Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 82064E4E0 for ; Wed, 6 Feb 2013 15:11:11 +0000 (UTC) Received: (qmail 43694 invoked by uid 500); 6 Feb 2013 15:11:11 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 43644 invoked by uid 500); 6 Feb 2013 15:11:10 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 43598 invoked by uid 99); 6 Feb 2013 15:11:09 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Feb 2013 15:11:08 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Feb 2013 15:11:01 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 4FD5F238896F; Wed, 6 Feb 2013 15:10:42 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1443002 - in /jackrabbit/oak/trunk/oak-core: ./ src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/ src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ src/test/java/org/apache/jackrabbit/oak/sec... Date: Wed, 06 Feb 2013 15:10:41 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130206151042.4FD5F238896F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Wed Feb 6 15:10:41 2013 New Revision: 1443002 URL: http://svn.apache.org/viewvc?rev=1443002&view=rev Log: OAK-516: Create LdapLoginModule based on ExternalLoginModule (tests; patch provided by manfred baedke) Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/InternalLdapServer.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginStandaloneTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginWithRepoLoginTest.java Modified: jackrabbit/oak/trunk/oak-core/pom.xml jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java Modified: jackrabbit/oak/trunk/oak-core/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1443002&r1=1443001&r2=1443002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/pom.xml (original) +++ jackrabbit/oak/trunk/oak-core/pom.xml Wed Feb 6 15:10:41 2013 @@ -225,5 +225,11 @@ 1.0.1 test + + org.apache.directory.server + apacheds-server-unit + 1.5.5 + test + Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java?rev=1443002&r1=1443001&r2=1443002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java Wed Feb 6 15:10:41 2013 @@ -89,11 +89,16 @@ public class JndiLdapSearch implements L Map properties = new HashMap(); Map syncMap = user instanceof LdapGroup ? settings.getGroupAttributes() : settings.getUserAttributes(); + Map lcSyncMap = new HashMap(); + for (Map.Entry entry : syncMap.entrySet()) { + String key = entry.getKey(); + lcSyncMap.put(key == null? null : key.toLowerCase(), entry.getValue()); + } while (namingEnumeration.hasMore()) { Attribute attribute = namingEnumeration.next(); - String key = attribute.getID(); - if (syncMap.containsKey(key)) { - properties.put(syncMap.get(key), parseAttributeValue(attribute)); + String key = attribute.getID().toLowerCase(); + if (lcSyncMap.containsKey(key)) { + properties.put(lcSyncMap.get(key), parseAttributeValue(attribute)); } } user.setProperties(properties); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java?rev=1443002&r1=1443001&r2=1443002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java Wed Feb 6 15:10:41 2013 @@ -111,7 +111,7 @@ public class DefaultSyncHandler implemen @CheckForNull private User createUser(ExternalUser externalUser) throws RepositoryException, SyncException { if (mode.contains(SyncMode.MODE_CREATE_USER)) { - User user = userManager.createUser(externalUser.getId(), externalUser.getPassword(), externalUser.getPrincipal(), externalUser.getPath()); + User user = userManager.createUser(externalUser.getId(), externalUser.getPassword(), externalUser.getPrincipal(), null); syncAuthorizable(externalUser, user); return user; } else { @@ -122,7 +122,7 @@ public class DefaultSyncHandler implemen @CheckForNull private Group createGroup(ExternalGroup externalGroup) throws RepositoryException, SyncException { if (mode.contains(SyncMode.MODE_CREATE_GROUPS)) { - Group group = userManager.createGroup(externalGroup.getId(), externalGroup.getPrincipal(), externalGroup.getPath()); + Group group = userManager.createGroup(externalGroup.getId(), externalGroup.getPrincipal(), null); syncAuthorizable(externalGroup, group); return group; } else { Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/InternalLdapServer.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/InternalLdapServer.java?rev=1443002&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/InternalLdapServer.