directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1061092 - in /directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz: AuthzAuthnIT.java SearchAuthorizationIT.java
Date Thu, 20 Jan 2011 01:19:28 GMT
Author: elecharny
Date: Thu Jan 20 01:19:28 2011
New Revision: 1061092

URL: http://svn.apache.org/viewvc?rev=1061092&view=rev
Log:
o remove one @Ignore annotation for a test
o Some formating

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=1061092&r1=1061091&r2=1061092&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
Thu Jan 20 01:19:28 2011
@@ -123,11 +123,22 @@ public class AuthzAuthnIT extends Abstra
         // Note: In order to read contents of the bound context
         //       user will need appropriate Read permissions.
         createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ maximum 0
}", // !!!!! Replace this with "{ minimum 1 }" for practicing !
-            "{ " + "  identificationTag \"browseACI\", " + "  precedence 14, " + "  authenticationLevel
none, "
-                + "  itemOrUserFirst userFirst: " + "  { "
-                + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "
   userPermissions "
-                + "    { " + "      { " + "        protectedItems { entry }, "
-                + "        grantsAndDenials { grantBrowse } " + "      } " + "    } " + "
 } " + "}" );
+            "{ " + 
+            "  identificationTag \"browseACI\", " + 
+            "  precedence 14, " + 
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " + 
+            "  { " +
+            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
+            "    userPermissions " +
+            "    { " + 
+            "      { " + 
+            "        protectedItems { entry }, " +
+            "        grantsAndDenials { grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  } " + 
+            "}" );
 
         DN userName = new DN( "uid=billyd,ou=users,ou=system" );
 

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java?rev=1061092&r1=1061091&r2=1061092&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
Thu Jan 20 01:19:28 2011
@@ -384,12 +384,26 @@ public class SearchAuthorizationIT exten
 
         // Gives search perms to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "searchAdmin", "{ " + "  identificationTag \"searchAci\",
" + "  precedence 14, "
-            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " +
"    userClasses " + "    { "
-            + "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " + "    },
" + "    userPermissions "
-            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + " 
    } " + "    } " + "  } "
-            + "}" );
+        createAccessControlSubentry( "searchAdmin", 
+            "{ " + 
+            "  identificationTag \"searchAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " + 
+            "  { " + 
+            "    userClasses " + 
+            "    { " +
+            "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " + 
+            "    }, " + 
+            "    userPermissions " +
+            "    { " + 
+            "      { " + 
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  } " +
+            "}" );
 
         // see if we can now search that test entry which we could not before
         // add or should still fail since billd is not in the admin group
@@ -418,12 +432,26 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables user billyd to search an entry below ou=system
-        createAccessControlSubentry( "billydSearch", "{ " + "  identificationTag \"searchAci\",
" + "  precedence 14, "
-            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " +
"    userClasses " + "    { "
-            + "      name { \"uid=billyd,ou=users,ou=system\" } " + "    }, " + "    userPermissions
" + "    { "
-            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + " 
    } " + "    }" + "  } "
-            + "}" );
+        createAccessControlSubentry( "billydSearch", 
+            "{ " + 
+            "  identificationTag \"searchAci\", " + 
+            "  precedence 14, " +
+             "  authenticationLevel none, " + 
+             "  itemOrUserFirst userFirst: " + 
+             "  { " + 
+             "    userClasses " + 
+             "    { " +
+            "      name { \"uid=billyd,ou=users,ou=system\" } " + 
+            "    }, " + 
+            "    userPermissions " + 
+            "    { " +
+            "      { " + 
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    }" + 
+            "  } " +
+            "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -446,12 +474,26 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "BillyD", "billyd" ) );
 
