directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r924314 [3/3] - in /directory/apacheds/trunk/core-integ: ./ src/main/java/org/apache/directory/server/core/integ/ src/test/java/org/apache/directory/server/core/authz/ src/test/java/org/apache/directory/server/core/suites/
Date Wed, 17 Mar 2010 14:41:35 GMT
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
Wed Mar 17 14:41:34 2010
@@ -27,35 +27,33 @@ import static org.apache.directory.serve
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.deleteAccessControlSubentry;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
 
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.naming.Name;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.LdapContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.SearchResponse;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoSuchObjectException;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.cursor.Cursor;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.filter.SearchScope;
 import org.apache.directory.shared.ldap.name.DN;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -68,23 +66,36 @@ import org.junit.runner.RunWith;
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$
  */
-@RunWith ( FrameworkRunner.class )
+@RunWith(FrameworkRunner.class)
+//@CreateDS( enableAccessControl=true, name="SearchAuthorizationIT" )
+//@CreateLdapServer( 
+//    transports = 
+//        {
+//          @CreateTransport( protocol = "LDAP" )
+//        }
+//)
 public class SearchAuthorizationIT extends AbstractLdapTestUnit
 {
 
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
+        AutzIntegUtils.ldapServer = ldapServer;
+    }
+
+    @After
+    public void closeConnections()
+    {
+        IntegrationUtils.closeConections();
     }
     
     
     /**
-     * The search results of tests are added to this map via put (<String, SearchResult>)
+     * The search results of tests are added to this map via put (<String, Entry>)
      * the map is also cleared before each search test.  This allows further inspections
      * of the results for more specific test cases.
      */
-    private Map<String, SearchResult> results = new HashMap<String, SearchResult>();
+    private Map<String, Entry> results = new HashMap<String, Entry>();
 
 
     /**
@@ -94,39 +105,42 @@ public class SearchAuthorizationIT exten
      * @param count the number of entries to produce
      * @return an array of entries with length = count
      */
-    private Attributes[] getTestNodes( final int count )
+    private Entry[] getTestNodes( final int count )
     {
-        Attributes[] attributes = new Attributes[count];
+        Entry[] attributes = new DefaultClientEntry[count];
         for ( int ii = 0; ii < count; ii++ )
         {
-            attributes[ii] = new BasicAttributes( true );
-            Attribute oc = new BasicAttribute( "objectClass" );
-            oc.add( "top" );
-            oc.add( "organizationalUnit" );
-            attributes[ii].put( oc );
-            Attribute ou = new BasicAttribute( "ou" );
-            ou.add( String.valueOf( ii ) );
-            ou.add( "testEntry" );
-            attributes[ii].put( ou );
-            attributes[ii].put( "telephoneNumber", String.valueOf( count ) );
+            try
+            {
+                attributes[ii] = new DefaultClientEntry();
+                attributes[ii].add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit"
);
+                attributes[ii].add( SchemaConstants.OU_AT, String.valueOf( ii ) );
+                attributes[ii].add( SchemaConstants.OU_AT, "testEntry" );
+                attributes[ii].add( "telephoneNumber", String.valueOf( count ) );
+            }
+            catch ( Exception e )
+            {
+                e.printStackTrace();
+            }
         }
 
         return attributes;
     }
 
 
-    private void recursivelyAddSearchData( Name parent, Attributes[] children, final long
sizeLimit, long[] count )
+    private void recursivelyAddSearchData( DN parent, Entry[] children, final long sizeLimit,
long[] count )
         throws Exception
     {
-        Name[] childRdns = new Name[children.length];
-        
+        DN[] childRdns = new DN[children.length];
+
         for ( int i = 0; ( i < children.length ) && ( count[0] < sizeLimit
); i++ )
         {
-            Name childRdn = new DN();
+            DN childRdn = new DN();
             childRdn.addAll( parent );
             childRdn.add( "ou=" + i );
             childRdns[i] = childRdn;
-            getSystemContext( service ).createSubcontext( childRdn, children[i] );
+            children[i].setDn( childRdn );
+            getAdminConnection().add( children[i] );
             count[0]++;
         }
 