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/InternalLdapServer.java Wed Feb 6 15:10:41 2013 @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authentication.ldap; + +import java.io.File; +import javax.naming.directory.BasicAttributes; +import javax.naming.directory.DirContext; +import javax.naming.ldap.LdapContext; + +import org.apache.directory.server.constants.ServerDNConstants; +import org.apache.directory.server.unit.AbstractServerTest; + +class InternalLdapServer extends AbstractServerTest { + + public static final String GROUP_MEMBER_ATTR = "member"; + public static final String GROUP_CLASS_ATTR = "groupOfNames"; + + public static final String ADMIN_PW = "secret"; + + public void setUp() throws Exception { + super.setUp(); + doDelete = true; + } + + public void tearDown() throws Exception { + super.tearDown(); + } + + @Override + protected void configureDirectoryService() throws Exception { + directoryService.setWorkingDirectory(new File("target", "apacheds")); + doDelete(directoryService.getWorkingDirectory()); + } + + public int getPort() { + return port; + } + + public String addUser(String firstName, String lastName, String userId, String password) + throws Exception { + String cn = firstName + ' ' + lastName; + String dn = buildDn(cn, false); + StringBuilder entries = new StringBuilder(); + entries.append("dn: ").append(dn).append('\n') + .append("objectClass: inetOrgPerson\n").append("cn: ").append(cn) + .append('\n').append("sn: ").append(lastName) + .append('\n').append("givenName:").append(firstName) + .append('\n').append("uid: ").append(userId) + .append('\n').append("userPassword: ").append(password).append("\n\n"); + injectEntries(entries.toString()); + return dn; + } + + public String addGroup(String name) throws Exception { + String dn = buildDn(name, true); + StringBuilder entries = new StringBuilder(); + entries.append("dn: ").append(dn).append('\n').append("objectClass: ") + .append(GROUP_CLASS_ATTR).append('\n').append(GROUP_MEMBER_ATTR) + .append(":\n").append("cn: ").append(name).append("\n\n"); + injectEntries(entries.toString()); + return dn; + } + + public void addMember(String groupDN, String memberDN) throws Exception { + LdapContext ctxt = getWiredContext(); + BasicAttributes attrs = new BasicAttributes(); + attrs.put("member", memberDN); + ctxt.modifyAttributes(groupDN, DirContext.ADD_ATTRIBUTE, attrs); + } + + public void removeMember(String groupDN, String memberDN) throws Exception { + LdapContext ctxt = getWiredContext(); + BasicAttributes attrs = new BasicAttributes(); + attrs.put("member", memberDN); + ctxt.modifyAttributes(groupDN, DirContext.REMOVE_ATTRIBUTE, attrs); + } + + private static String buildDn(String name, boolean isGroup) { + StringBuilder dn = new StringBuilder(); + dn.append(name).append(','); + if (isGroup) { + dn.append(ServerDNConstants.GROUPS_SYSTEM_DN); + } else { + dn.append(ServerDNConstants.USERS_SYSTEM_DN); + } + return dn.toString(); + } +} Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginStandaloneTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginStandaloneTest.java?rev=1443002&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginStandaloneTest.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginStandaloneTest.java Wed Feb 6 15:10:41 2013 @@ -0,0 +1,144 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authentication.ldap; + +import javax.jcr.SimpleCredentials; +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; + +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule; +import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncMode; +import org.junit.Ignore; +import org.junit.Test; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +@Ignore //ignore for the moment because "mvn test" runs into PermGen memory issues +public class LdapLoginStandaloneTest extends LdapLoginTestBase { + + @Override + protected Configuration getConfiguration() { + return new Configuration() { + @Override + public AppConfigurationEntry[] getAppConfigurationEntry(String s) { + return new AppConfigurationEntry[]{ + new AppConfigurationEntry( + LdapLoginModule.class.getName(), + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, + options) + }; + } + }; + } + @Test + public void testSyncUpdateAndGroups() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, new String[]{SyncMode.UPDATE, SyncMode.CREATE_GROUP}); + + // create user upfront in order to test update mode + userManager.createUser(USER_ID, USER_PWD); + root.commit(); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + Authorizable user = userManager.getAuthorizable(USER_ID); + assertNotNull(user); + assertTrue(user.hasProperty(USER_PROP)); + Authorizable