         // now add a subentry that enables user billyd to search an entry below ou=system
-        createAccessControlSubentry( "billydSearch", "{ " + "  identificationTag \"searchAci\",
" + "  precedence 14, "
-            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " +
"    userClasses " + "    { "
-            + "      name { \"uid=billyd,ou=users,ou=system\" } " + "    }, " + "    userPermissions
" + "    { "
-            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + " 
    } " + "    } " + "  } "
-            + "}" );
+        createAccessControlSubentry( "billydSearch", 
+            "{ " + 
+            "  identificationTag \"searchAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " + 
+            "  { " + 
+            "    userClasses " + 
+            "    { " +
+            "      name { \"uid=billyd,ou=users,ou=system\" } " + 
+            "    }, " + 
+            "    userPermissions " + 
+            "    { " +
+            "      { " + 
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  } " +
+            "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanSearchAs( "BillyD", "billyd" ) );
@@ -473,13 +515,29 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables user billyd to search an entry below ou=system
-        createAccessControlSubentry( "billySearchBySubtree", "{ " + "  identificationTag
\"searchAci\", "
-            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:
" + "  { "
-            + "    userClasses " + "    { " + "      subtree " + "      { "
-            + "        { base \"ou=users,ou=system\" } " + "      } " + "    }, " + "   
userPermissions " + "    { "
-            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "        grantsAndDenials {  grantRead, grantReturnDN, grantBrowse } " + "
     } " + "    } " + "  } "
-            + "}" );
+        createAccessControlSubentry( "billySearchBySubtree", 
+            "{ " + 
+            "  identificationTag \"searchAci\", " +
+            "  precedence 14, " + 
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " + 
+            "  { " +
+            "    userClasses " + 
+            "    { " + 
+            "      subtree " + 
+            "      { " +
+            "        { base \"ou=users,ou=system\" } " + 
+            "      } " + 
+            "    }, " + 
+            "    userPermissions " + 
+            "    { " +
+            "      { " + 
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials {  grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  } " +
+            "}" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -501,12 +559,23 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables anyone to search an entry below ou=system
-        createAccessControlSubentry( "anybodySearch", "{ " + "  identificationTag \"searchAci\",
"
-            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:
" + "  { "
-            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "  
   { "
-            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
-            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + " 
    } " + "    } " + "  } "
-            + "}" );
+        createAccessControlSubentry( "anybodySearch", 
+            "{ " + 
+            "  identificationTag \"searchAci\", " +
+            "  precedence 14, " + 
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " + 
+            "  { " +
+            "    userClasses { allUsers }, " + 
+            "    userPermissions " + 
+            "    { " + 
+            "      { " +
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  } " +
+            "}" );
 
         // see if we can now search that tree which we could not before
         // should work now with billyd now that all users are authorized
@@ -535,12 +604,23 @@ public class SearchAuthorizationIT exten
 
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3
-        createAccessControlSubentry( "anybodySearch", "{ maximum 2 }", "{ " + "  identificationTag
\"searchAci\", "
-            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:
" + "  { "
-            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "  
   { "
-            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
-            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + " 
    } " + "    } " + "  } "
-            + "}" );
+        createAccessControlSubentry( "anybodySearch", "{ maximum 2 }", 
+            "{ " + 
+            "  identificationTag \"searchAci\", " +
+            "  precedence 14, " + 
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " + 
+            "  { " +
+            "    userClasses { allUsers }, " + 
+            "    userPermissions " + 
+            "    { " + 
+            "      { " +
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  } " +
+            "}" );
 
         // see if we can now search that test entry which we could not before
         // should work now with billyd now that all users are authorized
@@ -613,7 +693,6 @@ public class SearchAuthorizationIT exten
      * @throws Exception if the test encounters an error
      */
     @Test
-    @Ignore
     public void testHidingAttributeValues() throws Exception
     {
         // create the non-admin user
@@ -625,13 +704,29 @@ public class SearchAuthorizationIT exten
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  It only grants access to
         // the ou and objectClass attributes however.
-        createAccessControlSubentry( "excludeOUValue", "{ maximum 2 }", "{ " + "  identificationTag
\"searchAci\", "
-            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:
" + "  { "
-            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "  
   { "
-            + "        protectedItems " + "        {" + "          entry, " + "         
attributeType { ou }, "
-            + "          allAttributeValues { objectClass }, " + "          attributeValue
{ ou=0, ou=1, ou=2 } "
-            + "        }, " + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse
} " + "      } "
-            + "    } " + "  } " + "}" );
+        createAccessControlSubentry( "excludeOUValue", "{ maximum 2 }",
+            "{ " + 
+            "  identificationTag \"searchAci\", " +
+            "  precedence 14, " + 
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " + 
+            "  { " +
+            "    userClasses { allUsers }, " + 
+            "    userPermissions " + 
+            "    { " + 
+            "      { " +
+            "        protectedItems " + 
+            "        {" + 
+            "          entry, " + 
+            "          attributeType { ou }, " +
+            "          allAttributeValues { objectClass }, " + 
+            "          attributeValue { ou=0, ou=1, ou=2 } " +
+            "        }, " + 
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " +
+            "    } " + 
+            "  } " + 
+            "}" );
 
         // see if we can now search and find 4 entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -648,12 +743,23 @@ public class SearchAuthorizationIT exten
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  This time we should be able
         // to see the telephoneNumber attribute
-        createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }",
"{ "
-            + "  identificationTag \"searchAci\", " + "  precedence 14, " + "  authenticationLevel
none, "
-            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, "
+ "    userPermissions "
-            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues
}, "
-            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + " 
    } " + "    } " + "  }"
-            + "}" );
+        createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }",

+            "{ " +
+            "  identificationTag \"searchAci\", " + 
+            "  precedence 14, " + 
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " + 
+            "  { " + 
+            "    userClasses { allUsers }, " + 
+            "    userPermissions " +
+            "    { " + 
+            "      { " + 
+            "        protectedItems {entry, allUserAttributeTypesAndValues }, " +
+            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + 
+            "      } " + 
+            "    } " + 
+            "  }" +
+            "}" );
 
         // again we should find four entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );



Mime
View raw message