Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-449: Refactoring towards more use of Spring LDAP. Also borrowed the Spring LDAP integration testing setup which is much better and makes use of the full LDAP stack. There were still problems with using Apache DS's CoreContextFactory (e.g. compare operations) so it is an improvement on that front too. Moved spring ldap to 1.2-RC1 version.

Browse Source
This commit is contained in:
Luke Taylor 2007-09-10 21:09:02 +00:00
parent eb28786d9b
commit 0503c3e1ab
22 changed files with 483 additions and 452 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
core/pom.xml
View File

@ -45,9 +45,9 @@
</dependency>
<dependency>
<!-- TODO: Upgrade to 1.2 before 2.0 release -->
<groupId>org.springframework</groupId>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap</artifactId>
<version>1.1.2</version>
<version>1.2-RC1</version>
<optional>true</optional>
</dependency>
<dependency>
@ -120,13 +120,19 @@
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core</artifactId>
<version>1.0.0</version>
<version>1.0.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-server-jndi</artifactId>
<version>1.0.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.0.1</version>
<version>1.4.3</version>
<scope>test</scope>
</dependency>
<dependency>
@ -138,7 +144,8 @@
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<version>1.2.14</version>
</dependency>
</dependencies>
<build>

4
core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java
View File

@ -26,9 +26,9 @@ import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import org.springframework.ldap.ContextSource;
import org.springframework.ldap.UncategorizedLdapException;
import org.springframework.ldap.support.DefaultDirObjectFactory;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
import org.springframework.dao.DataAccessException;
import java.util.Hashtable;

2
core/src/main/java/org/acegisecurity/ldap/InitialDirContextFactory.java
View File

@ -15,7 +15,7 @@
package org.acegisecurity.ldap;
import org.springframework.ldap.ContextSource;
import org.springframework.ldap.core.ContextSource;
import javax.naming.directory.DirContext;

4
core/src/main/java/org/acegisecurity/ldap/LdapUtils.java
View File

@ -19,8 +19,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;
import org.springframework.ldap.support.DistinguishedName;
import org.springframework.ldap.support.DirContextAdapter;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DistinguishedName;
import java.io.UnsupportedEncodingException;

12
core/src/main/java/org/acegisecurity/ldap/SpringSecurityLdapTemplate.java
View File

@ -20,11 +20,11 @@ import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.ldap.ContextSource;
import org.springframework.ldap.ContextExecutor;
import org.springframework.ldap.ContextMapper;
import org.springframework.ldap.support.DirContextAdapter;
import org.springframework.ldap.support.DistinguishedName;
import org.springframework.ldap.core.ContextExecutor;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DistinguishedName;
import java.util.HashSet;
import java.util.Set;
@ -49,7 +49,7 @@ import javax.naming.directory.SearchResult;
* @author Ben Alex
* @author Luke Taylor
*/
public class SpringSecurityLdapTemplate extends org.springframework.ldap.LdapTemplate {
public class SpringSecurityLdapTemplate extends org.springframework.ldap.core.LdapTemplate {
//~ Static fields/initializers =====================================================================================
public static final String[] NO_ATTRS = new String[0];

3
core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java
View File

@ -30,7 +30,8 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.util.Assert;
import org.springframework.ldap.ContextSource;
import org.springframework.ldap.core.ContextSource;
import javax.naming.directory.SearchControls;

2
core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java
View File

@ -31,7 +31,7 @@ import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;
import org.springframework.ldap.ContextMapper;
import org.springframework.ldap.core.ContextMapper;
import java.text.MessageFormat;

2
core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java
View File

@ -25,8 +25,8 @@ import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.ContextSource;
import org.springframework.dao.DataAccessException;
import org.springframework.ldap.core.ContextSource;
import javax.naming.directory.DirContext;
import java.util.Iterator;

75
core/src/test/java/org/acegisecurity/ldap/AbstractLdapIntegrationTests.java Normal file
View File

