jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r804457 [2/2] - in /incubator/jspwiki/trunk: ./ etc/ etc/ldap/ src/WebContent/templates/default/ src/java/org/apache/wiki/ src/java/org/apache/wiki/auth/ src/java/org/apache/wiki/auth/authorize/ src/java/org/apache/wiki/auth/login/ src/java...
Date Sat, 15 Aug 2009 11:53:38 GMT
Modified: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java?rev=804457&r1=804456&r2=804457&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java
(original)
+++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java
Sat Aug 15 11:53:37 2009
@@ -20,9 +20,13 @@
  */
 package org.apache.wiki.auth.login;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
 
 import javax.security.auth.Subject;
@@ -32,22 +36,26 @@
 
 import junit.framework.TestCase;
 
-import org.apache.wiki.auth.WikiPrincipal;
+import org.apache.wiki.TestEngine;
+import org.apache.wiki.WikiSession;
+import org.apache.wiki.auth.*;
+import org.apache.wiki.auth.authorize.LdapAuthorizer;
 import org.apache.wiki.auth.authorize.Role;
+import org.freshcookies.security.Keychain;
 
 /**
  * @author Andrew R. Jaquith
  */
 public class LdapLoginModuleTest extends TestCase
 {
-    private Map<String,String> m_options = null;
+    private Map<String,String> m_options = new HashMap<String, String>();
     
     public void setUp() {
         m_options = new HashMap<String, String>();
+        m_options.putAll( LdapConfig.OPEN_LDAP_CONFIG );
         m_options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://127.0.0.1:4890" );
         m_options.put( LdapLoginModule.OPTION_LOGIN_ID_PATTERN, "uid={0},ou=people,dc=jspwiki,dc=org"
);
-        m_options.put( LdapLoginModule.OPTION_USER_BASE, "ou=people,dc=jspwiki,dc=org" );
-        m_options.put( LdapLoginModule.OPTION_USER_PATTERN, "(&(objectClass=inetOrgPerson)(uid={0}))"
);
+        m_options.put( LdapLoginModule.OPTION_USER_BASE, "dc=jspwiki,dc=org" );
         m_options.put( LdapLoginModule.OPTION_AUTHENTICATION, "simple" );
     }
 
@@ -118,29 +126,61 @@
         assertTrue( principals.contains( new WikiPrincipal( "FredFlintstone", WikiPrincipal.WIKI_NAME
) ) );
     }
     
+    /**
+     * Script for logging into test Active Directory.
+     * @param args
+     * @throws Exception
+     */
+    @SuppressWarnings("deprecation")
     public static final void main( String... args ) throws Exception
     {
-        LdapLoginModuleTest t = new LdapLoginModuleTest();
-
-        t.m_options.clear();
-        t.m_options.put( LdapLoginModule.OPTION_AUTHENTICATION, "DIGEST-MD5" );
-        t.m_options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://camb-dc01.forrester.loc:389"
);
-        t.m_options.put( LdapLoginModule.OPTION_LOGIN_ID_PATTERN, "(uid={0})" );
-        t.m_options.put( LdapLoginModule.OPTION_USER_BASE, "OU=users,OU=Cambridge,OU=Office
Locations,OU=forrester,DC=forrester,DC=loc" );
-        t.m_options.put( LdapLoginModule.OPTION_USER_PATTERN, "(&(objectClass=person)(mailNickname={0}))"
);
+        // Create the TestEngine properties
+        Properties props = new Properties();
+        props.load( TestEngine.findTestProperties() );
+
+        // Set the LoginModule options
+        Map<String,String> options = new HashMap<String,String>();
+        options.putAll( LdapConfig.ACTIVE_DIRECTORY_CONFIG );
+        options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://camb-dc01.forrester.loc:389"
);
+        options.put( LdapLoginModule.OPTION_USER_BASE, "OU=Office Locations,OU=forrester,DC=forrester,DC=loc"
);
+        options.put( LdapLoginModule.OPTION_AUTHENTICATION, "DIGEST-MD5" );
+        options.put( LdapConfig.PROPERTY_SSL, "false" );
+        for ( Map.Entry<String,String> option : options.entrySet() )
+        {
+            props.put( AuthenticationManager.PREFIX_LOGIN_MODULE_OPTIONS + option.getKey(),
option.getValue() );
+        }
+        props.put( AuthenticationManager.PROP_LOGIN_MODULE, LdapLoginModule.class.getName()
);
         