@@ -152,16 +166,20 @@ public class SearchAuthorizationIT exten
      * @param branchingFactor how to brach the data
      * @param sizelimit the amount of entries 
      * @return the immediate child node created under parent which contains the subtree
-     * @throws NamingException on error
+     * @throws Exception on error
      */
-    private Name addSearchData( Name parent, int branchingFactor, long sizelimit ) throws
Exception
+    private DN addSearchData( DN parent, int branchingFactor, long sizelimit ) throws Exception
     {
-        parent = ( Name ) parent.clone();
-        parent.add( "ou=tests" );
-        getSystemContext( service ).createSubcontext( parent, getTestNodes( 1 )[0] );
-        recursivelyAddSearchData( parent, getTestNodes( branchingFactor ), sizelimit, new
long[]
+        DN base = new DN( "ou=tests," + parent.getName() );
+        Entry entry = getTestNodes( 1 )[0];
+        entry.add( SchemaConstants.OU_AT, "tests" );
+        entry.setDn( base );
+
+        getAdminConnection().add( entry );
+
+        recursivelyAddSearchData( base, getTestNodes( branchingFactor ), sizelimit, new long[]
             { 1 } );
-        return parent;
+        return base;
     }
 
 
@@ -169,21 +187,22 @@ public class SearchAuthorizationIT exten
      * Recursively deletes all entries including the base specified.
      *
      * @param rdn the relative dn from ou=system of the entry to delete recursively
-     * @throws NamingException if there are problems deleting entries
+     * @throws Exception if there are problems deleting entries
      */
-    private void recursivelyDelete( Name rdn ) throws Exception
+    private void recursivelyDelete( DN rdn ) throws Exception
     {
-        LdapContext sysRoot = getSystemContext( service );
-        NamingEnumeration<SearchResult> results = sysRoot.search( rdn, "(objectClass=*)",
new SearchControls() );
-        
-        while ( results.hasMore() )
-        {
-            SearchResult result = results.next();
-            Name childRdn = new DN( result.getName() );
-            childRdn.remove( 0 );
+        LdapConnection sysRoot = getAdminConnection();
+        Cursor<SearchResponse> results = sysRoot.search( rdn.getName(), "(objectClass=*)",
SearchScope.ONELEVEL, "*" );
+
+        while ( results.next() )
+        {
+            SearchResultEntry result = ( SearchResultEntry ) results.get();
+            DN childRdn = result.getEntry().getDn();
             recursivelyDelete( childRdn );
         }
-        sysRoot.destroySubcontext( rdn );
+
+        results.close();
+        sysRoot.delete( rdn );
     }
 
 
@@ -194,11 +213,11 @@ public class SearchAuthorizationIT exten
      * @param uid the uid RDN attribute value for the user under ou=users,ou=system
      * @param password the password of the user
      * @return true if the search succeeds as expected, false otherwise
-     * @throws NamingException if there are problems conducting the search
+     * @throws Exception if there are problems conducting the search
      */
     private boolean checkCanSearchAs( String uid, String password ) throws Exception
     {
-        return checkCanSearchAs( uid, password, "(objectClass=*)", null, 3 );
+        return checkCanSearchAs( uid, password, "(objectClass=*)", SearchScope.ONELEVEL,
3 );
     }
 
 
@@ -211,11 +230,11 @@ public class SearchAuthorizationIT exten
      * @param password the password of the user
      * @param resultSetSz the expected size of the results
      * @return true if the search succeeds as expected, false otherwise
-     * @throws NamingException if there are problems conducting the search
+     * @throws Exception if there are problems conducting the search
      */
     private boolean checkCanSearchAs( String uid, String password, int resultSetSz ) throws
Exception
     {
-        return checkCanSearchAs( uid, password, "(objectClass=*)", null, resultSetSz );
+        return checkCanSearchAs( uid, password, "(objectClass=*)", SearchScope.ONELEVEL,
resultSetSz );
     }
 
 
@@ -226,15 +245,15 @@ public class SearchAuthorizationIT exten
      *
      * @param uid the uid RDN attribute value for the user under ou=users,ou=system
      * @param password the password of the user
-     * @param cons search controls
+     * @param scope search controls
      * @param resultSetSz the expected size of the results
      * @return true if the search succeeds as expected, false otherwise
-     * @throws NamingException if there are problems conducting the search
+     * @throws Exception if there are problems conducting the search
      */
-    private boolean checkCanSearchAs( String uid, String password, SearchControls cons, int
resultSetSz )
+    private boolean checkCanSearchAs( String uid, String password, SearchScope scope, int
resultSetSz )
         throws Exception
     {
-        return checkCanSearchAs( uid, password, "(objectClass=*)", cons, resultSetSz );
+        return checkCanSearchAs( uid, password, "(objectClass=*)", scope, resultSetSz );
     }
 
