Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 3848 invoked from network); 30 Nov 2010 20:03:18 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 30 Nov 2010 20:03:18 -0000 Received: (qmail 54295 invoked by uid 500); 30 Nov 2010 20:03:18 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 54244 invoked by uid 500); 30 Nov 2010 20:03:18 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 54236 invoked by uid 99); 30 Nov 2010 20:03:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Nov 2010 20:03:18 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Nov 2010 20:03:13 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 8ABFE23889ED; Tue, 30 Nov 2010 20:01:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1040746 - in /directory/apacheds/branches/antoine: core-annotations/src/main/java/org/apache/directory/server/core/annotations/ core-annotations/src/main/java/org/apache/directory/server/core/factory/ core/src/main/java/org/apache/director... Date: Tue, 30 Nov 2010 20:01:39 -0000 To: commits@directory.apache.org From: antoine@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101130200139.8ABFE23889ED@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: antoine Date: Tue Nov 30 20:01:38 2010 New Revision: 1040746 URL: http://svn.apache.org/viewvc?rev=1040746&view=rev Log: adding one test for delegating authentication Added: directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthIT.java Modified: directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java directory/apacheds/branches/antoine/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java directory/apacheds/branches/antoine/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java Added: directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java?rev=1040746&view=auto ============================================================================== --- directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java (added) +++ directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateAuthenticator.java Tue Nov 30 20:01:38 2010 @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.directory.server.core.annotations; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import org.apache.directory.server.core.authn.AnonymousAuthenticator; +import org.apache.directory.server.core.authn.Authenticator; + +/** + * An authenticator creation + * a name and a suffix, plus some other characteristics. Here is an example : + * 
+ * @CreateAuthenticator(
+ *     type = "org.apache.directory.server.core.authn.StrongAuthenticator"
+ *     )
+ * )
+ *
+ * + * @author Apache Directory Project + */ +@Retention(RetentionPolicy.RUNTIME) +@Target( {ElementType.METHOD, ElementType.TYPE } ) +public @interface CreateAuthenticator +{ + /** The authenticator implementation class */ + Class type() default AnonymousAuthenticator.class; + /** Delegate host, use for testing DelegatingAuthenticator */ + String delegateHost(); + /** Delegate port, use for testing DelegatingAuthenticator */ + int delegatePort(); + +} Modified: directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java?rev=1040746&r1=1040745&r2=1040746&view=diff ============================================================================== --- directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java (original) +++ directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/annotations/CreateDS.java Tue Nov 30 20:01:38 2010 @@ -54,4 +54,7 @@ public @interface CreateDS /** additional interceptors */ Class[] additionalInterceptors() default {}; + + /** additional authenticators */ + CreateAuthenticator[] additionalAuthenticators() default {}; } Modified: directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java?rev=1040746&r1=1040745&r2=1040746&view=diff ============================================================================== --- directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java (original) +++ directory/apacheds/branches/antoine/core-annotations/src/main/java/org/apache/directory/server/core/factory/DSAnnotationProcessor.java Tue Nov 30 20:01:38 2010 @@ -24,14 +24,19 @@ import java.io.FileNotFoundException; import java.io.InputStream; import java.lang.reflect.Method; import java.util.List; +import java.util.Set; import org.apache.directory.server.core.DirectoryService; import org.apache.directory.server.core.annotations.ApplyLdifFiles; import org.apache.directory.server.core.annotations.ApplyLdifs; import org.apache.directory.server.core.annotations.ContextEntry; +import org.apache.directory.server.core.annotations.CreateAuthenticator; import