@ -0,0 +1,75 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ldap;
import org.springframework.test.AbstractDependencyInjectionSpringContextTests;
import org.springframework.ldap.core.ContextSource;
import org.springframework.core.io.ClassPathResource;
import java.io.File;
/**
* Based on class borrowed from Spring Ldap project.
*
* @author Luke Taylor
* @version $Id$
*/
public abstract class AbstractLdapIntegrationTests extends AbstractDependencyInjectionSpringContextTests {
private LdapServerManager ldapServerManager;
private ContextSource contextSource;
private DefaultInitialDirContextFactory initialDirContextFactory;
protected AbstractLdapIntegrationTests() {
super.setAutowireMode(AUTOWIRE_BY_NAME);
}
protected String[] getConfigLocations() {
return new String[] {"/org/acegisecurity/ldap/ldapIntegrationTestContext.xml"};
}
protected void onSetUp() throws Exception {
super.onSetUp();
ClassPathResource ldifs = new ClassPathResource("org/acegisecurity/ldap/setup_data.ldif");
ldapServerManager.cleanAndSetup(ldifs.getFile().getAbsolutePath());
}
public void setLdapServerManager(LdapServerManager ldapServerManager) {
this.ldapServerManager = ldapServerManager;
}
public ContextSource getContextSource() {
return contextSource;
}
public void setContextSource(ContextSource contextSource) {
this.contextSource = contextSource;
}
/**
* We have both a context source and intitialdircontextfactory. The former is also used in
* the cleanAndSetup method so any mods during tests can mess it up.
* TODO: Once the initialdircontextfactory stuff has been refactored, revisit this and remove this property.
*/
public DefaultInitialDirContextFactory getInitialDirContextFactory() {
return initialDirContextFactory;
}
public void setInitialDirContextFactory(DefaultInitialDirContextFactory initialDirContextFactory) {
this.initialDirContextFactory = initialDirContextFactory;
}
}

77
core/src/test/java/org/acegisecurity/ldap/AbstractLdapServerTestCase.java
View File

@ -1,77 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ldap;
import junit.framework.TestCase;
import org.apache.directory.server.core.jndi.CoreContextFactory;
import java.util.Hashtable;
/**
* @author Luke Taylor
* @version $Id$
*/
public abstract class AbstractLdapServerTestCase extends TestCase {
//~ Static fields/initializers =====================================================================================
private static final String ROOT_DN = "dc=acegisecurity,dc=org";
protected static final String MANAGER_USER = "cn=manager," + ROOT_DN;
protected static final String MANAGER_PASSWORD = "acegisecurity";
// External server config
// private static final String PROVIDER_URL = "ldap://gorille:389/"+ROOT_DN;
// private static final String CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
// private static final Hashtable EXTRA_ENV = new Hashtable();
// Embedded (non-networked) server config
private static final LdapTestServer SERVER = new LdapTestServer();
private static final String PROVIDER_URL = ROOT_DN;
private static final String CONTEXT_FACTORY = CoreContextFactory.class.getName();
private static final Hashtable EXTRA_ENV = SERVER.getConfiguration().toJndiEnvironment();
//~ Instance fields ================================================================================================
private DefaultInitialDirContextFactory idf;
//~ Constructors ===================================================================================================
protected AbstractLdapServerTestCase() {
}
protected AbstractLdapServerTestCase(String string) {
super(string);
}
//~ Methods ========================================================================================================
protected DefaultInitialDirContextFactory getInitialCtxFactory() {
return idf;
}
protected void onSetUp() {
}
public final void setUp() {
idf = new DefaultInitialDirContextFactory(PROVIDER_URL);
idf.setInitialContextFactory(CONTEXT_FACTORY);
idf.setExtraEnvVars(EXTRA_ENV);
idf.setUseLdapContext(true);
onSetUp();
}
}

65
core/src/test/java/org/acegisecurity/ldap/ConfigEnvHelper.java Normal file
View File

@ -0,0 +1,65 @@
/*
* Copyright 2005-2007 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ldap;
import java.io.File;
import java.util.Hashtable;
import javax.naming.Context;
import org.apache.directory.server.configuration.MutableServerStartupConfiguration;
import org.apache.directory.server.jndi.ServerContextFactory;
import org.springframework.beans.factory.InitializingBean;
/**
* Helper class to simplify Spring configuration of ApacheDS.
*
* @author Mattias Arthursson
* @author Luke Taylor (borrowed from Spring Ldap project).
*/
public class ConfigEnvHelper implements InitializingBean {
private final MutableServerStartupConfiguration configuration;
private final Hashtable initialEnv;
public ConfigEnvHelper(Hashtable initialEnv,
MutableServerStartupConfiguration configuration) {
this.initialEnv = initialEnv;
this.configuration = configuration;
}
public Hashtable getEnv() {
return initialEnv;
}
public void afterPropertiesSet() throws Exception {
// Attempt to use the maven target directory for the apache ds store. Property is passed
// through surefire plugin setup in pom.xml.
String apacheWorkDir = System.getProperty("apacheDSWorkDir");
if (apacheWorkDir == null) {
apacheWorkDir = System.getProperty("java.io.tmpdir") + File.separator + "apacheds-spring-security";
}
File workingDir = new File(apacheWorkDir);
initialEnv.put(Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName());
configuration.setWorkingDirectory(workingDir);
initialEnv.putAll(configuration.toJndiEnvironment());
}
}

