https://issues.apache.org/jira/browse/AMQ-826 - ldap based authorization - making tests work again, upgrading to apache ds 1.5.7, fixing ldif

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1091401 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan 2011-04-12 13:25:34 +00:00
parent efd4a3f723
commit 26cf6a7f26
7 changed files with 125 additions and 108 deletions

View File

@ -255,10 +255,19 @@
<!-- LDAP tests --> <!-- LDAP tests -->
<dependency> <dependency>
<groupId>org.apache.directory.server</groupId> <groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId> <artifactId>apacheds-core-integ</artifactId>
<version>1.0.0</version> <version>${directory-version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-server-integ</artifactId>
<version>${directory-version}</version>
<scope>test</scope>
</dependency>
<dependency> <dependency>
<groupId>org.jmock</groupId> <groupId>org.jmock</groupId>
<artifactId>jmock-junit4</artifactId> <artifactId>jmock-junit4</artifactId>
@ -457,10 +466,6 @@
<!-- This test only works on machines which have ssh propertly configured --> <!-- This test only works on machines which have ssh propertly configured -->
<exclude>**/SSHTunnelNetworkReconnectTest.*</exclude> <exclude>**/SSHTunnelNetworkReconnectTest.*</exclude>
<!-- see http://issues.apache.org/activemq/browse/AMQ-826 -->
<!-- have not yet figured out the way to configure ApacheDS via Spring -->
<exclude>**/LDAPAuthorizationMapTest.*</exclude>
<!-- http://issues.apache.org/activemq/browse/AMQ-1027 --> <!-- http://issues.apache.org/activemq/browse/AMQ-1027 -->
<exclude>**/FailoverConsumerTest.*</exclude> <exclude>**/FailoverConsumerTest.*</exclude>

View File

@ -99,8 +99,8 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
connectionProtocol = "s"; connectionProtocol = "s";
authentication = "simple"; authentication = "simple";
topicSearchMatchingFormat = new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com"); topicSearchMatchingFormat = new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,ou=system");
queueSearchMatchingFormat = new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com"); queueSearchMatchingFormat = new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,ou=system");
adminBase = "(cn=admin)"; adminBase = "(cn=admin)";
adminAttribute = "uniqueMember"; adminAttribute = "uniqueMember";
@ -352,7 +352,8 @@ public class LDAPAuthorizationMap implements AuthorizationMap {
} }
for (Iterator<String> iter = acls.iterator(); iter.hasNext();) { for (Iterator<String> iter = acls.iterator(); iter.hasNext();) {
String roleName = iter.next(); String roleName = iter.next();
roles.add(new GroupPrincipal(roleName)); String[] components = roleName.split("=", 2);
roles.add(new GroupPrincipal(components[components.length - 1]));
} }
return roles; return roles;
} catch (NamingException e) { } catch (NamingException e) {

