Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java Mon May 9 22:52:00 2011 @@ -39,8 +39,9 @@ import org.apache.directory.server.core. import org.apache.directory.shared.ldap.model.constants.SchemaConstants; import org.apache.directory.shared.ldap.model.entry.DefaultEntry; import org.apache.directory.shared.ldap.model.entry.Entry; -import org.apache.directory.shared.ldap.model.message.ModifyDnResponse; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; +import org.apache.directory.shared.ldap.model.exception.LdapEntryAlreadyExistsException; +import org.apache.directory.shared.ldap.model.exception.LdapException; +import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException; import org.apache.directory.shared.ldap.model.name.Dn; import org.junit.After; import org.junit.Before; @@ -86,20 +87,21 @@ public class MoveRenameAuthorizationIT e // create the new entry as the admin user adminConnection.add( testEntry ); + assertTrue( adminConnection.exists( entryDn ) ); Dn userName = new Dn( "uid=" + uid + ",ou=users,ou=system" ); LdapConnection userConnection = getConnectionAs( userName, password ); - ModifyDnResponse resp = userConnection.rename( entryDn.getName(), newNameRdn ); - - if ( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS ) + try { - userConnection.delete( newNameRdn + ",ou=system" ); + userConnection.rename( entryDn.getName(), newNameRdn ); + adminConnection.delete( newNameRdn + ",ou=system" ); result = true; } - else + catch ( LdapException le ) { - adminConnection.delete(entryDn); + adminConnection.delete( entryDn ); + assertFalse( adminConnection.exists( entryDn ) ); result = false; } @@ -129,7 +131,7 @@ public class MoveRenameAuthorizationIT e Dn entryDn = new Dn( entryRdn + ",ou=system" ); boolean result; - Entry testEntry = new DefaultEntry(entryDn); + Entry testEntry = new DefaultEntry( entryDn ); testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" ); testEntry.add( SchemaConstants.OU_AT, "testou" ); @@ -137,40 +139,52 @@ public class MoveRenameAuthorizationIT e // create the new entry as the admin user adminConnection.add( testEntry ); + assertTrue( adminConnection.exists( entryDn ) ); Dn userName = new Dn( "uid=" + uid + ",ou=users,ou=system" ); LdapConnection userConnection = getConnectionAs( userName, password ); boolean isMoved = false; - ModifyDnResponse moveResp = userConnection.move( entryDn.getName(), newParentRdn + ",ou=system" ); - - if ( moveResp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS ) + String movedName = entryRdn + "," + newParentRdn + ",ou=system"; + + try { + userConnection.move( entryDn.getName(), newParentRdn + ",ou=system" ); isMoved = true; + assertTrue( adminConnection.exists( movedName ) ); + assertFalse( userConnection.exists( entryDn ) ); } - else + catch ( LdapNoPermissionException lnpe ) { - adminConnection.delete(entryDn); + assertFalse( adminConnection.exists( movedName ) ); + assertTrue( adminConnection.exists( entryDn ) ); + adminConnection.delete( entryDn ); + return false; } - ModifyDnResponse resp = userConnection - .rename( entryRdn + "," + newParentRdn + ",ou=system", newNameRdn ); - - ResultCodeEnum code = resp.getLdapResult().getResultCode(); - - if ( ( code == ResultCodeEnum.SUCCESS ) || ( code == ResultCodeEnum.ENTRY_ALREADY_EXISTS ) ) + String renamedName = newNameRdn + ", " + newParentRdn + ",ou=system"; + + try + { + userConnection.rename( movedName, newNameRdn ); + assertTrue( adminConnection.exists( renamedName ) ); + assertFalse( adminConnection.exists( movedName ) ); + + adminConnection.delete( renamedName ); + result = true; + } + catch ( LdapEntryAlreadyExistsException leaee ) { - userConnection.delete( newNameRdn + "," + newParentRdn + ",ou=system" ); + adminConnection.delete( renamedName ); result = true; } - else + catch ( LdapException le ) { if ( isMoved ) { - entryDn = entryDn.add( newParentRdn ); - adminConnection.delete(entryDn); + adminConnection.delete( movedName ); } result = false; @@ -201,11 +215,26 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); // Gives grantRename perm to all users in the Administrators group for entries - createAccessControlSubentry( "grantRenameByAdmin", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses " + " { " + " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " - + " }, " + " userPermissions " + " { " + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantRename, grantBrowse } " + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameByAdmin", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // see if we can now rename that test entry which we could not before // rename op should still fail since billyd is not in the admin group @@ -234,12 +263,26 @@ public class MoveRenameAuthorizationIT e // Gives grantRename, grantImport, grantExport perm to all users in the Administrators // group for entries - browse is needed just to read navigate the tree at root - createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses " + " { " + " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " - + " }, " + " userPermissions " + " { " + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameMoveByAdmin", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // see if we can move and rename the test entry which we could not before // op should still fail since billyd is not in the admin group @@ -264,25 +307,39 @@ public class MoveRenameAuthorizationIT e createUser( "billyd", "billyd" ); // try move operation which should fail without any ACI - assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // Gives grantImport, and grantExport perm to all users in the Administrators group for entries - createAccessControlSubentry( "grantMoveByAdmin", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses " + " { " + " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " - + " }, " + " userPermissions " + " { " + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantBrowse } " + " } " + " } " + " } " - + "}" ); + createAccessControlSubentry( "grantMoveByAdmin", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " userGroup { \"cn=Administrators,ou=groups,ou=system\" } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // see if we can now move that test entry which we could not before // op should still fail since billyd is not in the admin group - assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // now add billyd to the Administrator group and try again addUserToGroup( "billyd", "Administrators" ); // try move operation which should succeed with ACI and group membership change - assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // now let's cleanup removeUserFromGroup( "billyd", "Administrators" ); @@ -311,11 +368,23 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); // Gives grantRename perm specifically to the billyd user - createAccessControlSubentry( "grantRenameByName", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + " userPermissions " + " { " - + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantRename, grantBrowse } " + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameByName", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try a rename operation which should succeed with ACI assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); @@ -335,12 +404,23 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname", "ou=groups" ) ); // Gives grantRename, grantImport, grantExport perm to billyd user on entries - createAccessControlSubentry( "grantRenameMoveByName", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + " userPermissions " + " { " - + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameMoveByName", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try move w/ rdn change which should succeed with ACI assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) ); @@ -360,15 +440,26 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); // Gives grantImport, and grantExport perm to billyd user for entries - createAccessControlSubentry( "grantMoveByName", "{ " + " identificationTag \"addAci\", " + " precedence 14, " - + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + " userPermissions " + " { " - + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantMoveByName", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try move operation which should succeed with ACI - assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // now let's cleanup deleteAccessControlSubentry( "grantMoveByName" ); @@ -396,11 +487,26 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); // Gives grantRename perm for entries to those users selected by the subtree - createAccessControlSubentry( "grantRenameByTree", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses " + " { " + " subtree { { base \"ou=users,ou=system\" } } " + " }, " - + " userPermissions " + " { " + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantRename, grantBrowse } " + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameByTree", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " subtree { { base \"ou=users,ou=system\" } } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try a rename operation which should succeed with ACI assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); @@ -420,12 +526,25 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) ); // Gives grantRename, grantImport, grantExport for entries to users selected by subtree - createAccessControlSubentry( "grantRenameMoveByTree", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: { " - + " userClasses " + " { " + " subtree { { base \"ou=users,ou=system\" } } " + " }, " - + " userPermissions " + " { " + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameMoveByTree", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: { " + + " userClasses " + + " { " + + " subtree { { base \"ou=users,ou=system\" } } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try move w/ rdn change which should succeed with ACI assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) ); @@ -442,18 +561,32 @@ public class MoveRenameAuthorizationIT e createUser( "billyd", "billyd" ); // try move operation which should fail without any ACI - assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // Gives grantImport, and grantExport perm for entries to subtree selected users - createAccessControlSubentry( "grantMoveByTree", "{ " + " identificationTag \"addAci\", " + " precedence 14, " - + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " + " userClasses " + " { " - + " subtree { { base \"ou=users,ou=system\" } } " + " }, " + " userPermissions " + " { " - + " { " + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantMoveByTree", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " subtree { { base \"ou=users,ou=system\" } } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try move operation which should succeed with ACI - assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // now let's cleanup deleteAccessControlSubentry( "grantMoveByTree" ); @@ -481,11 +614,23 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); // Gives grantRename perm for entries to any user - createAccessControlSubentry( "grantRenameByAny", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses { allUsers }, " + " userPermissions " + " { " + " { " - + " protectedItems {entry}, " + " grantsAndDenials { grantRename, grantBrowse } " - + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameByAny", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { allUsers }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try a rename operation which should succeed with ACI assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) ); @@ -505,12 +650,23 @@ public class MoveRenameAuthorizationIT e assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) ); // Gives grantRename, grantImport, grantExport for entries to any user - createAccessControlSubentry( "grantRenameMoveByAny", "{ " + " identificationTag \"addAci\", " - + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses { allUsers }, " + " userPermissions " + " { " + " { " - + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantRenameMoveByAny", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { allUsers }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try move w/ rdn change which should succeed with ACI assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) ); @@ -527,18 +683,29 @@ public class MoveRenameAuthorizationIT e createUser( "billyd", "billyd" ); // try move operation which should fail without any ACI - assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // Gives grantImport, and grantExport perm for entries to any user - createAccessControlSubentry( "grantMoveByAny", "{ " + " identificationTag \"addAci\", " + " precedence 14, " - + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { " - + " userClasses { allUsers }, " + " userPermissions " + " { " + " { " - + " protectedItems {entry}, " - + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + " } " - + " } " + " } " + "}" ); + createAccessControlSubentry( "grantMoveByAny", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { allUsers }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry}, " + + " grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // try move operation which should succeed with ACI - assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) ); + assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou1", "ou=testou2", "ou=groups" ) ); // now let's cleanup deleteAccessControlSubentry( "grantMoveByAny" ); @@ -568,30 +735,62 @@ public class MoveRenameAuthorizationIT e // Gives grantBrowse perm to all users in the Administrators // group for entries // It's is needed just to read navigate the tree at root - createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ }", "{ " - + " identificationTag \"browseACI\", " + " precedence 14, " + " authenticationLevel none, " - + " itemOrUserFirst userFirst: " + " { " - + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + " userPermissions " - + " { " + " { " + " protectedItems { entry }, " - + " grantsAndDenials { grantBrowse } " + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ }", + "{ " + + " identificationTag \"browseACI\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems { entry }, " + + " grantsAndDenials { grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // Gives grantExport, grantRename perm to all users in the Administrators // group for entries - createAccessControlSubentry( "grantExportFromASubtree", "{ base \"ou=users\" }", "{ " - + " identificationTag \"exportACI\", " + " precedence 14, " + " authenticationLevel none, " - + " itemOrUserFirst userFirst: " + " { " - + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + " userPermissions " - + " { " + " { " + " protectedItems { entry }, " - + " grantsAndDenials { grantExport, grantRename } " + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantExportFromASubtree", "{ base \"ou=users\" }", + "{ " + + " identificationTag \"exportACI\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems { entry }, " + + " grantsAndDenials { grantExport, grantRename } " + + " } " + + " } " + + " } " + + "}" ); // Gives grantImport perm to all users in the Administrators // group for the target context - createAccessControlSubentry( "grantImportToASubtree", "{ base \"ou=groups\" }", "{ " - + " identificationTag \"importACI\", " + " precedence 14, " + " authenticationLevel none, " - + " itemOrUserFirst userFirst: " + " { " - + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + " userPermissions " - + " { " + " { " + " protectedItems { entry }, " - + " grantsAndDenials { grantImport } " + " } " + " } " + " } " + "}" ); + createAccessControlSubentry( "grantImportToASubtree", "{ base \"ou=groups\" }", + "{ " + + " identificationTag \"importACI\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems { entry }, " + + " grantsAndDenials { grantImport } " + " } " + + " } " + + " } " + + "}" ); // see if we can move and rename the test entry which we could not before // op should still fail since billyd is not in the admin group Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java Mon May 9 22:52:00 2011 @@ -42,14 +42,11 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.entry.Modification; import org.apache.directory.shared.ldap.model.entry.ModificationOperation; import org.apache.directory.shared.ldap.model.exception.LdapException; +import org.apache.directory.shared.ldap.model.exception.LdapSchemaViolationException; import org.apache.directory.shared.ldap.model.ldif.LdapLdifException; -import org.apache.directory.shared.ldap.model.message.AddResponse; -import org.apache.directory.shared.ldap.model.message.ModifyResponse; import org.apache.directory.shared.ldap.model.message.Response; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.apache.directory.shared.ldap.model.message.SearchResultEntry; import org.apache.directory.shared.ldap.model.message.SearchScope; -import org.apache.directory.shared.ldap.model.name.Dn; import org.junit.After; import org.junit.Before; import org.junit.Ignore; @@ -527,28 +524,24 @@ public class CollectiveAttributeServiceI } - @Test + @Test( expected = LdapSchemaViolationException.class ) public void testAddRegularEntryWithCollectiveAttribute() throws Exception { Entry entry = getTestEntry( "cn=Ersin Er,ou=system", "Ersin Er" ); entry.put( "c-l", "Turkiye" ); - AddResponse response = connection.add( entry ); - - assertEquals( ResultCodeEnum.OBJECT_CLASS_VIOLATION, response.getLdapResult().getResultCode() ); + connection.add( entry ); } - @Test + @Test( expected = LdapSchemaViolationException.class ) public void testModifyRegularEntryAddingCollectiveAttribute() throws Exception { Entry entry = getTestEntry( "cn=Ersin Er,ou=system", "Ersin Er" ); connection.add( entry ); - ModifyResponse response = connection.modify( "cn=Ersin Er,ou=system", new DefaultModification( + connection.modify( "cn=Ersin Er,ou=system", new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, new DefaultAttribute( "c-l", "Turkiye" ) ) ); - - assertEquals( ResultCodeEnum.OBJECT_CLASS_VIOLATION, response.getLdapResult().getResultCode() ); } Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/exception/ExceptionServiceIT.java Mon May 9 22:52:00 2011 @@ -26,6 +26,7 @@ import static org.junit.Assert.assertFal import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import org.apache.directory.ldap.client.api.LdapConnection; import org.apache.directory.server.constants.ServerDNConstants; @@ -38,9 +39,13 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.entry.Attribute; import org.apache.directory.shared.ldap.model.entry.DefaultEntry; import org.apache.directory.shared.ldap.model.entry.Entry; +import org.apache.directory.shared.ldap.model.exception.LdapAliasException; +import org.apache.directory.shared.ldap.model.exception.LdapContextNotEmptyException; +import org.apache.directory.shared.ldap.model.exception.LdapEntryAlreadyExistsException; +import org.apache.directory.shared.ldap.model.exception.LdapNoSuchObjectException; +import org.apache.directory.shared.ldap.model.message.AddRequest; +import org.apache.directory.shared.ldap.model.message.AddRequestImpl; import org.apache.directory.shared.ldap.model.message.AddResponse; -import org.apache.directory.shared.ldap.model.message.DeleteResponse; -import org.apache.directory.shared.ldap.model.message.ModifyDnResponse; import org.apache.directory.shared.ldap.model.message.ModifyRequest; import org.apache.directory.shared.ldap.model.message.ModifyRequestImpl; import org.apache.directory.shared.ldap.model.message.ModifyResponse; @@ -80,7 +85,11 @@ public class ExceptionServiceIT extends entry.add( SchemaConstants.CN_AT, value ); entry.add( SchemaConstants.SN_AT, value ); - AddResponse resp = getAdminConnection( getService() ).add( entry ); + AddRequest addRequest = new AddRequestImpl(); + addRequest.setEntry( entry ); + addRequest.setEntryDn( dn ); + + AddResponse resp = getAdminConnection( getService() ).add( addRequest ); return resp; } @@ -146,8 +155,16 @@ public class ExceptionServiceIT extends entry.add( SchemaConstants.OU_AT, "users" ); connection.add( entry ); - ModifyDnResponse resp = connection.rename( entry.getDn(), new Rdn( "ou=users" ) ); - assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, resp.getLdapResult().getResultCode() ); + + try + { + connection.rename( entry.getDn(), new Rdn( "ou=users" ) ); + fail(); + } + catch( LdapEntryAlreadyExistsException leaee ) + { + assertTrue( true ); + } Entry userzEntry = new DefaultEntry( "ou=userz,ou=groups,ou=system" ); userzEntry.add( SchemaConstants.OBJECT_CLASS_AT, "OrganizationalUnit" ); @@ -155,8 +172,15 @@ public class ExceptionServiceIT extends connection.add( userzEntry ); - ModifyDnResponse modResp = connection.rename( "ou=userz,ou=groups,ou=system", "ou=users", true ); - assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, modResp.getLdapResult().getResultCode() ); + try + { + connection.rename( "ou=userz,ou=groups,ou=system", "ou=users", true ); + fail(); + } + catch( LdapEntryAlreadyExistsException leaee ) + { + assertTrue( true ); + } } @@ -170,11 +194,25 @@ public class ExceptionServiceIT extends { LdapConnection connection = getAdminConnection( getService() ); - ModifyDnResponse resp = connection.rename( "ou=blah,ou=groups,ou=system", "ou=blah1" ); - assertEquals( ResultCodeEnum.NO_SUCH_OBJECT, resp.getLdapResult().getResultCode() ); + try + { + connection.rename( "ou=blah,ou=groups,ou=system", "ou=blah1" ); + fail(); + } + catch ( LdapNoSuchObjectException lnsoe ) + { + assertTrue( true ); + } - resp = connection.rename( "ou=blah,ou=groups,ou=system", "ou=blah1" ); - assertEquals( ResultCodeEnum.NO_SUCH_OBJECT, resp.getLdapResult().getResultCode() ); + try + { + connection.rename( "ou=blah,ou=groups,ou=system", "ou=blah1" ); + fail(); + } + catch ( LdapNoSuchObjectException lnsoe ) + { + assertTrue( true ); + } } @@ -207,13 +245,12 @@ public class ExceptionServiceIT extends * * @throws Exception on error */ - @Test + @Test( expected = LdapEntryAlreadyExistsException.class ) public void testFailModifyRdnEntryAlreadyExists() throws Exception { LdapConnection connection = getAdminConnection( getService() ); - ModifyDnResponse resp = connection.rename( "ou=users,ou=system", "ou=groups" ); - assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, resp.getLdapResult().getResultCode() ); + connection.rename( "ou=users,ou=system", "ou=groups" ); } @@ -222,13 +259,12 @@ public class ExceptionServiceIT extends * * @throws Exception on error */ - @Test + @Test( expected = LdapNoSuchObjectException.class ) public void testFailModifyRdnNoSuchObject() throws Exception { LdapConnection connection = getAdminConnection( getService() ); - ModifyDnResponse resp = connection.rename( "ou=blah,ou=system", "ou=asdf" ); - assertEquals( ResultCodeEnum.NO_SUCH_OBJECT, resp.getLdapResult().getResultCode() ); + connection.rename( "ou=blah,ou=system", "ou=asdf" ); } @@ -391,7 +427,7 @@ public class ExceptionServiceIT extends * * @throws Exception on error */ - @Test + @Test( expected = LdapAliasException.class ) public void testFailAddOnAlias() throws Exception { LdapConnection connection = getAdminConnection( getService() ); @@ -406,8 +442,7 @@ public class ExceptionServiceIT extends aliasChild.