22
core/src/test/java/org/acegisecurity/ldap/DefaultInitialDirContextFactoryTests.java
View File

@ -18,7 +18,6 @@ package org.acegisecurity.ldap;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.BadCredentialsException;
import org.springframework.ldap.UncategorizedLdapException;
import org.springframework.ldap.support.DirContextAdapter;
import java.util.Hashtable;
@ -32,15 +31,16 @@ import javax.naming.directory.DirContext;
* @author Luke Taylor
* @version $Id$
*/
public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTestCase {
public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegrationTests {
//~ Instance fields ================================================================================================
DefaultInitialDirContextFactory idf;
//~ Methods ========================================================================================================
public void onSetUp() {
idf = getInitialCtxFactory();
public void onSetUp() throws Exception {
super.onSetUp();
idf = getInitialDirContextFactory();
idf.setMessageSource(new AcegiMessageSource());
}
@ -65,9 +65,8 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTest
assertEquals("", idf.getRootDn());
}
public void testBindAsManagerFailsIfNoPasswordSet()
throws Exception {
idf.setManagerDn(MANAGER_USER);
public void testBindAsManagerFailsIfNoPasswordSet() throws Exception {
idf.setManagerDn("uid=bob,ou=people,dc=acegisecurity,dc=org");
DirContext ctx = null;
@ -83,8 +82,8 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTest
}
public void testBindAsManagerSucceeds() throws Exception {
idf.setManagerPassword(MANAGER_PASSWORD);
idf.setManagerDn(MANAGER_USER);
idf.setManagerPassword("bobspassword");
idf.setManagerDn("uid=bob,ou=people,dc=acegisecurity,dc=org");
DirContext ctx = idf.newInitialDirContext();
// Can't rely on this property being there with embedded server
@ -92,8 +91,7 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTest
ctx.close();
}
public void testConnectionAsSpecificUserSucceeds()
throws Exception {
public void testConnectionAsSpecificUserSucceeds() throws Exception {
DirContext ctx = idf.newInitialDirContext("uid=Bob,ou=people,dc=acegisecurity,dc=org", "bobspassword");
// We don't want pooling for specific users.
// assertNull(ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
@ -148,7 +146,7 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTest
public void testInvalidPasswordCausesBadCredentialsException()
throws Exception {
idf.setManagerDn(MANAGER_USER);
idf.setManagerDn("uid=bob,ou=people,dc=acegisecurity,dc=org");
idf.setManagerPassword("wrongpassword");
DirContext ctx = null;

130
core/src/test/java/org/acegisecurity/ldap/LdapServerManager.java Normal file
View File

@ -0,0 +1,130 @@
/*
* Copyright 2005-2007 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ldap;
import java.util.Properties;
import javax.naming.Binding;
import javax.naming.Context;
import javax.naming.ContextNotEmptyException;
import javax.naming.InitialContext;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.NameNotFoundException;
import javax.naming.directory.DirContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.directory.server.core.configuration.ShutdownConfiguration;
import org.apache.directory.server.jndi.ServerContextFactory;
import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
/**
* Utility class to initialize the apache directory server for use in the integration tests.
*
* @author Mattias Arthursson
* @author Luke Taylor (borrowed from Spring Ldap project).
*
*/
public class LdapServerManager implements DisposableBean {
private static Log log = LogFactory.getLog(LdapServerManager.class);
private ContextSource contextSource;
public void setContextSource(ContextSource contextSource) {
this.contextSource = contextSource;
}
public void destroy() throws Exception {
Properties env = new Properties();
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
ServerContextFactory.class.getName());
env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
env.setProperty(Context.SECURITY_CREDENTIALS, "secret");
ShutdownConfiguration configuration = new ShutdownConfiguration();
env.putAll(configuration.toJndiEnvironment());
new InitialContext(env);
}
public void cleanAndSetup(String ldifFile) throws Exception {
DirContext ctx = contextSource.getReadWriteContext();
// First of all, make sure the database is empty.
Name startingPoint = null;
// Different test cases have different base paths. This means that the
// starting point will be different.
if (ctx.getEnvironment().get(
DefaultDirObjectFactory.JNDI_ENV_BASE_PATH_KEY) != null) {
startingPoint = DistinguishedName.EMPTY_PATH;
} else {
startingPoint = new DistinguishedName("dc=acegisecurity,dc=org");
}
try {
log.info("Cleaning all present data.");
clearSubContexts(ctx, startingPoint);
// Load the ldif to the recently started server
log.info("Loading setup data");
LdifFileLoader loader = new LdifFileLoader(ctx, ldifFile);
loader.execute();
} finally {
ctx.close();
}
}
private void clearSubContexts(DirContext ctx, Name name) throws NamingException {
NamingEnumeration enumeration = null;
try {
enumeration = ctx.listBindings(name);
while (enumeration.hasMore()) {
Binding element = (Binding) enumeration.next();
DistinguishedName childName = new DistinguishedName(element.getName());
childName.prepend((DistinguishedName) name);
try {
ctx.destroySubcontext(childName);
} catch (ContextNotEmptyException e) {
clearSubContexts(ctx, childName);
ctx.destroySubcontext(childName);
}
}
} catch(NameNotFoundException ignored) {
}
catch (NamingException e) {
e.printStackTrace();
} finally {
try {
enumeration.close();
} catch (Exception e) {
// Never mind this
}
}
}
}