View File

@ -16,25 +16,29 @@
*/ */
package org.apache.activemq.security; package org.apache.activemq.security;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.naming.Context;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.apache.activemq.command.ActiveMQDestination; import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue; import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic; import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.jaas.GroupPrincipal; import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.directory.server.core.configuration.StartupConfiguration; import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.core.jndi.CoreContextFactory; import org.apache.directory.server.annotations.CreateTransport;
import org.springframework.context.ApplicationContext; import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.springframework.context.support.ClassPathXmlApplicationContext; import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.ldap.LdapServer;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import java.util.HashSet;
import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/** /**
* This test assumes setup like in file 'AMQauth.ldif'. Contents of this file is * This test assumes setup like in file 'AMQauth.ldif'. Contents of this file is
@ -42,38 +46,29 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
* *
* @author ngcutura * @author ngcutura
* *
*
*/ */
public class LDAPAuthorizationMapTest extends TestCase { @RunWith( FrameworkRunner.class )
private LDAPAuthorizationMap authMap; @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@ApplyLdifFiles(
"org/apache/activemq/security/AMQauth.ldif"
)
public class LDAPAuthorizationMapTest extends AbstractLdapTestUnit {
private static LDAPAuthorizationMap authMap;
protected void setUp() throws Exception { public static LdapServer ldapServer;
super.setUp();
startLdapServer();
@Before
public void setup() throws Exception {
authMap = new LDAPAuthorizationMap(); authMap = new LDAPAuthorizationMap();
authMap.setConnectionURL("ldap://localhost:1024");
} }
protected void startLdapServer() throws Exception { @Test
ApplicationContext factory = new ClassPathXmlApplicationContext("org/apache/activemq/security/ldap-spring.xml");
StartupConfiguration cfg = (StartupConfiguration) factory.getBean("configuration");
Properties env = (Properties) factory.getBean("environment");
env.setProperty(Context.PROVIDER_URL, "");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName());
env.putAll(cfg.toJndiEnvironment());
new InitialDirContext(env);
}
protected void tearDown() throws Exception {
super.tearDown();
}
public void testOpen() throws Exception { public void testOpen() throws Exception {
DirContext ctx = authMap.open(); DirContext ctx = authMap.open();
HashSet<String> set = new HashSet<String>(); HashSet<String> set = new HashSet<String>();
NamingEnumeration list = ctx.list("ou=destinations,o=ActiveMQ,dc=example,dc=com"); NamingEnumeration list = ctx.list("ou=destinations,o=ActiveMQ,ou=system");
while (list.hasMore()) { while (list.hasMore()) {
NameClassPair ncp = (NameClassPair) list.next(); NameClassPair ncp = (NameClassPair) list.next();
set.add(ncp.getName()); set.add(ncp.getName());
@ -86,6 +81,7 @@ public class LDAPAuthorizationMapTest extends TestCase {
* Test method for * Test method for
* 'org.apache.activemq.security.LDAPAuthorizationMap.getAdminACLs(ActiveMQDestination)' * 'org.apache.activemq.security.LDAPAuthorizationMap.getAdminACLs(ActiveMQDestination)'
*/ */
@Test
public void testGetAdminACLs() { public void testGetAdminACLs() {
ActiveMQDestination q1 = new ActiveMQQueue("queue1"); ActiveMQDestination q1 = new ActiveMQQueue("queue1");
Set aclsq1 = authMap.getAdminACLs(q1); Set aclsq1 = authMap.getAdminACLs(q1);
@ -102,6 +98,7 @@ public class LDAPAuthorizationMapTest extends TestCase {
* Test method for * Test method for
* 'org.apache.activemq.security.LDAPAuthorizationMap.getReadACLs(ActiveMQDestination)' * 'org.apache.activemq.security.LDAPAuthorizationMap.getReadACLs(ActiveMQDestination)'
*/ */
@Test
public void testGetReadACLs() { public void testGetReadACLs() {
ActiveMQDestination q1 = new ActiveMQQueue("queue1"); ActiveMQDestination q1 = new ActiveMQQueue("queue1");
Set aclsq1 = authMap.getReadACLs(q1); Set aclsq1 = authMap.getReadACLs(q1);
@ -118,6 +115,7 @@ public class LDAPAuthorizationMapTest extends TestCase {
* Test method for * Test method for
* 'org.apache.activemq.security.LDAPAuthorizationMap.getWriteACLs(ActiveMQDestination)' * 'org.apache.activemq.security.LDAPAuthorizationMap.getWriteACLs(ActiveMQDestination)'
*/ */
@Test
public void testGetWriteACLs() { public void testGetWriteACLs() {
ActiveMQDestination q1 = new ActiveMQQueue("queue1"); ActiveMQDestination q1 = new ActiveMQQueue("queue1");
Set aclsq1 = authMap.getWriteACLs(q1); Set aclsq1 = authMap.getWriteACLs(q1);

View File

@ -16,23 +16,18 @@
## --------------------------------------------------------------------------- ## ---------------------------------------------------------------------------
version: 1 version: 1
dn: dc=example,dc=com
objectClass: top
objectClass: domain
objectClass: extensibleObject
dc: example
dn: o=ActiveMQ,dc=example,dc=com dn: o=ActiveMQ,ou=system
objectclass: organization objectclass: organization
objectclass: top objectclass: top
o: ActiveMQ o: ActiveMQ
dn: ou=users,o=ActiveMQ,dc=example,dc=com dn: ou=users,o=ActiveMQ,ou=system
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: users ou: users
dn: uid=ngcutura,ou=users,o=ActiveMQ,dc=example,dc=com dn: uid=ngcutura,ou=users,o=ActiveMQ,ou=system
objectclass: inetOrgPerson objectclass: inetOrgPerson
objectclass: organizationalPerson objectclass: organizationalPerson
objectclass: person objectclass: person
@ -42,71 +37,75 @@ sn: Cutura
uid: ngcutura uid: ngcutura
userpassword:: e3NoYX0wZE9sTGxnU2ZRT3NSaFR5OGx3NUM3K1hlSkE9 userpassword:: e3NoYX0wZE9sTGxnU2ZRT3NSaFR5OGx3NUM3K1hlSkE9
dn: cn=roles,uid=ngcutura,ou=users,o=ActiveMQ,dc=example,dc=com dn: cn=roles,uid=ngcutura,ou=users,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: roles cn: roles
uniquemember: aa uniquemember: uid=ngcutura
dn: ou=destinations,o=ActiveMQ,dc=example,dc=com dn: ou=destinations,o=ActiveMQ,ou=system
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: destinations ou: destinations
dn: ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: topics ou: topics
dn: uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: uidObject objectclass: uidObject
objectclass: top objectclass: top
objectclass: applicationProcess
uid: topic1 uid: topic1
cn: topic1
dn: cn=admin,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: cn=admin,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: admin cn: admin
uniquemember: role1 uniquemember: uid=role1
dn: cn=read,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: cn=read,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: read cn: read
uniquemember: role2 uniquemember: uid=role2
dn: cn=write,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: cn=write,uid=topic1,ou=topics,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: write cn: write
uniquemember: role3 uniquemember: uid=role3
dn: ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: ou=queues,ou=destinations,o=ActiveMQ,ou=system
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: queues ou: queues
dn: uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
objectclass: applicationProcess
objectclass: uidObject objectclass: uidObject
objectclass: top objectclass: top
uid: queue1 uid: queue1
cn: queue1
dn: cn=read,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: cn=read,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: read cn: read
uniquemember: role1 uniquemember: uid=role1
dn: cn=write,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: cn=write,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: write cn: write
uniquemember: role1 uniquemember: uid=role1
uniquemember: role2 uniquemember: uid=role2
dn: cn=admin,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com dn: cn=admin,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system
objectclass: groupOfUniqueNames objectclass: groupOfUniqueNames
objectclass: top objectclass: top
cn: admin cn: admin
uniquemember: role1 uniquemember: uid=role1