org.apache.directory.server.core.annotations.CreateDS; import org.apache.directory.server.core.annotations.CreateIndex; import org.apache.directory.server.core.annotations.CreatePartition; +import org.apache.directory.server.core.authn.AuthenticationInterceptor; +import org.apache.directory.server.core.authn.Authenticator; +import org.apache.directory.server.core.authn.DelegatingAuthenticator; import org.apache.directory.server.core.interceptor.Interceptor; import org.apache.directory.server.core.partition.Partition; import org.apache.directory.server.core.partition.impl.btree.BTreePartition; @@ -49,23 +54,27 @@ import org.slf4j.LoggerFactory; /** * A Helper class used to create a DS from the annotations - * - * @author Apache Directory Project + * + * @author Apache Directory + * Project */ public class DSAnnotationProcessor { /** A logger for this class */ - private static final Logger LOG = LoggerFactory.getLogger( DSAnnotationProcessor.class ); + private static final Logger LOG = LoggerFactory + .getLogger( DSAnnotationProcessor.class ); /** * Create the DirectoryService */ - private static DirectoryService createDS( CreateDS dsBuilder ) throws Exception + private static DirectoryService createDS( CreateDS dsBuilder ) + throws Exception { LOG.debug( "Starting DS {}...", dsBuilder.name() ); Class factory = dsBuilder.factory(); - DirectoryServiceFactory dsf = ( DirectoryServiceFactory ) factory.newInstance(); + DirectoryServiceFactory dsf = ( DirectoryServiceFactory ) factory + .newInstance(); DirectoryService service = dsf.getDirectoryService(); service.setAccessControlEnabled( dsBuilder.enableAccessControl() ); @@ -78,6 +87,38 @@ public class DSAnnotationProcessor interceptorList.add( ( Interceptor ) interceptorClass.newInstance() ); } + if ( dsBuilder.additionalAuthenticators().length != 0 ) + { + AuthenticationInterceptor authenticationInterceptor = null; + for ( Interceptor interceptor : interceptorList ) + { + if ( interceptor instanceof AuthenticationInterceptor ) + { + authenticationInterceptor = ( AuthenticationInterceptor ) interceptor; + break; + } + } + if ( authenticationInterceptor == null ) + { + throw new IllegalStateException( + "authentication interceptor not found" ); + } + Set authenticators = authenticationInterceptor + .getAuthenticators(); + for ( CreateAuthenticator createAuthenticator : dsBuilder + .additionalAuthenticators() ) + { + Authenticator auth = createAuthenticator.type().newInstance(); + if ( auth instanceof DelegatingAuthenticator ) + { + DelegatingAuthenticator dauth = ( DelegatingAuthenticator ) auth; + dauth.setDelegateHost( createAuthenticator.delegateHost() ); + dauth.setDelegatePort( createAuthenticator.delegatePort() ); + } + authenticators.add( auth ); + } + } + service.setInterceptors( interceptorList ); dsf.init( dsBuilder.name() ); @@ -91,20 +132,25 @@ public class DSAnnotationProcessor if ( createPartition.type() == Partition.class ) { // The annotation does not specify a specific partition type. - // We use the partition factory to create partition and index instances. + // We use the partition factory to create partition and index + // instances. PartitionFactory partitionFactory = dsf.getPartitionFactory(); - partition = partitionFactory.createPartition( createPartition.name(), createPartition.suffix(), - createPartition.cacheSize(), new File( service.getInstanceLayout().getPartitionsDirectory(), createPartition.name() ) ); + partition = partitionFactory.createPartition( createPartition + .name(), createPartition.suffix(), createPartition + .cacheSize(), new File( service.getInstanceLayout() + .getPartitionsDirectory(), createPartition.name() ) ); CreateIndex[] indexes = createPartition.indexes(); for ( CreateIndex createIndex : indexes ) { - partitionFactory.addIndex( partition, createIndex.attribute(), createIndex.cacheSize() ); + partitionFactory.addIndex( partition, + createIndex.attribute(), createIndex.cacheSize() ); } } else { - // The annotation contains a specific partition type, we use that type. + // The annotation contains a specific partition type, we use + // that type. partition = createPartition.type().newInstance(); partition.setId( createPartition.name() ); partition.setSuffix( new DN( createPartition.suffix() ) ); @@ -113,18 +159,21 @@ public class DSAnnotationProcessor { BTreePartition btreePartition = ( BTreePartition ) partition; btreePartition.setCacheSize( createPartition.cacheSize() ); - btreePartition.setPartitionDir( new