11
core/src/test/java/org/acegisecurity/ldap/LdapTemplateTests.java
View File

@ -15,8 +15,8 @@
package org.acegisecurity.ldap;
import org.springframework.ldap.ContextExecutor;
import org.springframework.ldap.UncategorizedLdapException;
import org.springframework.ldap.core.ContextExecutor;
import java.util.Set;
@ -28,17 +28,16 @@ import javax.naming.directory.DirContext;
* @author Luke Taylor
* @version $Id$
*/
public class LdapTemplateTests extends AbstractLdapServerTestCase {
public class LdapTemplateTests extends AbstractLdapIntegrationTests {
//~ Instance fields ================================================================================================
private SpringSecurityLdapTemplate template;
//~ Methods ========================================================================================================
protected void onSetUp() {
getInitialCtxFactory().setManagerDn(MANAGER_USER);
getInitialCtxFactory().setManagerPassword(MANAGER_PASSWORD);
template = new SpringSecurityLdapTemplate(getInitialCtxFactory());
protected void onSetUp() throws Exception {
super.onSetUp();
template = new SpringSecurityLdapTemplate(getContextSource());
}
public void testCompareOfCorrectByteValueSucceeds() {

266
core/src/test/java/org/acegisecurity/ldap/LdapTestServer.java
View File

@ -1,266 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ldap;
import org.apache.directory.server.core.configuration.Configuration;
import org.apache.directory.server.core.configuration.MutablePartitionConfiguration;
import org.apache.directory.server.core.configuration.MutableStartupConfiguration;
import org.apache.directory.server.core.jndi.CoreContextFactory;
import org.apache.directory.server.core.partition.DefaultPartitionNexus;
import java.io.File;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
/**
* An embedded LDAP test server, complete with test data for running the unit tests against.
*
* @author Luke Taylor
* @version $Id$
*/
public class LdapTestServer {
//~ Instance fields ================================================================================================
private DirContext serverContext;
private MutableStartupConfiguration cfg;
//~ Constructors ===================================================================================================
/**
* Starts up and configures ApacheDS.
*/
public LdapTestServer() {
startLdapServer();
createManagerUser();
initTestData();
}
//~ Methods ========================================================================================================
public void createGroup(String cn, String groupContext, String ou, String[] memberDns) {
Attributes group = new BasicAttributes("cn", cn);
Attribute members = new BasicAttribute("member");
Attribute orgUnit = new BasicAttribute("ou", ou);
for (int i = 0; i < memberDns.length; i++) {
members.add(memberDns[i]);
}
Attribute objectClass = new BasicAttribute("objectClass");
objectClass.add("top");
objectClass.add("groupOfNames");
group.put(objectClass);
group.put(members);
group.put(orgUnit);
try {
DirContext ctx = serverContext.createSubcontext("cn=" + cn + "," + groupContext, group);
System.out.println("Created group " + ctx.getNameInNamespace());
} catch (NameAlreadyBoundException ignore) {
// System.out.println(" group " + cn + " already exists.");
} catch (NamingException ne) {
System.err.println("Failed to create group.");
ne.printStackTrace();
}
}
private void createManagerUser() {
Attributes user = new BasicAttributes("cn", "manager", true);
user.put("userPassword", "acegisecurity");
Attribute objectClass = new BasicAttribute("objectClass");
user.put(objectClass);
objectClass.add("top");
objectClass.add("person");
objectClass.add("organizationalPerson");
objectClass.add("inetOrgPerson");
user.put("sn", "Manager");
user.put("cn", "manager");
try {
serverContext.createSubcontext("cn=manager", user);
} catch (NameAlreadyBoundException ignore) {
// System.out.println("Manager user already exists.");
} catch (NamingException ne) {
System.err.println("Failed to create manager user.");
ne.printStackTrace();
}
}
public void createOu(String name) {
Attributes ou = new BasicAttributes("ou", name);
Attribute objectClass = new BasicAttribute("objectClass");