group = userManager.getAuthorizable(GROUP_DN); + assertTrue(group.hasProperty(GROUP_PROP)); + assertNotNull(group); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + @Test + public void testDefaultSync() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, null); + + // create user upfront in order to test update mode + userManager.createUser(USER_ID, USER_PWD); + root.commit(); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + Authorizable user = userManager.getAuthorizable(USER_ID); + assertNotNull(user); + assertTrue(user.hasProperty(USER_PROP)); + Authorizable group = userManager.getAuthorizable(GROUP_DN); + assertTrue(group.hasProperty(GROUP_PROP)); + assertNotNull(group); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + @Test + public void testSyncUpdate() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, SyncMode.UPDATE); + + // create user upfront in order to test update mode + userManager.createUser(USER_ID, USER_PWD); + root.commit(); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + Authorizable user = userManager.getAuthorizable(USER_ID); + assertNotNull(user); + assertTrue(user.hasProperty(USER_PROP)); + assertNull(userManager.getAuthorizable(GROUP_DN)); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } +} Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java?rev=1443002&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java Wed Feb 6 15:10:41 2013 @@ -0,0 +1,269 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authentication.ldap; + +import java.util.HashMap; +import javax.jcr.SimpleCredentials; +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; +import javax.security.auth.login.LoginException; + +import org.apache.directory.server.constants.ServerDNConstants; +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.oak.AbstractSecurityTest; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule; +import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncMode; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +public abstract class LdapLoginTestBase extends AbstractSecurityTest { + + protected static final InternalLdapServer LDAP_SERVER = new InternalLdapServer(); + + protected static final String USER_ID = "foobar"; + protected static final String USER_PWD = "foobar"; + protected static final String USER_FIRSTNAME = "Foo"; + protected static final String USER_LASTNAME = "Bar"; + protected static final String USER_ATTR = "givenName"; + protected static final String USER_PROP = "profile/name"; + protected static final String GROUP_PROP = "profile/member"; + protected static final String GROUP_NAME = "foobargroup"; + + protected static String GROUP_DN; + + //initialize LDAP server only once (fast, but might turn out to be not sufficiently flexible in the future) + protected static final boolean USE_COMMON_LDAP_FIXTURE = true; + + protected final HashMap options = new HashMap(); + + protected UserManager userManager; + + @BeforeClass + public static void beforeClass() throws Exception { + if (USE_COMMON_LDAP_FIXTURE) { + LDAP_SERVER.setUp(); + createLdapFixture(); + } + } + + @AfterClass + public static void afterClass() throws Exception { + if (USE_COMMON_LDAP_FIXTURE) { + LDAP_SERVER.tearDown(); + } + } + + @Override + protected Configuration getConfiguration() { + return new Configuration() { + @Override + public AppConfigurationEntry[] getAppConfigurationEntry(String s) { + return new AppConfigurationEntry[]{ + new AppConfigurationEntry( + LdapLoginModule.class.getName(), + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, + options) + }; + } + }; + } + + @Before + public void before() throws Exception { + super.before(); + + if (!USE_COMMON_LDAP_FIXTURE) { + LDAP_SERVER.setUp(); + } + + options.put(LdapSettings.KEY_HOST, "127.0.0.1"); + options.put(LdapSettings.KEY_PORT, String.valueOf(LDAP_SERVER.getPort())); + options.put(LdapSettings.KEY_AUTHDN, ServerDNConstants.ADMIN_SYSTEM_DN); + options.put(LdapSettings.KEY_AUTHPW, InternalLdapServer.ADMIN_PW); + options.put(LdapSettings.KEY_USERROOT, ServerDNConstants.USERS_SYSTEM_DN); + options.put(LdapSettings.KEY_GROUPROOT, ServerDNConstants.GROUPS_SYSTEM_DN); + options.put(LdapSettings.KEY_AUTOCREATEUSER + USER_ATTR, USER_PROP); + options.put(LdapSettings.KEY_AUTOCREATEGROUP + InternalLdapServer.GROUP_MEMBER_ATTR, GROUP_PROP); + options.put(LdapSettings.KEY_GROUPFILTER, "(objectclass=" + InternalLdapServer.GROUP_CLASS_ATTR + ')'); + options.put(LdapSettings.KEY_GROUPMEMBERSHIPATTRIBUTE, InternalLdapServer.GROUP_MEMBER_ATTR); + options.put(ExternalLoginModule.PARAM_SYNC_MODE, SyncMode.CREATE_USER); + + userManager = securityProvider.