directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r678280 - in /directory: apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/ apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/ apacheds/branches/...
Date Sun, 20 Jul 2008 15:11:37 GMT
Author: elecharny
Date: Sun Jul 20 08:11:36 2008
New Revision: 678280

URL: http://svn.apache.org/viewvc?rev=678280&view=rev
Log:
o Added tests for the Simple Bind operation, covering all the different cases
o Adding some messages in the exceptions
o Using the UpDN instead of the normalized DN for messages and logs
o Modified the BindOperation.getAuthenticationLevel() method to handle the case where 
the DN is empty but not the paword (returns a INVALID authent)
o Added an Authentication level INVALID
o Removing useless imports

Added:
    directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/
    directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/
    directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
Modified:
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
    directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java

Added: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java?rev=678280&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
(added)
+++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
Sun Jul 20 08:11:36 2008
@@ -0,0 +1,390 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.directory.server.core.operations.bind;
+
+
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.InvalidNameException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.integ.CiRunner;
+import org.apache.directory.server.core.jndi.CoreContextFactory;
+import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
+import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
+import org.apache.directory.shared.ldap.exception.LdapNameNotFoundException;
+import org.apache.directory.shared.ldap.message.AliasDerefMode;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+
+/**
+ * Test the Simple BindRequest
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$
+ */
+@RunWith ( CiRunner.class )
+public class SimpleBindIT
+{
+	/** The directory service */
+    public static DirectoryService service;
+    
+    /**
+     * A method to do a search
+     */
+    private NamingEnumeration<SearchResult> search( DirContext ctx, String baseDn,
String filter, int scope ) throws NamingException
+    {
+        SearchControls controls = new SearchControls();
+        controls.setSearchScope( scope );
+        controls.setDerefLinkFlag( false );
+        controls.setReturningAttributes( new String[]{ "*", "+"} );
+        ctx.addToEnvironment( JndiPropertyConstants.JNDI_LDAP_DAP_DEREF_ALIASES,
+                AliasDerefMode.NEVER_DEREF_ALIASES.getJndiValue() );
+
+        NamingEnumeration<SearchResult> list = ctx.search( baseDn, filter, controls
);
+        return list;
+    }
+    
+    
+    /**
+     * try to connect using a known user/password and read an entry.
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindUserPassword()
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        env.put( Context.PROVIDER_URL, "ou=system" );
+
+    	// Authenticate as admin and password "secret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
+    	env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+    	DirContext ctx = null;
+    	
+    	// Create the initial context
+    	try
+    	{
+    		ctx = new InitialDirContext(env);
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    	
+    	try
+    	{
+    		ctx.close();
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+    
+    
+    /**
+     * try to connect using a known user but with a bad password: we should get a invalidCredentials
error.
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindUserBadPassword()
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        env.put( Context.PROVIDER_URL, "ou=system" );
+
+    	// Authenticate as admin and password "badsecret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
+    	env.put(Context.SECURITY_CREDENTIALS, "badsecret");
+
+    	// Create the initial context
+    	try
+    	{
+    		new InitialDirContext(env);
+
+        	// We should not be connected
+    		fail();
+    	}
+    	catch ( LdapAuthenticationException lae )
+    	{
+    		assertTrue( true );
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+    
+    
+    /**
+     * try to connect using a user with an invalid DN: we should get a invalidDNSyntax error.
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindBadUserPassword()
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        env.put( Context.PROVIDER_URL, "ou=system" );
+
+    	// Authenticate as admin and password "secret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "admin");
+    	env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+    	// Create the initial context
+    	try
+    	{
+    		new InitialDirContext(env);
+
+        	// We should not be connected
+    		fail();
+    	}
+    	catch ( InvalidNameException ine )
+    	{
+    		assertEquals( "Bad DN : admin", ine.getMessage() );
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+    
+
+    /**
+     * try to connect using a unknown user: we should get a invalidCredentials error.
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindUnknowUserPassword()
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        env.put( Context.PROVIDER_URL, "ou=system" );
+
+    	// Authenticate as uid=unknown and password "secret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "uid=unknown,ou=system");
+    	env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+    	// Create the initial context
+    	try
+    	{
+    		new InitialDirContext(env);
+
+        	// We should not be connected
+    		fail();
+    	}
+    	catch ( LdapAuthenticationException lae )
+    	{
+    		assertEquals( "Cannot authenticate user uid=unknown,ou=system", lae.getMessage() );
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+    
+    
+    /**
+     * covers the anonymous authentication : we should be able to read the rootDSE, but that's
it
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindNoUserNoPassword()
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        
+        // Bind on the rootDSE
+        env.put( Context.PROVIDER_URL, "" );
+
+    	// Authenticate as admin and password "secret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "");
+    	env.put(Context.SECURITY_CREDENTIALS, "");
+
+    	DirContext ctx = null;
+    	
+    	// Create the initial context
+    	try
+    	{
+    		ctx = new InitialDirContext(env);
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    	
+    	// We should be anonymous here. 
+    	// Check that we can read the rootDSE
+    	try
+    	{
+    		NamingEnumeration<SearchResult> list = search( ctx, "", "(ObjectClass=*)", SearchControls.OBJECT_SCOPE
);
+    		
+    		assertNotNull( list );
+    		
+            while ( list.hasMore() )
+            {
+                SearchResult result = list.next();
+                assertNotNull( result );
+            }
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+
+    	// Check that we cannot read another entry being anonymous
+    	try
+    	{
+    		NamingEnumeration<SearchResult> list = search( ctx, "uid=admin, ou=system", "(ObjectClass=*)",
SearchControls.OBJECT_SCOPE );
+    		
+    		assertNotNull( list );
+    		assertFalse( list.hasMore() );
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+
+    	try
+    	{
+    		ctx.close();
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+    
+    
+    /**
+     * covers the Unauthenticated case : we should get a UnwillingToPerform error.
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindUserNoPassword()
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        
+        // Bind on the rootDSE
+        env.put( Context.PROVIDER_URL, "" );
+
+    	// Authenticate as admin and password "secret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
+    	env.put(Context.SECURITY_CREDENTIALS, "");
+
+    	// Create the initial context
+    	try
+    	{
+    		new InitialDirContext(env);
+    	}
+    	catch ( LdapAuthenticationException lae )
+    	{
+    		assertEquals( "Cannot authenticate user uid=admin,ou=system", lae.getMessage() );
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+    
+    
+    /**
+     * not allowed by the server. We should get a invalidCredentials error.
+     * 
+     * @throws Exception on error
+     */
+    @Test
+    public void testSimpleBindNoUserPassword() throws Exception
+    {
+    	// We will bind using JNDI
+    	// Set up the environment for creating the initial context
+        Hashtable<String, Object> env = new Hashtable<String, Object>();
+        env.put( DirectoryService.JNDI_KEY, service );
+        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+        
+        // Bind on the rootDSE
+        env.put( Context.PROVIDER_URL, "" );
+
+    	// Authenticate as admin and password "secret"
+    	env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    	env.put(Context.SECURITY_PRINCIPAL, "");
+    	env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+    	// Create the initial context
+    	try
+    	{
+    		new InitialDirContext(env);
+    	}
+    	catch ( LdapNameNotFoundException lnnfe )
+    	{
+    		assertTrue( true );
+    	}
+    	catch ( NamingException ne )
+    	{
+    		fail();
+    	}
+    }
+}