-        // Login with a user that IS in the database
+        // Set the Authorizer properties
+        props.put( AuthorizationManager.PROP_AUTHORIZER, LdapAuthorizer.class.getCanonicalName()
);
+        props.put( LdapConfig.PROPERTY_ROLE_BASE, "OU=Distribution Lists,OU=.Global,OU=forrester,DC=forrester,DC=loc"
);
+        props.put( LdapConfig.PROPERTY_BIND_DN, "ajaquith" );
+        props.put( AuthenticationManager.PROP_KEYCHAIN_PATH, "/Users/arj/workspace/ldap/forrester"
);
+        props.put( AuthenticationManager.PROP_KEYCHAIN_PASSWORD, "keychain-password" );
+        
+        // Set the UserDatabase properties
+        props.put( UserManager.PROP_READ_ONLY_PROFILES, "true" );
+        
+        TestEngine engine = new TestEngine( props );
+        
+        //
+        // 1. Test the LoginModule
+        //
+        Keychain keychain = new Keychain();
+        InputStream stream = new FileInputStream( new File( "/Users/arj/workspace/ldap/forrester")
);
+        keychain.load( stream, "keychain-password".toCharArray() );
+        Keychain.Password password = (Keychain.Password)keychain.getEntry( LdapConfig.KEYCHAIN_BIND_DN_ENTRY
);
         Subject subject = new Subject();
-        CallbackHandler handler = new WikiCallbackHandler( null, null, "ajaquith", "****"
);
+        CallbackHandler handler = new WikiCallbackHandler( null, null, "ajaquith", password.getPassword()
);
         LoginModule module = new LdapLoginModule();
-        module.initialize( subject, handler, new HashMap<String, Object>(), t.m_options
);
+        module.initialize( subject, handler, new HashMap<String, Object>(), options
);
         module.login();
         module.commit();
         
         // Successful login will inject the usual LoginPrincipal
         Set<Principal> principals = subject.getPrincipals();
         assertEquals( 3, principals.size() );
-        assertTrue( principals.contains( new WikiPrincipal( "ajaquith", WikiPrincipal.LOGIN_NAME
) ) );
+        //assertTrue( principals.contains( new WikiPrincipal( "ajaquith", WikiPrincipal.LOGIN_NAME
) ) );
         
         // PLUS, in this case only, principals for Wiki Name and Full Name
         assertTrue( principals.contains( new WikiPrincipal( "Andrew Jaquith", WikiPrincipal.FULL_NAME
) ) );
@@ -149,6 +189,23 @@
         // AuthenticationManager, NOT the LoginModule, adds the Role principals
         assertFalse( principals.contains( Role.AUTHENTICATED ) );
         assertFalse( principals.contains( Role.ALL ) );
+
+        //
+        // 2. Test the LdapAuthorizer
+        //
+        assertTrue( engine.getUserManager().isReadOnly() );
+        Authorizer authorizer = engine.getAuthorizationManager().getAuthorizer();
+
+        Principal[] roles = authorizer.getRoles();
+        assertNotSame( 0, roles.length );
+
+        // User does not belong to any roles
+        WikiSession session = engine.guestSession();
+        engine.getAuthenticationManager().login( session, "ajaquith", password.getPassword()
);
+        Role admin = new Role( "Admin" );
+        Role research = new Role( "Research - IT - Analysts" );
+        assertFalse( authorizer.isUserInRole( session, admin ) );
+        assertTrue( authorizer.isUserInRole( session, research ) );
     }
     
     public final void testLogout() throws Exception

Modified: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java?rev=804457&r1=804456&r2=804457&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java (original)
+++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java Sat Aug 15
11:53:37 2009
@@ -39,6 +39,7 @@
         TestSuite suite = new TestSuite( "User profile and database tests" );
         suite.addTestSuite( UserProfileTest.class );
         suite.addTestSuite( JDBCUserDatabaseTest.class );
+        suite.addTestSuite( LdapUserDatabaseTest.class );
         suite.addTestSuite( XMLUserDatabaseTest.class );
         return suite;
     }