objectClass.add("top");
objectClass.add("organizationalUnit");
ou.put(objectClass);
try {
serverContext.createSubcontext(name, ou);
} catch (NameAlreadyBoundException ignore) {
// System.out.println(" ou " + name + " already exists.");
} catch (NamingException ne) {
System.err.println("Failed to create ou.");
ne.printStackTrace();
}
}
public void createUser(String uid, String cn, String password) {
Attributes user = new BasicAttributes("uid", uid);
user.put("cn", cn);
user.put("userPassword", LdapUtils.getUtf8Bytes(password));
Attribute objectClass = new BasicAttribute("objectClass");
user.put(objectClass);
objectClass.add("top");
objectClass.add("person");
objectClass.add("organizationalPerson");
objectClass.add("inetOrgPerson");
user.put("sn", uid);
try {
serverContext.createSubcontext("uid=" + uid + ",ou=people", user);
} catch (NameAlreadyBoundException ignore) {
// System.out.println(" user " + uid + " already exists.");
} catch (NamingException ne) {
System.err.println("Failed to create user.");
ne.printStackTrace();
}
}
public Configuration getConfiguration() {
return cfg;
}
private void initConfiguration() throws NamingException {
// Create the partition for the acegi tests
MutablePartitionConfiguration acegiDit = new MutablePartitionConfiguration();
acegiDit.setName("acegisecurity");
acegiDit.setSuffix("dc=acegisecurity,dc=org");
BasicAttributes attributes = new BasicAttributes();
BasicAttribute objectClass = new BasicAttribute("objectClass");
objectClass.add("top");
objectClass.add("domain");
objectClass.add("extensibleObject");
attributes.put(objectClass);
acegiDit.setContextEntry(attributes);
Set indexedAttrs = new HashSet();
indexedAttrs.add("objectClass");
indexedAttrs.add("uid");
indexedAttrs.add("cn");
indexedAttrs.add("ou");
indexedAttrs.add("member");
acegiDit.setIndexedAttributes(indexedAttrs);
Set partitions = new HashSet();
partitions.add(acegiDit);
cfg.setContextPartitionConfigurations(partitions);
}
private void initTestData() {
createOu("ou=people");
createOu("ou=groups");
createOu("ou=subgroups,ou=groups");
createUser("bob", "Bob Hamilton", "bobspassword");
createUser("ben", "Ben Alex", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
String[] developers = new String[]{
"uid=ben,ou=people,dc=acegisecurity,dc=org", "uid=bob,ou=people,dc=acegisecurity,dc=org"
};
createGroup("developers", "ou=groups", "developer", developers);
createGroup("managers", "ou=groups", "manager", new String[]{developers[0]});
createGroup("submanagers", "ou=subgroups,ou=groups", "submanager", new String[]{developers[0]});
}
public static void main(String[] args) {
LdapTestServer server = new LdapTestServer();
}
private void startLdapServer() {
cfg = new MutableStartupConfiguration();
// Attempt to use the maven target directory for the apache ds store. Property is passed
// through surefire plugin setup in pom.xml.
String apacheWorkDir = System.getProperty("apacheDSWorkDir");
if (apacheWorkDir == null) {
apacheWorkDir = System.getProperty("java.io.tmpdir") + File.separator + "apacheds-work";
}
File workingDir = new File(apacheWorkDir);
// Delete any previous contents (often not compatible between apache-ds versions).
deleteDir(workingDir);
((MutableStartupConfiguration) cfg).setWorkingDirectory(workingDir);
System.out.println("Ldap Server Working directory is " + workingDir.getAbsolutePath());
Properties env = new Properties();
env.setProperty(Context.PROVIDER_URL, "dc=acegisecurity,dc=org");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName());
env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, DefaultPartitionNexus.ADMIN_PRINCIPAL);
env.setProperty(Context.SECURITY_CREDENTIALS, DefaultPartitionNexus.ADMIN_PASSWORD);
try {
initConfiguration();
env.putAll(cfg.toJndiEnvironment());
serverContext = new InitialDirContext(env);
} catch (NamingException e) {
System.err.println("Failed to start Apache DS");
e.printStackTrace();
}
}
/**
* Recursively deletes a directory
*/
private boolean deleteDir(File dir) {
if (dir.isDirectory()) {
String[] children = dir.list();
for (int i = 0; i < children.length; i++) {
boolean success = deleteDir(new File(dir, children[i]));
if (!success) {
return false;
}
}
}
return dir.delete();
}
}