View File

@ -16,47 +16,37 @@
*/ */
package org.apache.activemq.jaas; package org.apache.activemq.jaas;
import static org.junit.Assert.assertTrue; import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import java.io.IOException; import org.apache.directory.server.integ.ServerIntegrationUtils;
import java.net.URL; import org.apache.directory.server.ldap.LdapServer;
import java.util.HashSet; import org.apache.directory.server.annotations.CreateLdapServer;
import java.util.Hashtable; import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.junit.Test;
import org.junit.runner.RunWith;
import javax.naming.Context; import javax.naming.Context;
import javax.naming.NameClassPair; import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration; import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext; import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext; import javax.naming.directory.InitialDirContext;
import javax.security.auth.callback.Callback; import javax.security.auth.callback.*;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.net.URL;
import java.util.HashSet;
import java.util.Hashtable;
import org.apache.directory.server.core.integ.Level; import static org.junit.Assert.assertTrue;
import org.apache.directory.server.core.integ.annotations.ApplyLdifs;
import org.apache.directory.server.core.integ.annotations.CleanupLevel;
import org.apache.directory.server.integ.SiRunner;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.apache.directory.server.ldap.LdapServer; @RunWith ( FrameworkRunner.class )
@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@RunWith ( SiRunner.class ) @ApplyLdifFiles(
@CleanupLevel ( Level.CLASS ) "test.ldif"
@ApplyLdifs( {
"dn: uid=first,ou=system\n" +
"uid: first\n" +
"userPassword: secret\n" +
"objectClass: account\n" +
"objectClass: simpleSecurityObject\n" +
"objectClass: top\n"
}
) )
public class LDAPLoginModuleTest { public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
static { static {
String path = System.getProperty("java.security.auth.login.config"); String path = System.getProperty("java.security.auth.login.config");
@ -69,8 +59,9 @@ public class LDAPLoginModuleTest {
} }
} }
private static final String BASE = "ou=system"; private static final String BASE = "o=ActiveMQ,ou=system";
public static LdapServer ldapServer; public static LdapServer ldapServer;
private static final String FILTER = "(objectclass=*)"; private static final String FILTER = "(objectclass=*)";
private static final String PRINCIPAL = "uid=admin,ou=system"; private static final String PRINCIPAL = "uid=admin,ou=system";

View File

@ -0,0 +1,23 @@
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
dn: uid=first,ou=system
uid: first
userPassword: secret
objectClass: account
objectClass: simpleSecurityObject
objectClass: top

View File

@ -57,7 +57,7 @@
<commons-logging-version>1.1</commons-logging-version> <commons-logging-version>1.1</commons-logging-version>
<commons-pool-version>1.5.4</commons-pool-version> <commons-pool-version>1.5.4</commons-pool-version>
<commons-primitives-version>1.0</commons-primitives-version> <commons-primitives-version>1.0</commons-primitives-version>
<directory-version>1.5.5</directory-version> <directory-version>1.5.7</directory-version>
<geronimo-version>1.0</geronimo-version> <geronimo-version>1.0</geronimo-version>
<howl-version>0.1.8</howl-version> <howl-version>0.1.8</howl-version>
<hsqldb-version>1.7.2.2</hsqldb-version> <hsqldb-version>1.7.2.2</hsqldb-version>
@ -67,7 +67,7 @@
<jsp-version>2.1.v20100127</jsp-version> <jsp-version>2.1.v20100127</jsp-version>
<jettison-version>1.2</jettison-version> <jettison-version>1.2</jettison-version>
<jmock-version>2.5.1</jmock-version> <jmock-version>2.5.1</jmock-version>
<junit-version>4.5</junit-version> <junit-version>4.8.1</junit-version>
<jxta-version>2.0</jxta-version> <jxta-version>2.0</jxta-version>
<karaf-version>2.2.0</karaf-version> <karaf-version>2.2.0</karaf-version>
<log4j-version>1.2.14</log4j-version> <log4j-version>1.2.14</log4j-version>