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT); + } + + @After + public void after() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + LDAP_SERVER.tearDown(); + } + + try { + Authorizable a = userManager.getAuthorizable(USER_ID); + if (a != null) { + a.remove(); + } + if (GROUP_DN != null) { + a = userManager.getAuthorizable(GROUP_DN); + if (a != null) { + a.remove(); + } + } + root.commit(); + } finally { + root.refresh(); + super.after(); + } + } + + @Test + public void testLoginFailed() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + try { + ContentSession cs = login(new SimpleCredentials(USER_ID, new char[0])); + cs.close(); + fail("login failure expected"); + } catch (LoginException e) { + // success + } finally { + assertNull(userManager.getAuthorizable(USER_ID)); + } + } + + @Test + public void testSyncCreateUser() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, SyncMode.CREATE_USER); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + Authorizable user = userManager.getAuthorizable(USER_ID); + assertNotNull(user); + assertTrue(user.hasProperty(USER_PROP)); + assertNull(userManager.getAuthorizable(GROUP_DN)); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + @Test + public void testSyncCreateGroup() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, SyncMode.CREATE_GROUP); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + assertNull(userManager.getAuthorizable(USER_ID)); + assertNull(userManager.getAuthorizable(GROUP_DN)); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + @Test + public void testSyncCreateUserAndGroups() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, new String[]{SyncMode.CREATE_USER, SyncMode.CREATE_GROUP}); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + Authorizable user = userManager.getAuthorizable(USER_ID); + assertNotNull(user); + assertTrue(user.hasProperty(USER_PROP)); + Authorizable group = userManager.getAuthorizable(GROUP_DN); + assertTrue(group.hasProperty(GROUP_PROP)); + assertNotNull(group); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + @Test + public void testNoSync() throws Exception { + + if (!USE_COMMON_LDAP_FIXTURE) { + createLdapFixture(); + } + + options.put(ExternalLoginModule.PARAM_SYNC_MODE, ""); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray())); + + root.refresh(); + assertNull(userManager.getAuthorizable(USER_ID)); + assertNull(userManager.getAuthorizable(GROUP_DN)); + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + protected static void createLdapFixture() throws Exception { + LDAP_SERVER.addMember( + GROUP_DN = LDAP_SERVER.addGroup(GROUP_NAME), + LDAP_SERVER.addUser(USER_FIRSTNAME, USER_LASTNAME, USER_ID, USER_PWD)); + } +} Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginWithRepoLoginTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginWithRepoLoginTest.java?rev=1443002&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginWithRepoLoginTest.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginWithRepoLoginTest.java Wed Feb 6 15:10:41 2013 @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authentication.ldap; + +import java.util.Collections; +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; + +import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl; +import org.junit.Ignore; + +@Ignore //ignore for the moment because "mvn test" runs into PermGen memory issues +public class LdapLoginWithRepoLoginTest extends LdapLoginTestBase { + + @Override + protected Configuration getConfiguration() { + return new Configuration() { + @Override + public AppConfigurationEntry[] getAppConfigurationEntry(String s) { + return new AppConfigurationEntry[]{ + new AppConfigurationEntry( + LoginModuleImpl.class.getName(), + AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, + Collections.emptyMap()), + new AppConfigurationEntry( + LdapLoginModule.class.getName(), + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, + options) + }; + } + }; + } +} Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java?rev=1443002&r1=1443001&r2=1443002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java Wed Feb 6 15:10:41 2013 @@ -42,7 +42,7 @@ import static org.junit.Assert.fail; */ public class ExternalLoginModuleTest extends AbstractSecurityTest { - private final HashMap options = new HashMap(); + protected final HashMap options = new HashMap(); private String userId; private Set ids = new HashSet();