicAttributes( "objectClass", "top" ) ); + + // Test adding permissions + Attributes perm = new BasicAttributes(); + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( "policyPermission" ); + perm.put( attr ); + perm.put( "permName", "permX" ); + + _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm ); + + // Test adding roles + Attributes role = new BasicAttributes(); + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( "policyRole" ); + role.put( attr ); + role.put( "roleName", "roleX" ); + + _testAdd( "roleName=roleX", "roleName=mockRole0", "ou=roles", role ); + + // Test adding profiles + Attributes profile = new BasicAttributes(); + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( "policyProfile" ); + profile.put( attr ); + profile.put( "profileId", "profileX" ); + profile.put( "user", "akarasulu" ); + + _testAdd( "profileId=profileX", "profileId=mockProfile0", "ou=profiles", profile ); + + + // Test adding a role with non-existing permissions + role = new BasicAttributes(); + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( "policyRole" ); + role.put( attr ); + role.put( "roleName", "roleY" ); + role.put( "grants", "unknownPerm" ); + try + { + ctx.bind( + "roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + null, role); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + + // Test adding a profile with a non-existing role + profile = new BasicAttributes(); + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( "policyProfile" ); + profile.put( attr ); + profile.put( "profileId", "profileY" ); + profile.put( "roles", "unknownRole" ); + + try + { + ctx.bind( + "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + null, profile); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + + // Test adding a profile with non-existing permissions + profile = new BasicAttributes(); + attr = new BasicAttribute( "objectClass" ); + attr.add( "top" ); + attr.add( "policyProfile" ); + profile.put( attr ); + profile.put( "uid", "profileY" ); + profile.put( "grants", "unknownPerm" ); + + try + { + ctx.bind( + "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + null, profile); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + + // Test adding non-existing permission to a role + try + { + ctx.modifyAttributes( + "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.ADD_ATTRIBUTE, + new BasicAttributes( "grants", "unknownPerm" ) ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + + // Test adding non-existing permission to a profile + try + { + ctx.modifyAttributes( + "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.ADD_ATTRIBUTE, + new BasicAttributes( "grants", "unknownPerm" ) ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + + // Test adding non-existing role to a profile + try + { + ctx.modifyAttributes( + "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.ADD_ATTRIBUTE, + new BasicAttributes( "roles", "unknownRole" ) ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + } + + + private void _testAdd( String rn, String siblingRN, String parentRN, Attributes entry ) throws NamingException + { + try + { + ctx.bind( rn + ", dc=example,dc=com", null, entry ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + try + { + ctx.bind( rn + ", ou=applications, dc=example,dc=com", null, entry ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + try + { + ctx.bind( rn + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + Attributes wrongEntry = ( Attributes ) entry.clone(); + wrongEntry.put( "objectClass", "top" ); // Remove other classes + + try + { + ctx.bind( rn + ", " + siblingRN + ", " + parentRN + + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, wrongEntry ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + ctx.bind( rn + ", " + parentRN + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry ); + + try + { + ctx.bind( rn + ", " + siblingRN + ", " + parentRN + + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + } + + + public void testDelete() throws Exception + { + // Test deleting non-policy entries + ctx.unbind( "uid=akarasulu, ou=Users, dc=example,dc=com" ); + + // Test deleting permissions not in use + ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); + + // Test deleting roles not in use + ctx.unbind( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); + + // Test deleting permissions in use + try + { + ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + // Test deleting roles in use + try + { + ctx.unbind( "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + // Test deleting profiles (should be deleted without any confirmation) + ctx.unbind( "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ); + } + + + public void testModify1() throws Exception + { + // Test modifications on non-policy entry + ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", DirContext.ADD_ATTRIBUTE, + new BasicAttributes( "telephonenumber", "+1 904 982 6888" ) ); + ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", DirContext.REMOVE_ATTRIBUTE, + new BasicAttributes( "telephonenumber", "+1 904 982 6888" ) ); + + // Test modifications on permissions + + // test attribute is not a valid schema defined attribute + + // ctx.modifyAttributes( + // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + // DirContext.ADD_ATTRIBUTE, + // new BasicAttributes( "test", "test" ) ); + // ctx.modifyAttributes( + // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "test", "test" ) ); + // try + // { + // ctx.modifyAttributes( + // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "objectclass", "policyPermission" ) ); + // Assert.fail(); + // } + // catch( SchemaViolationException e ) + // { + // // OK + // } + ctx.modifyAttributes( + "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); + ctx.modifyAttributes( + "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); + + // Test modifications on roles + // ctx.modifyAttributes( + // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + // DirContext.ADD_ATTRIBUTE, + // new BasicAttributes( "test", "test" ) ); + // ctx.modifyAttributes( + // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "test", "test" ) ); + // try + // { + // ctx.modifyAttributes( + // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "objectclass", "policyRole" ) ); + // Assert.fail(); + // } + // catch( SchemaViolationException e ) + // { + // // OK + // } + ctx.modifyAttributes( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); + ctx.modifyAttributes( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) ); + + // Test modifications on profiles + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // DirContext.ADD_ATTRIBUTE, + // new BasicAttributes( "test", "test" ) ); + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "test", "test" ) ); + // try + // { + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "objectclass", "policyProfile" ) ); + // Assert.fail(); + // } + // catch( SchemaViolationException e ) + // { + // // OK + // } + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // DirContext.ADD_ATTRIBUTE, + // new BasicAttributes( "objectclass", "test" ) ); + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttributes( "objectclass", "test" ) ); + } + + + public void testModify2() throws Exception + { + // Test modifications on non-policy entry + ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", + new ModificationItem[] + { new ModificationItem( DirContext.ADD_ATTRIBUTE, new BasicAttribute( "telephonenumber", + "+1 904 982 6888" ) ) } ); + ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", new ModificationItem[] + { new ModificationItem( DirContext.REMOVE_ATTRIBUTE, new BasicAttribute( "telephonenumber", + "+1 904 982 6888" ) ) } ); + + // Test modifications on permissions + // ctx.modifyAttributes( + // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.ADD_ATTRIBUTE, + // new BasicAttribute( "test", "test" ) ) + // } ); + // ctx.modifyAttributes( + // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttribute( "test", "test" ) ) + // } ); + // try + // { + // ctx.modifyAttributes( + // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttribute( "objectclass", "policyPermission" ) ) + // } ); + // Assert.fail(); + // } + // catch( SchemaViolationException e ) + // { + // // OK + // } + /* This test doesn't work thanks to ApacheDS bug. + ctx.modifyAttributes( + "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + new ModificationItem[] { + new ModificationItem( + DirContext.ADD_ATTRIBUTE, + new BasicAttribute( "objectclass", "unknown" ) ) + } ); + ctx.modifyAttributes( + "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example", + new ModificationItem[] { + new ModificationItem( + DirContext.REMOVE_ATTRIBUTE, + new BasicAttribute( "objectclass", "unknown" ) ) + } ); + */ + + // Test modifications on roles + // ctx.modifyAttributes( + // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.ADD_ATTRIBUTE, + // new BasicAttribute( "test", "test" ) ) + // } ); + // ctx.modifyAttributes( + // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttribute( "test", "test" ) ) + // } ); + // try + // { + // ctx.modifyAttributes( + // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttribute( "objectclass", "policyRole" ) ) + // } ); + // Assert.fail(); + // } + // catch( SchemaViolationException e ) + // { + // // OK + // } + /* This test doesn't work thanks to ApacheDS bug. + ctx.modifyAttributes( + "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + new ModificationItem[] { + new ModificationItem( + DirContext.ADD_ATTRIBUTE, + new BasicAttribute( "objectclass", "test" ) ) + } ); + ctx.modifyAttributes( + "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example", + new ModificationItem[] { + new ModificationItem( + DirContext.REMOVE_ATTRIBUTE, + new BasicAttribute( "objectclass", "test" ) ) + } ); + */ + + // Test modifications on profiles + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.ADD_ATTRIBUTE, + // new BasicAttribute( "test", "test" ) ) + // } ); + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttribute( "test", "test" ) ) + // } ); + // try + // { + // ctx.modifyAttributes( + // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + // new ModificationItem[] { + // new ModificationItem( + // DirContext.REMOVE_ATTRIBUTE, + // new BasicAttribute( "objectclass", "policyProfile" ) ) + // } ); + // Assert.fail(); + // } + // catch( SchemaViolationException e ) + // { + // // OK + // } + /* This test doesn't work thanks to ApacheDS bug. + ctx.modifyAttributes( + "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + new ModificationItem[] { + new ModificationItem( + DirContext.ADD_ATTRIBUTE, + new BasicAttribute( "objectclass", "test" ) ) + } ); + ctx.modifyAttributes( + "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example", + new ModificationItem[] { + new ModificationItem( + DirContext.REMOVE_ATTRIBUTE, + new BasicAttribute( "objectclass", "test" ) ) + } ); + */ + } + + + public void testModifyRn() throws Exception + { + ctx.rename( "uid=akarasulu, ou=Users, dc=example,dc=com", "uid=akarasuluX, ou=Users, dc=example,dc=com" ); + + // Test renaming group entries + try + { + ctx.rename( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + "ou=profilesX,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + try + { + ctx.rename( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + "ou=rolesX,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + try + { + ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + // Test renaming entries not in use + ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); + ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + "roleName=mockRoleX, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); + ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + "profileId=mockProfileX, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ); + + // Test renaming entries in use + try + { + ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + try + { + ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + "roleName=mockRoleY, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + } + + + public void testMove1() throws Exception + { + ctx.rename( "uid=akarasulu, ou=Users, dc=example,dc=com", "uid=akarasulu, dc=example,dc=com" ); + + // Test renaming group entries + try + { + ctx.rename( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + "ou=profiles,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + try + { + ctx.rename( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + "ou=roles,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + try + { + ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + "ou=permissions,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + + // Test renaming entries not in use + ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + "permName=mockPerm8, ou=applications,dc=example,dc=com" ); + ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + "roleName=mockRole0, ou=applications,dc=example,dc=com" ); + ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com", + "profileId=mockProfile0, ou=applications,dc=example,dc=com" ); + + // Test renaming entries in use + try + { + ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com", + "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + try + { + ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com", + "roleName=mockRole1, appName=mockApplication,ou=applications,dc=example,dc=com" ); + Assert.fail(); + } + catch ( SchemaViolationException e ) + { + // OK + } + } + + + /* This doesn't work thanks to ApacheDS problem + public void testMove2() throws Exception + { + InvocationStack.getInstance().push( + new Invocation(ctx, "move") + ); + + InterceptorChain chain = ContextFactoryService.getInstance().getConfiguration().getInterceptorChain(); + + chain.move( + new LdapName( "uid=akarasulu, ou=Users, dc=example,dc=com" ), + new LdapName( "dc=example,dc=com" ), + "uid=akarasuluX", true ); + + // Test renaming group entries + try + { + chain.move( + new LdapName( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "ou=applications,dc=example,dc=com" ), + "ou=profilesX", true ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + try + { + chain.move( + new LdapName( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "ou=applications,dc=example,dc=com" ), + "ou=rolesX", true ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + try + { + chain.move( + new LdapName( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "ou=applications,dc=example,dc=com" ), + "ou=permissionsX", true ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + + // Test renaming entries not in use + chain.move( + new LdapName( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "ou=applications,dc=example,dc=com" ), + "permName=mockPermX", true ); + chain.move( + new