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" ); aliasChild.add( SchemaConstants.OU_AT, "blah" ); - AddResponse resp = connection.add( aliasChild ); - assertEquals( ResultCodeEnum.ALIAS_PROBLEM, resp.getLdapResult().getResultCode() ); + connection.add( aliasChild ); } @@ -452,7 +487,7 @@ public class ExceptionServiceIT extends * * @throws Exception on error */ - @Test + @Test( expected = LdapContextNotEmptyException.class ) public void testFailDeleteNotAllowedOnNonLeaf() throws Exception { LdapConnection connection = getAdminConnection( getService() ); @@ -460,8 +495,7 @@ public class ExceptionServiceIT extends AddResponse resp = createSubContext( "ou", "blah" ); resp = createSubContext( new Dn( "ou=blah,ou=system" ), "ou", "subctx" ); - DeleteResponse delResp = connection.delete( "ou=blah,ou=system" ); - assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_NON_LEAF, delResp.getLdapResult().getResultCode() ); + connection.delete( "ou=blah,ou=system" ); } @@ -471,13 +505,12 @@ public class ExceptionServiceIT extends * * @throws Exception on error */ - @Test + @Test( expected = LdapNoSuchObjectException.class ) public void testFailDeleteNoSuchObject() throws Exception { LdapConnection connection = getAdminConnection( getService() ); - DeleteResponse delResp = connection.delete( "ou=blah,ou=system" ); - assertEquals( ResultCodeEnum.NO_SUCH_OBJECT, delResp.getLdapResult().getResultCode() ); + connection.delete( "ou=blah,ou=system" ); } Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operational/OperationalAttributeServiceIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operational/OperationalAttributeServiceIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operational/OperationalAttributeServiceIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operational/OperationalAttributeServiceIT.java Mon May 9 22:52:00 2011 @@ -41,9 +41,8 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.entry.Entry; import org.apache.directory.shared.ldap.model.entry.Modification; import org.apache.directory.shared.ldap.model.entry.ModificationOperation; -import org.apache.directory.shared.ldap.model.message.ModifyResponse; +import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException; import org.apache.directory.shared.ldap.model.message.Response; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.apache.directory.shared.ldap.model.message.SearchResultEntry; import org.apache.directory.shared.ldap.model.message.SearchScope; import org.apache.directory.shared.ldap.model.name.Dn; @@ -65,6 +64,7 @@ import org.junit.runner.RunWith; public class OperationalAttributeServiceIT extends AbstractLdapTestUnit { private static final String DN_KATE_BUSH = "cn=Kate Bush,ou=system"; + private static final String DN_KB = "cn=KB,ou=system"; private LdapConnection connection; @@ -82,6 +82,7 @@ public class OperationalAttributeService "objectClass: person", "cn: Kate Bush", "sn: Bush"); + connection.add( entry ); } @@ -91,7 +92,10 @@ public class OperationalAttributeService { // delete this entry after each test because we want // to check that operational attributes are added - connection.delete( DN_KATE_BUSH ); + if ( connection.exists( DN_KATE_BUSH ) ) + { + connection.delete( DN_KATE_BUSH ); + } connection.close(); } @@ -344,15 +348,13 @@ public class OperationalAttributeService * * @throws NamingException on error */ - @Test + @Test( expected = LdapNoPermissionException.class ) public void testModifyOperationalAttributeRemove() throws Exception { Modification modifyOp = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, new DefaultAttribute( "creatorsName" ) ); - ModifyResponse response = connection.modify( DN_KATE_BUSH, modifyOp ); - - assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, response.getLdapResult().getResultCode() ); + connection.modify( DN_KATE_BUSH, modifyOp ); } @@ -361,15 +363,13 @@ public class OperationalAttributeService * * @throws NamingException on error */ - @Test + @Test( expected = LdapNoPermissionException.class ) public void testModifyOperationalAttributeReplace() throws Exception { Modification modifyOp = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, new DefaultAttribute( "creatorsName", "cn=Tori Amos,dc=example,dc=com" ) ); - ModifyResponse response = connection.modify( DN_KATE_BUSH, modifyOp ); - - assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, response.getLdapResult().getResultCode() ); + connection.modify( DN_KATE_BUSH, modifyOp ); } @@ -394,7 +394,9 @@ public class OperationalAttributeService assertNotNull( entry.get( "createTimestamp" ) ); assertNotNull( entry.get( "modifiersName" ) ); assertNotNull( entry.get( "modifyTimestamp" ) ); - } + + connection.rename( DN_KB, "cn=Kate Bush" ); +} /** @@ -418,7 +420,9 @@ public class OperationalAttributeService assertNotNull( entry.get( "createTimestamp" ) ); assertNotNull( entry.get( "modifiersName" ) ); assertNotNull( entry.get( "modifyTimestamp" ) ); - } + + connection.delete( "cn=Kate Bush,ou=users,ou=system" ); + } /** @@ -442,6 +446,8 @@ public class OperationalAttributeService assertNotNull( entry.get( "createTimestamp" ) ); assertNotNull( entry.get( "modifiersName" ) ); assertNotNull( entry.get( "modifyTimestamp" ) ); + + connection.delete( "cn=KB,ou=users,ou=system" ); } } Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java Mon May 9 22:52:00 2011 @@ -48,9 +48,8 @@ import org.apache.directory.server.core. import org.apache.directory.server.core.integ.IntegrationUtils; import org.apache.directory.server.core.jndi.CoreContextFactory; import org.apache.directory.shared.ldap.model.constants.JndiPropertyConstants; +import org.apache.directory.shared.ldap.model.exception.LdapUnwillingToPerformException; import org.apache.directory.shared.ldap.model.message.AliasDerefMode; -import org.apache.directory.shared.ldap.model.message.BindResponse; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.junit.Test; import