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Sun Jul 20 08:11:36 2008
@@ -20,10 +20,6 @@
 package org.apache.directory.server.core.authn;
 
 
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -484,6 +480,8 @@
             LOG.info( "Cannot bind to the server " );
         }
 
-        throw new LdapAuthenticationException();
+        LdapDN dn = opContext.getDn();
+        String upDn = ( dn == null ? "" : dn.getUpName() );
+        throw new LdapAuthenticationException( "Cannot authenticate user " + upDn );
     }
 }

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Sun Jul 20 08:11:36 2008
@@ -568,14 +568,17 @@
 
             if ( userEntry == null )
             {
+            	LdapDN dn = opContext.getDn();
+            	String upDn = ( dn == null ? "" : dn.getUpName() );
+            	
                 throw new LdapAuthenticationException( "Failed to lookup user for authentication:
" 
-                    + opContext.getDn() );
+                    + upDn );
             }
         }
         catch ( Exception cause )
         {
             LOG.error( "Authentication error : " + cause.getMessage() );
-            LdapAuthenticationException e = new LdapAuthenticationException();
+            LdapAuthenticationException e = new LdapAuthenticationException( cause.getMessage()
);
             e.setRootCause( e );
             throw e;
         }

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
Sun Jul 20 08:11:36 2008
@@ -98,19 +98,39 @@
     }
 
     
+    /**
+     * @return The authentication level. One of :
+     * <li>ANONYMOUS</li>
+     * <li>SIMPLE</li>
+     * <li>STRONG (sasl)</li>
+     * <li>INVALID</li>
+     */
     public AuthenticationLevel getAuthenticationLevel()
     {
-        if ( saslMechanism == null && dn.isEmpty() )
+        if ( ( saslMechanism == null ) )
         {
-            return AuthenticationLevel.NONE;
+        	if ( dn.isEmpty() )
+        	{
+        		if ( StringTools.isEmpty( credentials ) )
+        		{
+        			// Dn and Credentials are empty, this is an anonymous authent
+        			return AuthenticationLevel.NONE;
+        		}
+        		else
+        		{
+        			// If we have a password but no DN, this is invalid 
+        			return AuthenticationLevel.INVALID;
+        		}
+        	}
+        	else
+        	{
+        		return AuthenticationLevel.SIMPLE;
+        	}
         }
-        
-        if ( saslMechanism != null )
+        else
         {
             return AuthenticationLevel.STRONG;
         }
-        
-        return AuthenticationLevel.SIMPLE;
     }
     
     

Modified: directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
(original)
+++ directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
Sun Jul 20 08:11:36 2008
@@ -28,6 +28,11 @@
  */
 public enum AuthenticationLevel
 {
+	/**
+	 * Invalid authentication type
+	 */
+	INVALID(-1, "invalid" ),
+	
     /**
      * No authentication (anonymous access)
      */



Mime
View raw message