 
@@ -245,44 +264,34 @@ public class SearchAuthorizationIT exten
      * @param uid the uid RDN attribute value for the user under ou=users,ou=system
      * @param password the password of the user
      * @param filter the search filter to use
-     * @param cons search controls
+     * @param scope search scope
      * @param resultSetSz the expected size of the results
      * @return true if the search succeeds as expected, false otherwise
-     * @throws NamingException if there are problems conducting the search
+     * @throws Exception if there are problems conducting the search
      */
-    private boolean checkCanSearchAs( String uid, String password, String filter, SearchControls
cons, int resultSetSz )
+    private boolean checkCanSearchAs( String uid, String password, String filter, SearchScope
scope, int resultSetSz )
         throws Exception
     {
-        if ( cons == null )
-        {
-            cons = new SearchControls();
-        }
 
-        Name base = addSearchData( new DN(), 3, 10 );
-        Name userDn = new DN( "uid=" + uid + ",ou=users,ou=system" );
-        try
-        {
-            results.clear();
-            DirContext userCtx = getContextAs( userDn, password );
-            NamingEnumeration<SearchResult> list = userCtx.search( base, filter, cons
);
-            int counter = 0;
-            
-            while ( list.hasMore() )
-            {
-                SearchResult result = list.next();
-                results.put( result.getName(), result );
-                counter++;
-            }
-            return counter == resultSetSz;
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            return false;
-        }
-        finally
+        DN base = addSearchData( new DN( "ou=system" ), 3, 10 );
+        DN userDn = new DN( "uid=" + uid + ",ou=users,ou=system" );
+        results.clear();
+        LdapConnection userCtx = getConnectionAs( userDn, password );
+        Cursor<SearchResponse> cursor = userCtx.search( base.getName(), filter, scope,
"*" );
+        int counter = 0;
+
+        while ( cursor.next() )
         {
-            recursivelyDelete( base );
+            Entry result = ( ( SearchResultEntry ) cursor.get() ).getEntry();
+            results.put( result.getDn().getName(), result );
+            counter++;
         }
+
+        cursor.close();
+
+        recursivelyDelete( base );
+
+        return counter == resultSetSz;
     }
 
 
@@ -292,47 +301,35 @@ public class SearchAuthorizationIT exten
      *
      * @param uid the uid RDN attribute value for the user under ou=users,ou=system
      * @param password the password of the user
-     * @param cons the search controls
-     * @param rdn the rdn
+     * @param scope the search controls
+     * @param dn the rdn
      * @param aci the aci
      * @param resultSetSz the result sz
      * @return true if the search succeeds as expected, false otherwise
-     * @throws NamingException if there are problems conducting the search
+     * @throws Exception if there are problems conducting the search
      */
-    private boolean checkSearchAsWithEntryACI( String uid, String password, SearchControls
cons, Name rdn, String aci,
+    private boolean checkSearchAsWithEntryACI( String uid, String password, SearchScope scope,
DN dn, String aci,
         int resultSetSz ) throws Exception
     {
-        if ( cons == null )
-        {
-            cons = new SearchControls();
-        }
+        DN base = addSearchData( dn, 3, 10 );
+        addEntryACI( base, aci );
+        DN userDn = new DN( "uid=" + uid + ",ou=users,ou=system" );
+
+        results.clear();
+        LdapConnection userCtx = getConnectionAs( userDn, password );
+        Cursor<SearchResponse> cursor = userCtx.search( base.getName(), "(objectClass=*)",
scope, "*" );
+        int counter = 0;
 
-        Name base = addSearchData( new DN(), 3, 10 );
-        addEntryACI( rdn, aci );
-        Name userDn = new DN( "uid=" + uid + ",ou=users,ou=system" );
-        try
-        {
-            results.clear();
-            DirContext userCtx = getContextAs( userDn, password );
-            NamingEnumeration<SearchResult> list = userCtx.search( base, "(objectClass=*)",
cons );
-            int counter = 0;
-            
-            while ( list.hasMore() )
-            {
-                SearchResult result = list.next();
-                results.put( result.getName(), result );
-                counter++;
-            }
-            return counter == resultSetSz;
-        }
-        catch ( LdapNoPermissionException e )
+        while ( cursor.next() )
         {
-            return false;
-        }
-        finally
-        {
-            recursivelyDelete( base );
+            Entry result = ( ( SearchResultEntry ) cursor.get() ).getEntry();
+            results.put( result.getDn().getName(), result );
+            counter++;
         }
+
+        recursivelyDelete( base );
+
+        return counter == resultSetSz;
     }
 