Added: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java?rev=804457&view=auto
==============================================================================
--- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java
(added)
+++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java
Sat Aug 15 11:53:37 2009
@@ -0,0 +1,191 @@
+/*
+    JSPWiki - a JSP-based WikiWiki clone.
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.    
+ */
+package org.apache.wiki.auth.user;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.apache.wiki.TestEngine;
+import org.apache.wiki.auth.*;
+
+/**
+ * @author Andrew Jaquith
+ */
+public class LdapUserDatabaseTest extends TestCase
+{
+
+    private LdapUserDatabase m_db;
+
+    private TestEngine m_engine = null;
+
+    /**
+     * @see junit.framework.TestCase#setUp()
+     */
+    protected void setUp() throws Exception
+    {
+        super.setUp();
+        Properties props = new Properties();
+        props.load( TestEngine.findTestProperties() );
+        props.put( UserManager.PROP_DATABASE, "org.apache.wiki.auth.user.LdapUserDatabase"
);
+        props.put( LdapConfig.PROPERTY_CONNECTION_URL, "ldap://127.0.0.1:4890/" );
+        props.put( LdapConfig.PROPERTY_USER_BASE, "ou=people,dc=jspwiki,dc=org" );
+        props.put( LdapConfig.PROPERTY_AUTHENTICATION, "simple" );
+        props.put( LdapConfig.PROPERTY_LOGIN_ID_PATTERN, "uid={0},ou=people,dc=jspwiki,dc=org"
);
+        m_engine = new TestEngine( props );
+        m_db = new LdapUserDatabase();
+        m_db.initialize( m_engine, props );
+    }
+
+    protected void tearDown() throws Exception
+    {
+        super.tearDown();
+        m_engine.shutdown();
+    }
+
+    public void testFindByEmail() throws Exception
+    {
+        UserProfile profile = m_db.findByEmail( "janne@ecyrd.com" );
+        assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+        assertEquals( "janne", profile.getLoginName() );
+        assertEquals( "Janne Jalkanen", profile.getFullname() );
+        assertEquals( "JanneJalkanen", profile.getWikiName() );
+        assertEquals( "janne@ecyrd.com", profile.getEmail() );
+        
+        try
+        {
+            m_db.findByEmail( "foo@bar.org" );
+            // We should never get here
+            fail( "Found nonexistent user!" );
+        }
+        catch( NoSuchPrincipalException e )
+        {
+        }
+    }
+
+    public void testFindByFullName() throws Exception
+    {
+        UserProfile profile = m_db.findByFullName( "Janne Jalkanen" );
+        assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+        assertEquals( "janne", profile.getLoginName() );
+        assertEquals( "Janne Jalkanen", profile.getFullname() );
+        assertEquals( "JanneJalkanen", profile.getWikiName() );
+        assertEquals( "janne@ecyrd.com", profile.getEmail() );
+
+        try
+        {
+            m_db.findByEmail( "foo@bar.org" );
+            // We should never get here
+            fail( "Found nonexistent user!" );
+        }
+        catch( NoSuchPrincipalException e )
+        {
+            assertTrue( true );
+        }
+    }
+
+    public void testFindByUid() throws Exception
+    {
+        UserProfile profile = m_db.findByUid( "uid=janne,ou=people,dc=jspwiki,dc=org" );
+        assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+        assertEquals( "janne", profile.getLoginName() );
+        assertEquals( "Janne Jalkanen", profile.getFullname() );
+        assertEquals( "JanneJalkanen", profile.getWikiName() );
+        assertEquals( "janne@ecyrd.com", profile.getEmail() );
+        
+        try
+        {
+            m_db.findByEmail( "foo@bar.org" );
+            // We should never get here
+            fail( "Found nonexistent user!" );
+        }
+        catch( NoSuchPrincipalException e )
+        {
+            assertTrue( true );
+        }
+    }
+
+    public void testFindByWikiName() throws Exception
+    {
+        UserProfile profile = m_db.findByWikiName( "JanneJalkanen" );
+        assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+        assertEquals( "janne", profile.getLoginName() );
+        assertEquals( "Janne Jalkanen", profile.getFullname() );
+        assertEquals( "JanneJalkanen", profile.getWikiName() );
+        assertEquals( "janne@ecyrd.com", profile.getEmail() );
+
+        try
+        {
+            m_db.findByEmail( "foo" );
+            // We should never get here
+            fail( "Found nonexistent user!" );
+        }
+        catch( NoSuchPrincipalException e )
+        {
+            assertTrue( true );
+        }
+    }
+
+    public void testFindByLoginName() throws Exception
+    {
+        UserProfile profile = m_db.findByLoginName( "janne" );
+        assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+        assertEquals( "janne", profile.getLoginName() );
+        assertEquals( "Janne Jalkanen", profile.getFullname() );
+        assertEquals( "JanneJalkanen", profile.getWikiName() );
+        assertEquals( "janne@ecyrd.com", profile.getEmail() );
+        try
+        {
+            m_db.findByEmail( "FooBar" );
+            // We should never get here
+            fail( "Found nonexistent user!" );
+        }
+        catch( NoSuchPrincipalException e )
+        {
+            assertTrue( true );
+        }
+    }
+
+    public void testGetWikiNames() throws WikiSecurityException
+    {
+        // There are 8 test users in the database
+        Principal[] p = m_db.getWikiNames();
+        assertEquals( 8, p.length );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "TestUser", WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "Administrator", WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.ALICE, WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.BOB, WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.CHARLIE, WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "FredFlintstone", WikiPrincipal.WIKI_NAME
) ) );
+        assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.BIFF, WikiPrincipal.WIKI_NAME
) ) );
+    }
+
+    public void testValidatePassword()
+    {
+        assertFalse( m_db.validatePassword( "janne", "test" ) );
+        assertTrue( m_db.validatePassword( "janne", "myP@5sw0rd" ) );
+        assertTrue( m_db.validatePassword( "user", "password" ) );
+    }
+
+}



Mime
View raw message