20
core/src/test/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearchTests.java
View File

@ -15,8 +15,8 @@
package org.acegisecurity.ldap.search;
import org.acegisecurity.ldap.AbstractLdapServerTestCase;
import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
import org.acegisecurity.ldap.AbstractLdapIntegrationTests;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
@ -30,26 +30,16 @@ import org.springframework.dao.IncorrectResultSizeDataAccessException;
* @author Luke Taylor
* @version $Id$
*/
public class FilterBasedLdapUserSearchTests extends AbstractLdapServerTestCase {
public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests {
//~ Instance fields ================================================================================================
private DefaultInitialDirContextFactory dirCtxFactory;
//~ Constructors ===================================================================================================
public FilterBasedLdapUserSearchTests(String string) {
super(string);
}
public FilterBasedLdapUserSearchTests() {
}
//~ Methods ========================================================================================================
public void onSetUp() {
dirCtxFactory = getInitialCtxFactory();
dirCtxFactory.setManagerDn(MANAGER_USER);
dirCtxFactory.setManagerPassword(MANAGER_PASSWORD);
public void onSetUp() throws Exception {
super.onSetUp();
dirCtxFactory = (DefaultInitialDirContextFactory) getContextSource();
}
public void testBasicSearch() {

9
core/src/test/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticatorTests.java
View File

@ -19,7 +19,8 @@ import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.ldap.AbstractLdapServerTestCase;
import org.acegisecurity.ldap.AbstractLdapIntegrationTests;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
@ -32,7 +33,7 @@ import org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper;
* @author Luke Taylor
* @version $Id$
*/
public class BindAuthenticatorTests extends AbstractLdapServerTestCase {
public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
//~ Instance fields ================================================================================================
private BindAuthenticator authenticator;
@ -40,7 +41,7 @@ public class BindAuthenticatorTests extends AbstractLdapServerTestCase {
//~ Methods ========================================================================================================
public void onSetUp() {
authenticator = new BindAuthenticator(getInitialCtxFactory());
authenticator = new BindAuthenticator((InitialDirContextFactory) getContextSource());
authenticator.setMessageSource(new AcegiMessageSource());
}
@ -95,6 +96,6 @@ public class BindAuthenticatorTests extends AbstractLdapServerTestCase {
public void testUserDnPatternReturnsCorrectDn() {
authenticator.setUserDnPatterns(new String[] {"cn={0},ou=people"});
assertEquals("cn=Joe,ou=people," + getInitialCtxFactory().getRootDn(), authenticator.getUserDns("Joe").get(0));
assertEquals("cn=Joe,ou=people," + ((InitialDirContextFactory)getContextSource()).getRootDn(), authenticator.getUserDns("Joe").get(0));
}
}

65
core/src/test/java/org/acegisecurity/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.java
View File