 
@@ -340,36 +337,30 @@ public class SearchAuthorizationIT exten
      * Checks to see that the addSearchData() and the recursiveDelete()
      * functions in this test work properly.
      *
-     * @throws NamingException if there is a problem with the implementation of
+     * @throws Exception if there is a problem with the implementation of
      * these utility functions
      */
     @Test
     public void testAddSearchData() throws Exception
     {
-        LdapContext sysRoot = getSystemContext( service );
-        Name base = addSearchData( new DN(), 3, 10 );
-        SearchControls controls = new SearchControls();
-        controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        NamingEnumeration<SearchResult> results = sysRoot.search( base, "(objectClass=*)",
controls );
+        LdapConnection connection = getAdminConnection();
+        DN base = addSearchData( new DN( "ou=system" ), 3, 10 );
+
+        Cursor<SearchResponse> results = connection
+            .search( base.getName(), "(objectClass=*)", SearchScope.SUBTREE, "+" );
         int counter = 0;
-        
-        while ( results.hasMore() )
+
+        while ( results.next() )
         {
-            results.next();
+            results.get();
             counter++;
         }
 
         assertEquals( 10, counter );
         recursivelyDelete( base );
         //noinspection EmptyCatchBlock
-        try
-        {
-            sysRoot.lookup( base );
-            fail();
-        }
-        catch ( LdapNoSuchObjectException e )
-        {
-        }
+        SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( base.getName()
);
+        assertNull( entry );
     }
 
 
@@ -380,7 +371,7 @@ public class SearchAuthorizationIT exten
     /**
      * Checks to make sure group membership based userClass works for add operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantAdministrators() throws Exception
@@ -414,7 +405,7 @@ public class SearchAuthorizationIT exten
     /**
      * Checks to make sure name based userClass works for search operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantSearchByName() throws Exception
@@ -441,7 +432,7 @@ public class SearchAuthorizationIT exten
      * Checks to make sure name based userClass works for search operations
      * when we vary the case of the DN.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantSearchByNameUserDnCase() throws Exception
@@ -467,7 +458,7 @@ public class SearchAuthorizationIT exten
     /**
      * Checks to make sure subtree based userClass works for search operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantSearchBySubtree() throws Exception
@@ -493,7 +484,7 @@ public class SearchAuthorizationIT exten
     /**
      * Checks to make sure <b>allUsers</b> userClass works for search operations.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testGrantSearchAllUsers() throws Exception
@@ -524,7 +515,7 @@ public class SearchAuthorizationIT exten
      * Checks to make sure search does not return entries not assigned the
      * perscriptiveACI and that it does not fail with an exception.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testSelectiveGrantsAllUsers() throws Exception
@@ -533,9 +524,7 @@ public class SearchAuthorizationIT exten
         createUser( "billyd", "billyd" );
 
         // try an add operation which should fail without any ACI
-        SearchControls cons = new SearchControls();
-        cons.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        assertFalse( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
+        assertFalse( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
         // down two more rdns for DNs of a max size of 3
@@ -547,7 +536,7 @@ public class SearchAuthorizationIT exten
 
         // see if we can now add that test entry which we could not before
         // should work now with billyd now that all users are authorized
-        assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
+        assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
     }
 
 
@@ -555,7 +544,7 @@ public class SearchAuthorizationIT exten
      * Checks to make sure attributeTypes are not present when permissions are
      * not given for reading them and their values.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testHidingAttributes() throws Exception
@@ -564,9 +553,7 @@ public class SearchAuthorizationIT exten
         createUser( "billyd", "billyd" );
 
         // try an add operation which should fail without any ACI
-        SearchControls cons = new SearchControls();
-        cons.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        assertFalse( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
+        assertFalse( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
 
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  It only grants access to
@@ -578,12 +565,12 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // see if we can now add that search and find 4 entries
-        assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
+        assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
 
         // check to make sure the telephoneNumber attribute is not present in results
-        for ( SearchResult result : results.values() )
+        for ( Entry result : results.values() )
         {
-            assertNull( result.getAttributes().get( "telephoneNumber" ) );
+            assertNull( result.get( "telephoneNumber" ) );
         }
 