LdapName( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "ou=applications,dc=example,dc=com" ), + "roleName=mockRoleX", true ); + chain.move( + new LdapName( "uid=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "ou=applications,dc=example,dc=com" ), + "uid=mockProfileX", true ); + + // Test renaming entries in use + try + { + chain.move( + new LdapName( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "appName=mockApplication,ou=applications,dc=example,dc=com" ), + "permName=mockPermY", true); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + try + { + chain.move( + new LdapName( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ), + new LdapName( "appName=mockApplication,ou=applications,dc=example,dc=com" ), + "roleName=mockRoleY", true ); + Assert.fail(); + } + catch( SchemaViolationException e ) + { + // OK + } + } + */ + + public static void main( String[] args ) + { + junit.textui.TestRunner.run( PolicyProtectionInterceptorITest.class ); + } + +} Added: directory/trunks/triplesec/store/src/test/resources/interceptor.ldif URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/interceptor.ldif?view=auto&rev=486187 ============================================================================== --- directory/trunks/triplesec/store/src/test/resources/interceptor.ldif (added) +++ directory/trunks/triplesec/store/src/test/resources/interceptor.ldif Tue Dec 12 07:23:31 2006 @@ -0,0 +1,393 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +# +# EXAMPLE.COM is freely and reserved for testing according to this RFC: +# +# http://www.rfc-editor.org/rfc/rfc2606.txt +# +# + +# +# This ACI allows brouse access to the root suffix and one level below that to anyone. +# At this level there is nothing critical exposed. Everything that matters is one or +# more levels below this. +# + +dn: cn=browseRootAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { maximum 1 } +prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } } + +dn: ou=Users, dc=example, dc=com +objectclass: top +objectclass: organizationalunit +ou: Users + +# +# This ACI allows users to modify a limited set of attributes in their own user +# entry as well as read, compare those attributes. The user's entry must be +# browseable and the DN must be returnable. +# + +dn: cn=allowSelfModificationsAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=users", maximum 1 } +prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } } + +# +# This ACI allows users to access a limited set of attributes in their own user +# entry as well as compare those attributes. The user's entry must be browseable +# and the DN must be returnable. +# + +dn: cn=allowSelfAccessAci,dc=example,dc=com +objectClass: top +objectClass: subentry +objectClass: accessControlSubentry +subtreeSpecification: { base "ou=users", maximum 1 } +prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } } + +dn: uid=akarasulu, ou=Users, dc=example, dc=com +cn: Alex Karasulu +sn: Karasulu +givenname: Alex +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: extensibleObject +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: Jacksonville +uid: akarasulu +krb5PrincipalName: akarasulu@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: akarasulu@example.com +telephonenumber: +1 904 982 6882 +facsimiletelephonenumber: +1 904 982 6883 +roomnumber: 666 +apacheSamType: 7 +safehausUid: akarasulu +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 27304238 +safehausSecret:: aaaabbbbccccdddd +safehausFailuresInEpoch: 0 +safehausResynchCount: -1 +safehausInfo: test account +safehausTokenPin: 1234 +safehausNotifyBy: sms +userpassword: maxwell + +dn: uid=lockedout, ou=Users, dc=example, dc=com +cn: Risky +sn: Lockedout +givenname: Unlucky +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: DummyCity +uid: lockedout +krb5PrincipalName: lockedout@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: lockedout@example.com +telephonenumber: +1 904 982 6882 +facsimiletelephonenumber: +1 904 982 6883 +roomnumber: 699 +safehausUid: lockedout +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 101347012 +safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r +safehausFailuresInEpoch: 20 +safehausResynchCount: -1 +safehausInfo: unlucky account +safehausTokenPin: 1234 +safehausNotifyBy: sms +userpassword: asdfasdf + +dn: uid=erodriguez, ou=Users, dc=example, dc=com +cn: Enrique Rodriguez +sn: Rodriguez +givenname: Enrique +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: Boston +uid: erodriguez +krb5PrincipalName: erodriguez@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +safehausUid: erodriguez +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 917483720127847 +safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^* +safehausFailuresInEpoch: 0 +safehausResynchCount: -1 +safehausInfo: test account +safehausTokenPin: 1234 +safehausNotifyBy: sms +userpassword: noices + +dn: uid=krbtgt, ou=Users, dc=example, dc=com +cn: Kerberos Server +sn: Server +givenname: Kerberos +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: krbtgt +krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: kahuna + +dn: uid=hostssh, ou=Users, dc=example, dc=com +cn: SSH Service +sn: Service +givenname: SSH +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: hostssh +krb5PrincipalName: host/www.example.com@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: randall + +dn: uid=hostssh2, ou=Users, dc=example, dc=com +cn: SSH Service +sn: Service +givenname: SSH +objectclass: top +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: hostssh +krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: randall + +dn: ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalunit +ou: applications + +dn: appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyApplication +appName: mockApplication +userPassword:: dGVzdGluZw== + +dn: ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalUnit +ou: permissions + +dn: permName=mockPerm0,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm0 + +dn: permName=mockPerm1,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm1 + +dn: permName=mockPerm2,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm2 + +dn: permName=mockPerm3,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm3 + +dn: permName=mockPerm4,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm4 + +dn: permName=mockPerm5,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm5 + +dn: permName=mockPerm6,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm6 + +dn: permName=mockPerm7,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm7 + +dn: permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm8 + +dn: permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyPermission +permName: mockPerm9 + +dn: ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalUnit +ou: roles + +dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: policyRole +objectClass: top +roleName: mockRole0 + +dn: roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +grants: mockPerm0 +roleName: mockRole1 + +dn: roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +grants: mockPerm1 +roleName: mockRole2 + +dn: roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +grants: mockPerm3 +grants: mockPerm2 +roleName: mockRole3 + +dn: roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyRole +grants: mockPerm9 +grants: mockPerm7 +grants: mockPerm6 +grants: mockPerm5 +grants: mockPerm4 +roleName: mockRole4 + +dn: ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: organizationalUnit +ou: profiles + +dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +profileId: mockProfile0 +user: akarasulu + +dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +user: akarasulu +profileId: mockProfile1 +roles: mockRole2 +roles: mockRole1 + +dn: profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +profileId: mockProfile2 +grants: mockPerm0 +user: akarasulu +roles: mockRole2 + +dn: profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +grants: mockPerm7 +grants: mockPerm0 +profileId: mockProfile3 +user: akarasulu +roles: mockRole3 + +dn: uid=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com +objectClass: top +objectClass: policyProfile +denials: mockPerm7 +grants: mockPerm0 +roles: mockRole4 +roles: mockRole3 +user: akarasulu +profileId: mockProfile4 + Added: directory/trunks/triplesec/store/src/test/resources/log4j.properties URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/log4j.properties?view=auto&rev=486187 ============================================================================== --- directory/trunks/triplesec/store/src/test/resources/log4j.properties (added) +++ directory/trunks/triplesec/store/src/test/resources/log4j.properties Tue Dec 12 07:23:31 2006 @@ -0,0 +1,6 @@ +log4j.rootCategory=ERROR, stdout + +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n + Added: directory/trunks/triplesec/store/src/test/resources/safehaus.ldif URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/safehaus.ldif?view=auto&rev=486187 ============================================================================== --- directory/trunks/triplesec/store/src/test/resources/safehaus.ldif (added) +++ directory/trunks/triplesec/store/src/test/resources/safehaus.ldif Tue Dec 12 07:23:31 2006 @@ -0,0 +1,203 @@ +# ------------------------------------------------------------------- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +# EXAMPLE.COM is freely and reserved for testing according to this RFC: +# +# http://www.rfc-editor.org/rfc/rfc2606.txt +# +# ------------------------------------------------------------------- +# +dn: ou=Users, dc=example, dc=com +objectclass: top +objectclass: organizationalunit +ou: Users + +dn: uid=akarasulu, ou=Users, dc=example,dc=com +cn: Alex Karasulu +sn: Karasulu +givenname: Alex +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: extensibleObject +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: Jacksonville +uid: akarasulu +krb5PrincipalName: akarasulu@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: akarasulu@example.com +telephonenumber: +1 904 982 6882 +facsimiletelephonenumber: +1 904 982 6883 +roomnumber: 666 +apacheSamType: 7 +safehausUid: akarasulu +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 27304238 +safehausSecret:: aaaabbbbccccdddd +safehausFailuresInEpoch: 0 +safehausResynchCount: -1 +safehausInfo: test account +safehausTokenPin: 1234 +safehausNotifyBy:sms +userpassword: maxwell + +dn: uid=lockedout, ou=Users, dc=example,dc=com +cn: Risky +sn: Lockedout +givenname: Unlucky +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: DummyCity +uid: lockedout +krb5PrincipalName: lockedout@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: lockedout@example.com +telephonenumber: +1 904 982 6882 +facsimiletelephonenumber: +1 904 982 6883 +roomnumber: 699 +safehausUid: lockedout +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 101347012 +safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r +safehausFailuresInEpoch: 20 +safehausResynchCount: -1 +safehausTokenPin: 1234 +safehausNotifyBy:sms +safehausInfo: unlucky account +userpassword: asdfasdf + +dn: uid=erodriguez, ou=Users, dc=example,dc=com +cn: Enrique Rodriguez +sn: Rodriguez +givenname: Enrique +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +objectclass: safehausProfile +ou: Directory +ou: Users +l: Boston +uid: erodriguez +krb5PrincipalName: erodriguez@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +safehausUid: erodriguez +safehausRealm: EXAMPLE.COM +safehausLabel: example realm +safehausFactor: 917483720127847 +safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^* +safehausFailuresInEpoch: 0 +safehausTokenPin: 1234 +safehausResynchCount: -1 +safehausNotifyBy:sms +safehausInfo: test account +userpassword: noices + +dn: uid=krbtgt, ou=Users, dc=example,dc=com +cn: Kerberos Server +sn: Server +givenname: Kerberos +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: krbtgt +krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: kahuna + +dn: uid=hostssh, ou=Users, dc=example,dc=com +cn: SSH Service +sn: Service +givenname: SSH +objectclass: top +objectclass: uidObject +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: hostssh +krb5PrincipalName: host/www.example.com@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: randall + +dn: uid=hostssh2, ou=Users, dc=example,dc=com +cn: SSH Service +sn: Service +givenname: SSH +objectclass: top +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: krb5Principal +objectclass: krb5KDCEntry +ou: Directory +ou: Users +l: Boston +uid: hostssh +krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM +krb5KeyVersionNumber: 0 +mail: erodriguez@example.com +telephonenumber: +1 408 555 9187 +facsimiletelephonenumber: +1 408 555 8473 +roomnumber: 667 +userpassword: randall + Added: directory/trunks/triplesec/swing-admin/pom.xml URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/pom.xml?view=auto&rev=486187 ============================================================================== --- directory/trunks/triplesec/swing-admin/pom.xml (added) +++ directory/trunks/triplesec/swing-admin/pom.xml Tue Dec 12 07:23:31 2006 @@ -0,0 +1,201 @@ + + + + 4.0.0 + + org.safehaus.triplesec + build + 1.0-SNAPSHOT + + triplesec-swing-admin + Triplesec Admin App (Swing Based) + + A Swing based administration application for Triplesec server. + + jar + + + ${pom.groupId} + triplesec-main + ${pom.version} + + + + ${pom.groupId} + triplesec-integration + ${pom.version} + + + + ${pom.groupId} + triplesec-admin-api + ${pom.version} + + + + ${pom.groupId} + triplesec-guardian-ldap + ${pom.version} + + + + org.slf4j + nlog4j + 1.2.25 + + + + org.apache.directory.shared + shared-ldap + 0.9.5.3-SNAPSHOT + + + + commons-httpclient + commons-httpclient + 2.0.2 + + + + javax.activation + activation + 1.1 + + + + javax.mail + mail + 1.4 + + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + src/main/manifest/MANIFEST.MF + + org.safehaus.triplesec.admin.swing.AdminFrame + + + + + + + + + + default + + true + + + + + maven-surefire-plugin + + + + settingsFile + ${basedir}/target/settingsFile + + + + + **/LaunchAdminFrame.java + + **/*ITest.java + **/*IntegrationTest.java + + + + + + + + integration + + integration + + + + + maven-surefire-plugin + + + + settingsFile + ${basedir}/target/settingsFile + + + org.safehaus.triplesec.integration.resourcesDirectory + ${basedir}/src/test/resources + + + + + **/LaunchAdminFrame.java + + + + + + + + ui + + ui + + + + + maven-surefire-plugin + + pertest + + -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 + + + + org.safehaus.triplesec.integration.resourcesDirectory + ${basedir}/src/test/resources + + + serverConfigurationPath + ${basedir}/target/serverHome + + + + **/LaunchAdminFrame.java + + + **/*Test.java + + + + + + + +