File( service.getInstanceLayout().getPartitionsDirectory(), createPartition.name() ) ); + btreePartition.setPartitionDir( new File( service + .getInstanceLayout().getPartitionsDirectory(), + createPartition.name() ) ); // Process the indexes if any CreateIndex[] indexes = createPartition.indexes(); for ( CreateIndex createIndex : indexes ) { - // The annotation does not specify a specific index type. + // The annotation does not specify a specific index + // type. // We use the generic index implementation. JdbmIndex index = new JdbmIndex(); index.setAttributeId( createIndex.attribute() ); - + btreePartition.addIndexedAttributes( index ); } } @@ -150,11 +199,14 @@ public class DSAnnotationProcessor /** * Create a DirectoryService from a Unit test annotation - * - * @param description The annotations containing the info from which we will create the DS + * + * @param description + * The annotations containing the info from which we will create + * the DS * @return A valid DS */ - public static DirectoryService getDirectoryService( Description description ) throws Exception + public static DirectoryService getDirectoryService( Description description ) + throws Exception { CreateDS dsBuilder = description.getAnnotation( CreateDS.class ); @@ -171,11 +223,11 @@ public class DSAnnotationProcessor /** - * Create a DirectoryService from an annotation. The @CreateDS annotation must - * be associated with either the method or the encapsulating class. We will first - * try to get the annotation from the method, and if there is none, then we try - * at the class level. - * + * Create a DirectoryService from an annotation. The @CreateDS annotation + * must be associated with either the method or the encapsulating class. We + * will first try to get the annotation from the method, and if there is + * none, then we try at the class level. + * * @return A valid DS */ public static DirectoryService getDirectoryService() throws Exception @@ -185,7 +237,8 @@ public class DSAnnotationProcessor // Get the caller by inspecting the stackTrace StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace(); - // In Java5 the 0th stacktrace element is: java.lang.Thread.dumpThreads(Native Method) + // In Java5 the 0th stacktrace element is: + // java.lang.Thread.dumpThreads(Native Method) int index = stackTrace[0].getMethodName().equals( "dumpThreads" ) ? 3 : 2; // Get the enclosing class @@ -224,19 +277,25 @@ public class DSAnnotationProcessor /** * injects an LDIF entry in the given DirectoryService * - * @param entry the LdifEntry to be injected - * @param service the DirectoryService + * @param entry + * the LdifEntry to be injected + * @param service + * the DirectoryService * @throws Exception */ - private static void injectEntry( LdifEntry entry, DirectoryService service ) throws LdapException + private static void injectEntry( LdifEntry entry, DirectoryService service ) + throws LdapException { if ( entry.isChangeAdd() || entry.isLdifContent() ) { - service.getAdminSession().add( new DefaultEntry( service.getSchemaManager(), entry.getEntry() ) ); + service.getAdminSession().add( + new DefaultEntry( service.getSchemaManager(), entry + .getEntry() ) ); } else if ( entry.isChangeModify() ) { - service.getAdminSession().modify( entry.getDn(), entry.getModificationItems() ); + service.getAdminSession().modify( entry.getDn(), + entry.getModificationItems() ); } else { @@ -249,20 +308,25 @@ public class DSAnnotationProcessor /** * injects the LDIF entries present in a LDIF file * - * @param service the DirectoryService - * @param ldifFiles the array of LDIF file names (only ) + * @param service + * the DirectoryService + * @param ldifFiles + * the array of LDIF file names (only ) * @throws Exception */ - public static void injectLdifFiles( Class clazz, DirectoryService service, String[] ldifFiles ) throws Exception + public static void injectLdifFiles( Class clazz, + DirectoryService service, String[] ldifFiles ) throws Exception { if ( ( ldifFiles != null ) && ( ldifFiles.length > 0 ) ) { for ( String ldifFile : ldifFiles ) { - InputStream is = clazz.getClassLoader().getResourceAsStream( ldifFile ); + InputStream is = clazz.getClassLoader().getResourceAsStream( + ldifFile ); if ( is == null ) { - throw new FileNotFoundException( "LDIF file '" + ldifFile + "' not found." ); + throw new FileNotFoundException( "LDIF file '" + ldifFile + + "' not found." ); } else { @@ -281,14 +345,17 @@ public class DSAnnotationProcessor /** - * Inject an ldif String into the server. DN must be relative to the - * root. - * - * @param service the directory service to use - * @param ldif