         // delete the subentry to test more general rule's inclusion of telephoneNumber
@@ -599,12 +586,12 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // again we should find four entries
-        assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 4 ) );
+        assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
 
         // check now to make sure the telephoneNumber attribute is present in results
-        for ( SearchResult result : results.values() )
+        for ( Entry result : results.values() )
         {
-            assertNotNull( result.getAttributes().get( "telephoneNumber" ) );
+            assertNotNull( result.get( "telephoneNumber" ) );
         }
     }
 
@@ -613,7 +600,7 @@ public class SearchAuthorizationIT exten
      * Checks to make sure specific attribute values are not present when
      * read permission is denied.
      *
-     * @throws javax.naming.NamingException if the test encounters an error
+     * @throws Exception if the test encounters an error
      */
     @Test
     public void testHidingAttributeValues() throws Exception
@@ -644,9 +631,9 @@ public class SearchAuthorizationIT exten
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
 
         // check to make sure the ou attribute value "testEntry" is not present in results
-        for ( SearchResult result : results.values() )
+        for ( Entry result : results.values() )
         {
-            assertFalse( result.getAttributes().get( "ou" ).contains( "testEntry" ) );
+            assertFalse( result.get( "ou" ).contains( "testEntry" ) );
         }
 
         // delete the subentry to test more general rule's inclusion of all values
@@ -665,9 +652,9 @@ public class SearchAuthorizationIT exten
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
 
         // check now to make sure the telephoneNumber attribute is present in results
-        for ( SearchResult result : results.values() )
+        for ( Entry result : results.values() )
         {
-            assertTrue( result.getAttributes().get( "ou" ).contains( "testEntry" ) );
+            assertTrue( result.get( "ou" ).contains( "testEntry" ) );
         }
     }
 
@@ -677,7 +664,7 @@ public class SearchAuthorizationIT exten
      * to deny read, browse and returnDN to a specific entry and checks to make sure
      * that entry cannot be accessed via search as a specific user.
      *
-     * @throws NamingException if the test is broken
+     * @throws Exception if the test is broken
      */
     @Test
     public void testPerscriptiveGrantWithEntryDenial() throws Exception
@@ -692,10 +679,9 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
 
         // try a search operation which should fail without any prescriptive ACI
-        SearchControls cons = new SearchControls();
-        cons.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        DN rdn = new DN( "ou=tests" );
-        assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
+        DN testsDn = new DN( "ou=system" );
+
+        assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE,
testsDn, aci, 9 ) );
 
         // now add a subentry that enables anyone to search below ou=system
         createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\",
" + "precedence 14, "
@@ -706,11 +692,11 @@ public class SearchAuthorizationIT exten
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
         // we should NOT see the entry we are about to deny access to
-        assertTrue( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
+        assertTrue( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn,
aci, 9 ) );
         assertNull( results.get( "ou=tests,ou=system" ) );
 
         // try without the entry ACI .. just perscriptive and see ou=tests,ou=system
-        assertTrue( checkCanSearchAs( "billyd", "billyd", cons, 10 ) );
+        assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 10 ) );
         assertNotNull( results.get( "ou=tests,ou=system" ) );
     }
 
@@ -721,7 +707,7 @@ public class SearchAuthorizationIT exten
      * that entry cannot be accessed via search as a specific user.  Here the
      * precidence of the ACI is put to the test.
      *
-     * @throws NamingException if the test is broken
+     * @throws Exception if the test is broken
      */
     @Test
     public void testPerscriptiveGrantWithEntryDenialWithPrecidence() throws Exception
@@ -736,10 +722,9 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }";
 
         // try a search operation which should fail without any prescriptive ACI
-        SearchControls cons = new SearchControls();
-        cons.setSearchScope( SearchControls.SUBTREE_SCOPE );
-        DN rdn = new DN( "ou=tests" );
-        assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
+        DN testsDn = new DN( "ou=system" );
+
+        assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE,
testsDn, aci, 9 ) );
 