@ -17,7 +17,8 @@ package org.acegisecurity.providers.ldap.authenticator;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.ldap.AbstractLdapServerTestCase;
import org.acegisecurity.ldap.AbstractLdapIntegrationTests;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
@ -33,33 +34,33 @@ import org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper;
* @author Luke Taylor
* @version $Id$
*/
public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTestCase {
public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegrationTests {
//~ Instance fields ================================================================================================
private PasswordComparisonAuthenticator authenticator;
//~ Methods ========================================================================================================
public void onSetUp() {
getInitialCtxFactory().setManagerDn(MANAGER_USER);
getInitialCtxFactory().setManagerPassword(MANAGER_PASSWORD);
authenticator = new PasswordComparisonAuthenticator(getInitialCtxFactory());
public void onSetUp() throws Exception {
super.onSetUp();
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
}
public void tearDown() {
public void onTearDown() throws Exception {
super.onTearDown();
// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
}
public void testAllAttributesAreRetrivedByDefault() {
LdapUserDetails user = authenticator.authenticate("Bob", "bobspassword");
LdapUserDetails user = authenticator.authenticate("bob", "bobspassword");
//System.out.println(user.getAttributes().toString());
assertEquals("User should have 5 attributes", 5, user.getAttributes().size());
}
public void testFailedSearchGivesUserNotFoundException()
throws Exception {
authenticator = new PasswordComparisonAuthenticator(getInitialCtxFactory());
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
assertTrue("User DN matches shouldn't be available", authenticator.getUserDns("Bob").isEmpty());
authenticator.setUserSearch(new MockUserSearch(null));
authenticator.afterPropertiesSet();
@ -82,7 +83,7 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTest
} catch (BadCredentialsException expected) {}
}
/*
public void testLdapPasswordCompareFailsWithWrongPassword() {
// Don't retrieve the password
authenticator.setUserAttributes(new String[] {"cn", "sn"});
@ -92,7 +93,7 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTest
} catch(BadCredentialsException expected) {
}
}
*/
public void testLocalPasswordComparisonSucceedsWithCorrectPassword() {
LdapUserDetails user = authenticator.authenticate("Bob", "bobspassword");
// check username is retrieved.
@ -105,35 +106,28 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTest
authenticator.authenticate("Bob", "bobspassword");
}
public void testOnlySpecifiedAttributesAreRetrieved()
throws Exception {
public void testOnlySpecifiedAttributesAreRetrieved() throws Exception {
authenticator.setUserAttributes(new String[] {"userPassword"});
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
LdapUserDetails user = authenticator.authenticate("Bob", "bobspassword");
assertEquals("Should have retrieved 1 attribute (userPassword)", 1, user.getAttributes().size());
// assertEquals("Bob Hamilton", user.getAttributes().get("cn").get());
// assertEquals("bob", user.getAttributes().get("uid").get());
}
/*
public void testLdapCompareSucceedsWithCorrectPassword() {
// Don't retrieve the password
authenticator.setUserAttributes(new String[] {"cn"});
// Bob has a plaintext password.
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
authenticator.authenticate("bob", "bobspassword");
}
public void testLdapCompareSucceedsWithShaEncodedPassword() {
authenticator = new PasswordComparisonAuthenticator();
authenticator.setInitialDirContextFactory(dirCtxFactory);
authenticator.setUserDnPatterns("uid={0},ou=people");
// Don't retrieve the password
authenticator.setUserAttributes(new String[] {"cn"});
authenticator.authenticate("ben", "benspassword");
}
*/
public void testLdapCompareSucceedsWithCorrectPassword() {
// Don't retrieve the password
authenticator.setUserAttributes(new String[] {"cn"});
// Bob has a plaintext password.
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
authenticator.authenticate("bob", "bobspassword");
}
public void testLdapCompareSucceedsWithShaEncodedPassword() {
// Don't retrieve the password
authenticator.setUserAttributes(new String[] {"cn"});
authenticator.authenticate("ben", "benspassword");
}
public void testPasswordEncoderCantBeNull() {
try {
authenticator.setPasswordEncoder(null);
@ -150,16 +144,15 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapServerTest
LdapUserDetails bob = authenticator.authenticate("bob", "bob");
}
/*
public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
authenticator.setUserAttributes(new String[] {"cn"});
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
authenticator.setPasswordAttributeName("uid");
authenticator.authenticate("bob", "bob");
}
*/
public void testWithUserSearch() {
authenticator = new PasswordComparisonAuthenticator(getInitialCtxFactory());
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
assertTrue("User DN matches shouldn't be available", authenticator.getUserDns("Bob").isEmpty());
LdapUserDetailsImpl.Essence userEssence = new LdapUserDetailsImpl.Essence();

27
core/src/test/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java
View File