the ldif containing entries to add to the server. - * @throws Exception if there is a problem adding the entries from the LDIF + * Inject an ldif String into the server. DN must be relative to the root. + * + * @param service + * the directory service to use + * @param ldif + * the ldif containing entries to add to the server. + * @throws Exception + * if there is a problem adding the entries from the LDIF */ - public static void injectEntries( DirectoryService service, String ldif ) throws Exception + public static void injectEntries( DirectoryService service, String ldif ) + throws Exception { LdifReader reader = new LdifReader(); List entries = reader.parseLdif( ldif ); @@ -306,18 +373,21 @@ public class DSAnnotationProcessor /** * Apply the LDIF entries to the given service */ - public static void applyLdifs( Description desc, DirectoryService service ) throws Exception + public static void applyLdifs( Description desc, DirectoryService service ) + throws Exception { if ( desc == null ) { return; } - ApplyLdifFiles applyLdifFiles = desc.getAnnotation( ApplyLdifFiles.class ); + ApplyLdifFiles applyLdifFiles = desc + .getAnnotation( ApplyLdifFiles.class ); if ( applyLdifFiles != null ) { - LOG.debug( "Applying {} to {}", applyLdifFiles.value(), desc.getDisplayName() ); + LOG.debug( "Applying {} to {}", applyLdifFiles.value(), + desc.getDisplayName() ); injectLdifFiles( desc.getClass(), service, applyLdifFiles.value() ); } Modified: directory/apacheds/branches/antoine/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java?rev=1040746&r1=1040745&r2=1040746&view=diff ============================================================================== --- directory/apacheds/branches/antoine/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java (original) +++ directory/apacheds/branches/antoine/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java Tue Nov 30 20:01:38 2010 @@ -1,5 +1,25 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ package org.apache.directory.server.core.authn; + import java.util.ArrayList; import java.util.List; @@ -17,6 +37,12 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.name.DN; import org.apache.directory.shared.ldap.util.StringTools; + +/** + * Authenticator delegating to another LDAP server. + * + * @author Apache Directory Project + */ public class DelegatingAuthenticator extends AbstractAuthenticator { /** @@ -28,7 +54,8 @@ public class DelegatingAuthenticator ext super( AuthenticationLevel.SIMPLE ); } - protected DelegatingAuthenticator(AuthenticationLevel type) + + protected DelegatingAuthenticator( AuthenticationLevel type ) { super( type ); } @@ -39,55 +66,74 @@ public class DelegatingAuthenticator ext private int delegatePort; private List dnPatterns = new ArrayList(); + public String getDelegateHost() { return delegateHost; } + public void setDelegateHost( String delegateHost ) { this.delegateHost = delegateHost; } + public int getDelegatePort() { return delegatePort; } + public void setDelegatePort( int delegatePort ) { this.delegatePort = delegatePort; } + public List getDnPatterns() { return dnPatterns; } + public void setDnPatterns( List dnPatterns ) { this.dnPatterns = dnPatterns; } + public LdapPrincipal authenticate( BindOperationContext bindContext ) throws Exception { - LdapPrincipal principal = null; + LdapPrincipal principal = null; if ( IS_DEBUG ) { LOG.debug( "Authenticating {}", bindContext.getDn() ); } - LdapConnection ldapConnection = LdapConnectionFactory.getNetworkConnection(delegateHost, delegatePort); - try { - BindResponse bindResponse = ldapConnection.bind(bindContext.getDn(), StringTools.utf8ToString( bindContext.getCredentials() )); - if (bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) { + LdapConnection ldapConnection = LdapConnectionFactory.getNetworkConnection( delegateHost, delegatePort ); + try + { + BindResponse bindResponse = ldapConnection.bind( bindContext.getDn(), + StringTools.utf8ToString( bindContext.getCredentials() ) ); + if ( bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS ) + { String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() ); LOG.info( message ); throw new LdapAuthenticationException( message ); } - // Create the new principal before storing it in the cache - principal = new LdapPrincipal( bindContext.getDn(), AuthenticationLevel.SIMPLE, bindContext.getCredentials() ); - } catch (LdapException e) { + else + { + // no need to remain bound to delegate host + ldapConnection.unBind(); + } + // Create the new principal + principal = new