         // now add a subentry that enables anyone to search below ou=system
         createAccessControlSubentry( "anybodySearch", "{ " + "identificationTag \"searchAci\",
" + "precedence 15, "
@@ -752,7 +737,7 @@ public class SearchAuthorizationIT exten
         // we should also see the entry we are about to deny access to
         // we see it because the precidence of the grant is greater
         // than the precedence of the denial
-        assertTrue( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 10 ) );
+        assertTrue( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn,
aci, 10 ) );
         assertNotNull( results.get( "ou=tests,ou=system" ) );
 
         // now add an entryACI denies browse, read and returnDN to a specific entry
@@ -767,7 +752,7 @@ public class SearchAuthorizationIT exten
         // we should NOT see the entry we are about to deny access to
         // we do NOT see it because the precidence of the grant is less
         // than the precedence of the denial - so the denial wins
-        assertTrue( checkSearchAsWithEntryACI( "billyd", "billyd", cons, rdn, aci, 9 ) );
+        assertTrue( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn,
aci, 9 ) );
         assertNull( results.get( "ou=tests,ou=system" ) );
     }
 
@@ -777,41 +762,24 @@ public class SearchAuthorizationIT exten
      *
      * @param uid the uid RDN attribute value of the user to perform the search as
      * @param password the password of the user
-     * @param rdn the relative name to the subentry under the ou=system AP
+     * @param dn the relative name to the subentry under the ou=system AP
      * @return the single search result if access is allowed or null
-     * @throws NamingException if the search fails w/ exception other than no permission
+     * @throws Exception if the search fails w/ exception other than no permission
      */
-    private SearchResult checkCanSearhSubentryAs( String uid, String password, Name rdn )
throws Exception
+    private SearchResultEntry checkCanSearhSubentryAs( String uid, String password, DN dn
) throws Exception
     {
-        DirContext userCtx = getContextAs( new DN( "uid=" + uid + ",ou=users,ou=system" ),
password );
-        SearchControls cons = new SearchControls();
-        cons.setSearchScope( SearchControls.OBJECT_SCOPE );
-        SearchResult result = null;
-        NamingEnumeration<SearchResult> list = null;
+        LdapConnection userCtx = getConnectionAs( new DN( "uid=" + uid + ",ou=users,ou=system"
), password );
+        SearchResultEntry result = null;
+        Cursor<SearchResponse> list = null;
 
-        //noinspection EmptyCatchBlock
-        try
+        list = userCtx.search( dn.getName(), "(objectClass=*)", SearchScope.OBJECT, "*" );
+        if ( list.next() )
         {
-            list = userCtx.search( rdn, "(objectClass=*)", cons );
-            if ( list.hasMore() )
-            {
-                result = list.next();
-                list.close();
-                return result;
-            }
-        }
-        catch ( LdapNoPermissionException e )
-        {
-            return null;
-        }
-        finally
-        {
-            if ( list != null )
-            {
-                list.close();
-            }
+            result = ( SearchResultEntry ) list.get();
         }
 
+        list.close();
+
         return result;
     }
 
@@ -829,7 +797,7 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // check and see if we can access the subentry now
-        assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "cn=anybodySearch"
) ) );
+        assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "cn=anybodySearch,ou=system"
) ) );
 
         // now add a denial to prevent all users except the admin from accessing the subentry
         addSubentryACI( "{ " + "identificationTag \"searchAci\", " + "precedence 14, " +
"authenticationLevel none, "
@@ -838,7 +806,7 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }" );
 
         // now we should not be able to access the subentry with a search
-        assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "cn=anybodySearch"
) ) );
+        assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "cn=anybodySearch,ou=system"
) ) );
     }
 
 
@@ -857,18 +825,11 @@ public class SearchAuthorizationIT exten
                 + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError
} } } } }" );
 
         // get a context as the user and try a lookup of a non-existant entry under ou=groups,ou=system
-        DirContext userCtx = getContextAs( new DN( "uid=billyd,ou=users,ou=system" ), "billyd"
);
-        try
-        {
-            userCtx.lookup( "cn=blah,ou=groups" );
-        }
-        catch ( NamingException e )
-        {
-            Name matched = e.getResolvedName();
+        LdapConnection userCtx = getConnectionAs( "uid=billyd,ou=users,ou=system", "billyd"
);
 
-            // we should not see ou=groups,ou=system for the remaining name
-            assertEquals( matched.toString(), "ou=system" );
-        }
+        // we should not see ou=groups,ou=system for the remaining name
+        SearchResultEntry entry = ( SearchResultEntry ) userCtx.lookup( "cn=blah,ou=groups"
);
+        assertNull( entry );
 