org.junit.runner.RunWith; @@ -368,7 +367,7 @@ public class SimpleBindIT extends Abstra * * @throws Exception on error */ - @Test + @Test( expected = LdapUnwillingToPerformException.class ) public void testSimpleBindAPrincipalNullPassword() throws Exception { LdapConnection connection = IntegrationUtils.getConnectionAs( getService(), "uid=admin,ou=system", null ); @@ -376,8 +375,7 @@ public class SimpleBindIT extends Abstra connection = IntegrationUtils.getConnectionAs( getService(), "uid=admin,ou=system", "secret" ); - BindResponse bindResp = connection.bind( "uid=admin,ou=system", null ); - assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, bindResp.getLdapResult().getResultCode() ); + connection.bind( "uid=admin,ou=system", null ); } Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/compare/ComparePerfIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/compare/ComparePerfIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/compare/ComparePerfIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/compare/ComparePerfIT.java Mon May 9 22:52:00 2011 @@ -30,7 +30,6 @@ import org.apache.directory.server.core. import org.apache.directory.server.core.integ.IntegrationUtils; import org.apache.directory.shared.ldap.model.entry.DefaultEntry; import org.apache.directory.shared.ldap.model.entry.Entry; -import org.apache.directory.shared.ldap.model.message.CompareResponse; import org.apache.directory.shared.ldap.model.name.Dn; import org.junit.Test; import org.junit.runner.RunWith; @@ -101,9 +100,7 @@ public class ComparePerfIT extends Abstr t00 = System.currentTimeMillis(); } - CompareResponse response = connection.compare( dn, "sn", "TEST" ); - - //assertEquals( ResultCodeEnum.COMPARE_TRUE, response.getLdapResult().getResultCode() ); + connection.compare( dn, "sn", "TEST" ); } long t1 = System.currentTimeMillis(); Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryServiceIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryServiceIT.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryServiceIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryServiceIT.java Mon May 9 22:52:00 2011 @@ -26,6 +26,7 @@ import static org.junit.Assert.assertFal import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import java.util.HashMap; import java.util.Map; @@ -54,12 +55,12 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.entry.DefaultEntry; import org.apache.directory.shared.ldap.model.entry.Entry; import org.apache.directory.shared.ldap.model.exception.LdapException; -import org.apache.directory.shared.ldap.model.message.AddResponse; +import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException; +import org.apache.directory.shared.ldap.model.exception.LdapNoSuchAttributeException; import org.apache.directory.shared.ldap.model.message.Control; import org.apache.directory.shared.ldap.model.message.ModifyRequest; import org.apache.directory.shared.ldap.model.message.ModifyRequestImpl; import org.apache.directory.shared.ldap.model.message.Response; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.apache.directory.shared.ldap.model.message.SearchResultEntry; import org.apache.directory.shared.ldap.model.message.SearchScope; import org.apache.directory.shared.ldap.model.message.controls.Subentries; @@ -420,9 +421,9 @@ public class SubentryServiceIT extends A "c-o: Test Org", "cn: testsubentryA" ); - AddResponse response = connection.add( subEntryA ); + connection.add( subEntryA ); - assertTrue( response.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS ); + assertTrue( connection.exists( "cn=testsubentryA,dc=AP-A,dc=test,ou=system" ) ); // Check the resulting modifications Map results = getAllEntries( connection, "dc=test,ou=system" ); @@ -466,7 +467,8 @@ public class SubentryServiceIT extends A "c-o: Test Org", "cn: testsubentryB"); - response = connection.add( subEntryB ); + connection.add( subEntryB ); + assertTrue( connection.exists( "cn=testsubentryB,dc=AP-B,cn=A2,dc=AP-A,dc=test,ou=system" ) ); // Check the resulting modifications results = getAllEntries( connection, "dc=test,ou=system" ); @@ -539,10 +541,16 @@ public class SubentryServiceIT extends A LdapConnection connection = IntegrationUtils.getAdminConnection( getService() ); Entry subEntry = getSubentry( "cn=testsubentry,ou=system" ); - AddResponse response = connection.add( subEntry ); - - assertTrue( "should never get here: cannot create subentry under regular entries", response.getLdapResult() - .getResultCode() == ResultCodeEnum.NO_SUCH_ATTRIBUTE ); + + try + { + connection.add( subEntry ); + fail(); + } + catch ( LdapNoSuchAttributeException lnsae ) + { + assertTrue( true ); + } addAdministrativeRole( connection, "ou=system", "collectiveAttributeSpecificArea" ); connection.add( subEntry ); @@ -1419,7 +1427,7 @@ public class SubentryServiceIT extends A } - @Test + @Test( expected = LdapNoPermissionException.class ) public void testUserInjectAccessControlSubentries() throws Exception { userConnection = IntegrationUtils.getConnectionAs( getService(), "cn=testUser,ou=system", "test" ); @@ -1432,10 +1440,13 @@ public class SubentryServiceIT extends A "accessControlSubentries: ou=system" ); // It should fail - AddResponse response = userConnection.add( sap ); - - assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, response.getLdapResult().getResultCode() ); - - userConnection.close(); + try + { + userConnection.add( sap ); + } + finally + { + userConnection.close(); + } } } Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java Mon May 9 22:52:00 2011 @@ -29,8 +29,6 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.entry.Entry; import org.apache.directory.shared.ldap.model.exception.LdapAuthenticationException; import org.apache.directory.shared.ldap.model.exception.LdapException; -import