@ -17,14 +17,13 @@ package org.acegisecurity.providers.ldap.populator;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.ldap.AbstractLdapServerTestCase;
import org.acegisecurity.ldap.AbstractLdapIntegrationTests;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
import java.util.HashSet;
import java.util.Set;
import java.util.Map;
import java.util.HashMap;
import javax.naming.directory.BasicAttributes;
@ -35,12 +34,15 @@ import javax.naming.directory.BasicAttributes;
* @author Luke Taylor
* @version $Id$
*/
public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTestCase {
public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegrationTests {
private DefaultLdapAuthoritiesPopulator populator;
//~ Methods ========================================================================================================
public void onSetUp() {
getInitialCtxFactory().setManagerDn(MANAGER_USER);
getInitialCtxFactory().setManagerPassword(MANAGER_PASSWORD);
protected void onSetUp() throws Exception {
super.onSetUp();
populator = new DefaultLdapAuthoritiesPopulator((InitialDirContextFactory) getContextSource(), "ou=groups");
}
// public void testUserAttributeMappingToRoles() {
@ -67,8 +69,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
// }
public void testDefaultRoleIsAssignedWhenSet() {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
"ou=groups");
populator.setDefaultRole("ROLE_USER");
LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
@ -82,8 +83,6 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
}
public void testGroupSearchReturnsExpectedRoles() {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
"ou=groups");
populator.setRolePrefix("ROLE_");
populator.setGroupRoleAttribute("ou");
populator.setSearchSubtree(true);
@ -108,8 +107,6 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
}
public void testUseOfUsernameParameterReturnsExpectedRoles() {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
"ou=groups");
populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true);
populator.setGroupSearchFilter("(ou={1})");
@ -124,8 +121,6 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
}
public void testSubGroupRolesAreNotFoundByDefault() {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
"ou=groups");
populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true);
@ -143,8 +138,6 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTest
}
public void testSubGroupRolesAreFoundWhenSubtreeSearchIsEnabled() {
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
"ou=groups");
populator.setGroupRoleAttribute("ou");
populator.setConvertToUpperCase(true);
populator.setSearchSubtree(true);

81
core/src/test/resources/org/acegisecurity/ldap/apacheDsContext.xml Normal file
View File

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This context automatically starts the Apache Directory Server
and sets up the test data
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<!-- JNDI environment variable -->
<bean id="environment"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="properties">
<props>
<prop key="java.naming.security.authentication">
simple
</prop>
<prop key="java.naming.security.principal">
${userDn}
</prop>
<prop key="java.naming.security.credentials">
${password}
</prop>
</props>
</property>
</bean>
<!--
Note the non-standard port, in order to leave 389 unused, thus
making it easier for the integration tests requiring OpenLDAP.
-->
<bean id="configuration" class="org.apache.directory.server.configuration.MutableServerStartupConfiguration">
<property name="ldapPort" value="3900" />
<property name="contextPartitionConfigurations">
<set>
<bean class="org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration">
<property name="name" value="acegisecurity" />
<property name="suffix" value="dc=acegisecurity,dc=org" />
<property name="contextEntry">
<value>
objectClass: top
objectClass: domain
objectClass: extensibleObject
dc: acegisecurity
</value>
</property>
</bean>
</set>
</property>
</bean>
<bean id="configEnvHelper" class="org.acegisecurity.ldap.ConfigEnvHelper">
<constructor-arg ref="environment" />
<constructor-arg ref="configuration" />
</bean>
<bean name="serverContext" class="javax.naming.InitialContext">
<constructor-arg>
<bean class="org.springframework.beans.factory.config.PropertyPathFactoryBean">
<property name="targetObject" ref="configEnvHelper" />
<property name="propertyPath" value="env" />
</bean>
</constructor-arg>
</bean>
<bean name="ldapServerManager" class="org.acegisecurity.ldap.LdapServerManager">
<property name="contextSource" ref="contextSource" />
</bean>
<!-- Custom editors required to launch ApacheDS -->
<bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
<property name="customEditors">
<map>
<entry key="javax.naming.directory.Attributes">
<bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
</entry>
</map>
</property>
</bean>
</beans>

36
core/src/test/resources/org/acegisecurity/ldap/ldapIntegrationTestContext.xml Normal file
View File

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<import resource="classpath:/org/acegisecurity/ldap/apacheDsContext.xml"/>
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="classpath:/org/acegisecurity/ldap/ldapserver.properties" />
</bean>
<!--
<bean id="contextSource" class="org.springframework.ldap.core.support.DirContextSource" >
<property name="urls" value="${urls}" />
<property name="userDn" value="${userDn}" />
<property name="password" value="${password}" />
<property name="base" value="${base}" />
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
</bean>
-->
<bean id="contextSource" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory" >
<constructor-arg value="${fullUrl}"/>
<property name="managerDn" value="${userDn}"/>
<property name="managerPassword" value="${password}" />
<property name="useLdapContext" value="true"/>
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
</bean>
<!-- Here for refactoring, until we have a satisfactory context source implementation -->
<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory" >
<constructor-arg value="${fullUrl}"/>
<property name="useLdapContext" value="true"/>
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
</bean>
</beans>

5
core/src/test/resources/org/acegisecurity/ldap/ldapserver.properties Normal file
View File

@ -0,0 +1,5 @@
urls=ldap://127.0.0.1:3900
userDn=uid=admin,ou=system
password=secret
base=dc=acegisecurity,dc=org
fullUrl=ldap://127.0.0.1:3900/dc=acegisecurity,dc=org