         // now delete and replace subentry with one that does not excluse ou=groups,ou=system
         deleteAccessControlSubentry( "selectiveDiscloseOnError" );
@@ -879,50 +840,43 @@ public class SearchAuthorizationIT exten
             + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError
} } } } }" );
 
         // now try a lookup of a non-existant entry under ou=groups,ou=system again
-        try
-        {
-            userCtx.lookup( "cn=blah,ou=groups" );
-        }
-        catch ( NamingException e )
-        {
-            Name matched = e.getResolvedName();
-
-            // we should not see ou=groups,ou=system for the remaining name
-            assertEquals( matched.toString(), "ou=groups,ou=system" );
-        }
+        entry = ( SearchResultEntry ) userCtx.lookup( "cn=blah,ou=groups" );
+        assertNull( entry );
     }
-    
+
+
     @Test
     public void testUserClassParentOfEntry() throws Exception
     {
         // create the non-admin user
         createUser( "billyd", "billyd" );
-        
+
         // create an entry subordinate to the user
-        DirContext billydCtx = AutzIntegUtils.getContextAsAdmin("uid=billyd,ou=users,ou=system");
-        Attributes phoneBook = new BasicAttributes( "ou", "phoneBook", true );
-        Attribute objectClass = new BasicAttribute( "objectClass" );
-        phoneBook.put( objectClass );
-        objectClass.add( "top" );
-        objectClass.add( "organizationalUnit" );
-        billydCtx.createSubcontext( "ou=phoneBook", phoneBook );
+        Entry phoneBook = new DefaultClientEntry( new DN( "ou=phoneBook,uid=billyd,ou=users,ou=system"
) );
+        phoneBook.add( SchemaConstants.OU_AT, "phoneBook" );
+        phoneBook.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+
+        getAdminConnection().add( phoneBook );
 
         // now add a subentry that enables anyone to search below their own entries
-        createAccessControlSubentry( "anybodySearchTheirSubordinates", "{ " + "identificationTag
\"searchAci\", " + "precedence 14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses
{ allUsers }, "
-            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues},
"
+        createAccessControlSubentry( "anybodySearchTheirSubordinates", "{ " + "identificationTag
\"searchAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst:
{ "
+            + "userClasses { allUsers }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
             + "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" );
 
         // check and see if we can access the subentry now
-        assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "ou=phoneBook,uid=billyd,ou=users"
) ) );
+        assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN(
+            "ou=phoneBook,uid=billyd,ou=users,ou=system" ) ) );
 
         // now add a denial to prevent all users except the admin from accessing the subentry
-        addPrescriptiveACI( "anybodySearchTheirSubordinates", "{ " + "identificationTag \"anybodyDontSearchTheirSubordinates\",
" + "precedence 14, " + "authenticationLevel none, "
-            + "itemOrUserFirst userFirst: { " + "userClasses { parentOfEntry }, " + "userPermissions
{ { "
-            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+        addPrescriptiveACI( "anybodySearchTheirSubordinates", "{ "
+            + "identificationTag \"anybodyDontSearchTheirSubordinates\", " + "precedence
14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses
{ parentOfEntry }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues},
"
             + "grantsAndDenials { denyRead, denyReturnDN, denyBrowse } } } } }" );
 
         // now we should not be able to access the subentry with a search
-        assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "ou=phoneBook,uid=billyd,ou=users"
) ) );
+        assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "ou=phoneBook,uid=billyd,ou=users,ou=system"
) ) );
     }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/suites/AuthzISuite.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/suites/AuthzISuite.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/suites/AuthzISuite.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/suites/AuthzISuite.java
Wed Mar 17 14:41:34 2010
@@ -19,6 +19,8 @@
 package org.apache.directory.server.core.suites;
 
 
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.authz.AddAuthorizationIT;
 import org.apache.directory.server.core.authz.AdministratorsGroupIT;
@@ -44,6 +46,12 @@ import org.junit.runners.Suite;
  */
 @RunWith ( FrameworkSuite.class )
 @CreateDS( enableAccessControl=true, name="AuthzISuite" )
+@CreateLdapServer( 
+    transports = 
+        {
+          @CreateTransport( protocol = "LDAP" )
+        }
+)
 @Suite.SuiteClasses ( {
         AddAuthorizationIT.class,
         AuthorizationServiceAsAdminIT.class,



Mime
View raw message