org.apache.directory.shared.ldap.model.message.BindResponse; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.apache.directory.shared.ldap.model.name.Dn; import org.apache.directory.shared.util.Strings; @@ -127,20 +125,20 @@ public class DelegatingAuthenticator ext try { // Try to bind - BindResponse bindResponse = ldapConnection.bind( bindContext.getDn(), - Strings.utf8ToString(bindContext.getCredentials()) ); - - if ( bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS ) + try + { + ldapConnection.bind( bindContext.getDn(), + Strings.utf8ToString(bindContext.getCredentials()) ); + + // no need to remain bound to delegate host + ldapConnection.unBind(); + } + catch ( LdapException le ) { String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() ); LOG.info( message ); throw new LdapAuthenticationException( message ); } - else - { - // no need to remain bound to delegate host - ldapConnection.unBind(); - } // Create the new principal principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(), AuthenticationLevel.SIMPLE, Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapConnectionTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapConnectionTest.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapConnectionTest.java (original) +++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapConnectionTest.java Mon May 9 22:52:00 2011 @@ -42,9 +42,7 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.entry.Entry; import org.apache.directory.shared.ldap.model.entry.StringValue; import org.apache.directory.shared.ldap.model.filter.EqualityNode; -import org.apache.directory.shared.ldap.model.message.BindResponse; import org.apache.directory.shared.ldap.model.message.Response; -import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.apache.directory.shared.ldap.model.message.SearchResultEntry; import org.apache.directory.shared.ldap.model.message.SearchScope; import org.apache.directory.shared.ldap.model.schema.SchemaManager; @@ -95,11 +93,9 @@ public class LdapConnectionTest extends LdapConnection connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() ); try { - BindResponse bindResponse = connection.bind( ADMIN_DN, "secret" ); + connection.bind( ADMIN_DN, "secret" ); - assertNotNull( bindResponse ); - - //connection.unBind(); + assertTrue( connection.isAuthenticated() ); } finally { @@ -215,10 +211,10 @@ public class LdapConnectionTest extends @Test public void testAnonBind() throws Exception { - LdapNetworkConnection conn = new LdapNetworkConnection( "localhost", getLdapServer().getPort() ); + LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() ); - BindResponse resp = conn.bind(); - assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); - conn.close(); + connection.bind(); + assertTrue( connection.isAuthenticated() ); + connection.close(); } } Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java (original) +++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java Mon May 9 22:52:00 2011 @@ -22,6 +22,7 @@ package org.apache.directory.shared.clie import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; import java.io.IOException; import java.util.List; @@ -42,7 +43,6 @@ import org.apache.directory.server.ldap. import org.apache.directory.server.ldap.handlers.bind.plain.PlainMechanismHandler; import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler; import org.apache.directory.shared.ldap.model.constants.SupportedSaslMechanisms; -import org.apache.directory.shared.ldap.model.message.BindResponse; import org.apache.directory.shared.ldap.model.name.Dn; import org.junit.Before; import org.junit.Test; @@ -110,9 +110,9 @@ public class LdapSSLConnectionTest exten try { connection = new LdapNetworkConnection( sslConfig ); - BindResponse bindResponse = connection.bind( "uid=admin,ou=system", "secret" ); + connection.bind( "uid=admin,ou=system", "secret" ); - assertNotNull( bindResponse ); + assertTrue( connection.isAuthenticated() ); } finally { @@ -154,9 +154,9 @@ public class LdapSSLConnectionTest exten connection = new LdapNetworkConnection( tlsConfig ); connection.connect(); connection.startTls(); - BindResponse bindResponse = connection.bind( "uid=admin,ou=system", "secret" ); + connection.bind( "uid=admin,ou=system", "secret" ); - assertNotNull( bindResponse ); + assertTrue( connection.isAuthenticated() ); connection.unBind(); } Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java (original) +++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java Mon May 9 22:52:00 2011 @@ -24,6 +24,7 @@ import static org.junit.Assert.assertEqu import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import java.util.UUID; import java.util.concurrent.TimeUnit; @@ -41,10 +42,10 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.model.csn.CsnFactory; import org.apache.directory.shared.ldap.model.entry.DefaultEntry; import org.apache.directory.shared.ldap.model.entry.Entry; +import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException; import org.apache.directory.shared.ldap.model.message.AddRequest; import org.apache.directory.shared.ldap.model.message.AddRequestImpl; import org.apache.directory.shared.ldap.model.message.AddResponse; -import org.apache.directory.shared.ldap.model.message.BindResponse; import org.apache.directory.shared.ldap.model.message.ResultCodeEnum; import org.apache.directory.shared.ldap.model.message.controls.ManageDsaITImpl; import org.apache.directory.shared.ldap.model.name.Dn; @@ -95,9 +96,7 @@ public class ClientAddRequestTest extend assertFalse( session.exists( dn ) ); - AddResponse response = connection.add( entry ); - assertNotNull( response ); - assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() ); + connection.add( entry ); assertTrue( session.exists( dn ) ); } @@ -108,7 +107,7 @@ public class ClientAddRequestTest extend { assertFalse( session.exists( "cn=testadd,ou=system" ) ); - AddResponse response = connection.add( + connection.add( new DefaultEntry( "cn=testadd,ou=system", "ObjectClass : top", @@ -117,9 +116,6 @@ public class ClientAddRequestTest extend "sn: testadd_sn" ) ); - assertNotNull( response ); - assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() ); - assertTrue( session.exists( "cn=testadd,ou=system" ) ); } @@ -244,11 +240,18 @@ public class ClientAddRequestTest extend connection.unBind(); // connect as non admin user and try to add entry with uuid and csn - BindResponse bindResp = connection.bind( "cn=kayyagari,ou=system", "secret" ); - assertEquals( ResultCodeEnum.SUCCESS, bindResp.getLdapResult().getResultCode() ); + connection.bind( "cn=kayyagari,ou=system", "secret" ); + assertTrue( connection.isAuthenticated() ); - AddResponse resp = connection.add( entry ); - assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, resp.getLdapResult().getResultCode() ); + try + { + connection.add( entry ); + fail(); + } + catch ( LdapNoPermissionException lnpe ) + { + assertTrue( true ); + } } } Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientCompareRequestTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientCompareRequestTest.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientCompareRequestTest.java (original) +++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientCompareRequestTest.java Mon May 9 22:52:00 2011 @@ -80,13 +80,12 @@ public class ClientCompareRequestTest ex { Dn dn = new Dn( "uid=admin,ou=system" ); - CompareResponse response = connection.compare( dn, SchemaConstants.UID_AT, "admin" ); - assertNotNull( response ); - assertTrue( response.isTrue() ); + boolean response = connection.compare( dn, SchemaConstants.UID_AT, "admin" ); + assertTrue( response ); response = connection.compare( dn.getName(), SchemaConstants.USER_PASSWORD_AT, "secret".getBytes() ); assertNotNull( response ); - assertTrue( response.isTrue() ); + assertTrue( response ); } Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientDeleteRequestTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientDeleteRequestTest.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientDeleteRequestTest.java (original) +++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientDeleteRequestTest.java Mon May 9 22:52:00 2011 @@ -41,6 +41,7 @@ import org.apache.directory.server.core. import org.apache.directory.server.core.integ.AbstractLdapTestUnit; import org.apache.directory.server.core.integ.FrameworkRunner; import org.apache.directory.shared.client.api.LdapApiIntegrationUtils; +import org.apache.directory.shared.ldap.model.exception.LdapContextNotEmptyException; import org.apache.directory.shared.ldap.model.exception.LdapException; import org.apache.directory.shared.ldap.model.message.Control; import org.apache.directory.shared.ldap.model.message.DeleteRequest; @@ -110,9 +111,7 @@ public class ClientDeleteRequestTest ext { assertTrue( session.exists( "cn=grand_child12,cn=child1,cn=parent,ou=system" ) ); - DeleteResponse response = connection.delete( "cn=grand_child12,cn=child1,cn=parent,ou=system" ); - assertNotNull( response ); - assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() ); + connection.delete( "cn=grand_child12,cn=child1,cn=parent,ou=system" ); assertFalse( session.exists( "cn=grand_child12,cn=child1,cn=parent,ou=system" ) ); } @@ -123,9 +122,15 @@ public class ClientDeleteRequestTest ext { assertTrue( session.exists( "cn=parent,ou=system" ) ); - DeleteResponse response = connection.delete( "cn=parent,ou=system" ); - assertNotNull( response ); - assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_NON_LEAF, response.getLdapResult().getResultCode() ); + try + { + connection.delete( "cn=parent,ou=system" ); + fail(); + } + catch ( LdapContextNotEmptyException lcnee ) + { + assertTrue( true ); + } assertTrue( session.exists( "cn=parent,ou=system" ) ); } @@ -138,9 +143,7 @@ public class ClientDeleteRequestTest ext if ( connection.isControlSupported( "1.2.840.113556.1.4.805" ) ) { - DeleteResponse response = connection.deleteTree( "cn=parent,ou=system" ); - assertNotNull( response ); - assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() ); + connection.deleteTree( "cn=parent,ou=system" ); assertFalse( session.exists( "cn=parent,ou=system" ) ); } Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyDnRequestTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyDnRequestTest.java?rev=1101261&r1=1101260&r2=1101261&view=diff ============================================================================== --- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyDnRequestTest.java (original) +++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyDnRequestTest.java Mon May 9 22:52:00 2011 @@ -83,9 +83,7 @@ public class ClientModifyDnRequestTest e @Test public void testRename() throws Exception { - ModifyDnResponse resp = connection.rename( DN, "cn=modifyDnWithString" ); - assertNotNull( resp ); - assertFalse( session.exists( new Dn( DN ) ) ); + connection.rename( DN, "cn=modifyDnWithString" ); assertTrue( session.exists( new Dn( "cn=modifyDnWithString,ou=system" ) ) ); } @@ -93,8 +91,7 @@ public class ClientModifyDnRequestTest e @Test public void testRenameWithoutDeleteOldRdn() throws Exception { - ModifyDnResponse resp = connection.rename( DN, "cn=modifyDnWithString", false ); - assertNotNull( resp ); + connection.rename( DN, "cn=modifyDnWithString", false ); Dn oldDn = new Dn( DN ); assertFalse( session.exists( oldDn ) ); @@ -110,8 +107,7 @@ public class ClientModifyDnRequestTest e @Test public void testMove() throws Exception { - ModifyDnResponse resp = connection.move( DN, "ou=users,ou=system" ); - assertNotNull( resp ); + connection.move( DN, "ou=users,ou=system" ); Dn oldDn = new Dn( DN ); assertFalse( session.exists( oldDn ) );