LdapPrincipal( bindContext.getDn(), AuthenticationLevel.SIMPLE, + bindContext.getCredentials() ); + + } + catch ( LdapException e ) + { // Bad password ... String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() ); LOG.info( message ); @@ -96,9 +142,10 @@ public class DelegatingAuthenticator ext return principal; } + public void checkPwdPolicy( Entry userEntry ) throws LdapException { - // TODO Auto-generated method stub + // no check for delegating authentication } @@ -111,7 +158,7 @@ public class DelegatingAuthenticator ext public void invalidateCache( DN bindDn ) { - // TODO Auto-generated method stub + // cache is not implemented here } Added: directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthIT.java?rev=1040746&view=auto ============================================================================== --- directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthIT.java (added) +++ directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/operations/bind/DelegatedAuthIT.java Tue Nov 30 20:01:38 2010 @@ -0,0 +1,125 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.operations.bind; + + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import org.apache.directory.ldap.client.api.LdapConnection; +import org.apache.directory.ldap.client.api.LdapConnectionFactory; +import org.apache.directory.server.annotations.CreateLdapServer; +import org.apache.directory.server.annotations.CreateTransport; +import org.apache.directory.server.core.annotations.ApplyLdifs; +import org.apache.directory.server.core.annotations.CreateAuthenticator; +import org.apache.directory.server.core.annotations.CreateDS; +import org.apache.directory.server.core.authn.DelegatingAuthenticator; +import org.apache.directory.server.core.integ.AbstractLdapTestUnit; +import org.apache.directory.server.core.integ.FrameworkRunner; +import org.apache.directory.shared.ldap.message.BindResponse; +import org.apache.directory.shared.ldap.message.ResultCodeEnum; +import org.junit.Test; +import org.junit.runner.RunWith; + + +/** + * Tests the server to make sure standard compare operations work properly. + * + * @author Apache Directory Project + */ +@RunWith(FrameworkRunner.class) +@ApplyLdifs( + { + // Entry # 1 + "dn: uid=antoine,ou=users,ou=system", + "objectClass: uidObject", + "objectClass: person", + "objectClass: top", + "uid: antoine", + "cn: Antoine Levy-Lambert", + "sn: Levy-Lambert", + "userPassword: secret" }) +@CreateDS(allowAnonAccess = true, name = "DelegatedAuthIT-class") +@CreateLdapServer( + transports = + { + @CreateTransport(protocol = "LDAP", port = 10200) + }) +public class DelegatedAuthIT extends AbstractLdapTestUnit +{ + + /** + * Test with bindDn which is not even found under any namingContext of the + * server. + * + * @throws Exception + */ + @CreateDS( + allowAnonAccess = true, + name = "DelegatedAuthIT-method", + additionalAuthenticators = + { + @CreateAuthenticator( + type = DelegatingAuthenticator.class, + delegateHost = "localhost", + delegatePort = 10200) }) + @CreateLdapServer( + transports = + { + @CreateTransport(protocol = "LDAP") + }) + @Test + public void testDelegatedAuthentication() throws Exception + { + assertTrue( service.isStarted() ); + assertEquals( "DelegatedAuthIT-method", service.getInstanceId() ); + LdapConnection ldapConnection = LdapConnectionFactory.getNetworkConnection( "localhost", ldapServer.getPort() ); + BindResponse bindResponse = ldapConnection.bind( "uid=antoine,ou=users,ou=system", "secret" ); + if ( bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS ) + { + fail( "this authentication should have been successful, got result code : " + + bindResponse.getLdapResult().getResultCode() ); + } + ldapConnection.unBind(); + bindResponse = ldapConnection.bind( "uid=antoine,ou=users,ou=system", "sesame" ); + if ( bindResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS ) + { + fail( "this authentication should have failed due to wrong password, got result code : " + + bindResponse.getLdapResult().getResultCode() ); + } + ldapConnection.unBind(); + try + { + bindResponse = ldapConnection.bind( "uid=ivanhoe,ou=users,ou=system", "secret" ); + if ( bindResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS ) + { + fail( "this authentication should fail, user does not exist, got result code : " + + bindResponse.getLdapResult().getResultCode() ); + } + ldapConnection.unBind(); + } + catch ( Exception exc ) + { + System.out.println( "exception happened" + exc.getMessage() ); + } + } + +} Modified: directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java?rev=1040746&r1=1040745&r2=1040746&view=diff ============================================================================== --- directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java (original) +++ directory/apacheds/branches/antoine/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java Tue Nov 30 20:01:38 2010 @@ -32,6 +32,7 @@ import org.apache.directory.server.kerbe import org.apache.directory.server.operations.add.AddIT; import org.apache.directory.server.operations.add.AddingEntriesWithSpecialCharactersInRDNIT; import org.apache.directory.server.operations.bind.BindIT; +import org.apache.directory.server.operations.bind.DelegatedAuthIT; import org.apache.directory.server.operations.bind.MiscBindIT; import org.apache.directory.server.operations.bind.SaslBindIT; import org.apache.directory.server.operations.bind.SimpleBindIT; @@ -84,6 +85,7 @@ import org.junit.runners.Suite; // operations.bind BindIT.class, + DelegatedAuthIT.class, MiscBindIT.class, SaslBindIT.class, SimpleBindIT.class, Modified: directory/apacheds/branches/antoine/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/antoine/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java?rev=1040746&r1=1040745&r2=1040746&view=diff ============================================================================== --- directory/apacheds/branches/antoine/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java (original) +++ directory/apacheds/branches/antoine/test-framework/src/main/java/org/apache/directory/server/core/integ/FrameworkRunner.java Tue Nov 30 20:01:38 2010 @@ -182,23 +182,7 @@ public class FrameworkRunner extends Blo // then use the DS created above if ( classLdapServerBuilder != null ) { - int minPort = 0; - - if ( suite != null ) - { - LdapServer suiteServer = suite.getLdapServer(); - - if ( suiteServer != null ) - { - for ( Transport transport : suiteServer.getTransports() ) - { - if ( minPort <= transport.getPort() ) - { - minPort = transport.getPort(); - } - } - } - } + int minPort = getMinPort(); classLdapServer = ServerAnnotationProcessor.createLdapServer( getDescription(), directoryService, minPort + 1 ); @@ -270,12 +254,37 @@ public class FrameworkRunner extends Blo } + private int getMinPort() + { + int minPort = 0; + + if ( suite != null ) + { + LdapServer suiteServer = suite.getLdapServer(); + + if ( suiteServer != null ) + { + for ( Transport transport : suiteServer.getTransports() ) + { + if ( minPort <= transport.getPort() ) + { + minPort = transport.getPort(); + } + } + } + } + return minPort; + } + + /** * {@inheritDoc} */ @Override protected void runChild( FrameworkMethod method, RunNotifier notifier ) { + /** The LdapServer for this method, if any */ + LdapServer methodLdapServer = null; // Don't run the test if the @Ignored annotation is used if ( method.getAnnotation( Ignore.class ) != null ) { @@ -295,6 +304,10 @@ public class FrameworkRunner extends Blo Description classDescription = getDescription(); Description methodDescription = describeChild( method ); + // Before running any test, check to see if we must create a class DS + // Get the LdapServerBuilder, if any + CreateLdapServer methodLdapServerBuilder = methodDescription.getAnnotation( CreateLdapServer.class ); + //if (meth) // Ok, ready to run the test try { @@ -352,6 +365,13 @@ public class FrameworkRunner extends Blo DSAnnotationProcessor.applyLdifs( methodDescription, directoryService ); } + if ( methodLdapServerBuilder != null ) + { + int minPort = getMinPort(); + + methodLdapServer = ServerAnnotationProcessor.createLdapServer( methodDescription, directoryService, + minPort + 1 ); + } // At this point, we know which service to use. // Inject it into the class @@ -369,7 +389,13 @@ public class FrameworkRunner extends Blo DirectoryService oldLdapServerDirService = null; DirectoryService oldKdcServerDirService = null; - if ( classLdapServer != null ) + if ( methodLdapServer != null ) { + // setting the directoryService is required to inject the correct level DS instance in the class or suite level LdapServer + methodLdapServer.setDirectoryService( directoryService ); + + ldapServerField.set( getTestClass().getJavaClass(), methodLdapServer ); + } + else if ( classLdapServer != null ) { oldLdapServerDirService = classLdapServer.getDirectoryService(); @@ -392,6 +418,11 @@ public class FrameworkRunner extends Blo // Run the test super.runChild( method, notifier ); + if ( methodLdapServer != null ) + { + methodLdapServer.stop(); + } + if ( oldLdapServerDirService != null ) { classLdapServer.setDirectoryService( oldLdapServerDirService );