For 3rd PR (POM fixed) - [BAEL-4451] LDAP Authentication using Pure Java
This commit is contained in:
gjohnson
parent
903ca563ad
commit
d800af95b8
|
|
@ -41,6 +41,18 @@
|
|||
<artifactId>h2</artifactId>
|
||||
<version>${h2.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.directory.server</groupId>
|
||||
<artifactId>apacheds-test-framework</artifactId>
|
||||
<version>${apacheds.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.assertj</groupId>
|
||||
<artifactId>assertj-core</artifactId>
|
||||
<version>3.21.0</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
|
@ -59,6 +71,7 @@
|
|||
<properties>
|
||||
<spring.version>5.0.9.RELEASE</spring.version>
|
||||
<h2.version>1.4.199</h2.version>
|
||||
<apacheds.version>2.0.0.AM26</apacheds.version>
|
||||
<source.version>1.8</source.version>
|
||||
<target.version>1.8</target.version>
|
||||
</properties>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,165 @@
|
|||
package com.baeldung.jndi.ldap.auth;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
|
||||
import java.util.Hashtable;
|
||||
|
||||
import javax.naming.AuthenticationException;
|
||||
import javax.naming.Context;
|
||||
import javax.naming.NamingEnumeration;
|
||||
import javax.naming.directory.Attributes;
|
||||
import javax.naming.directory.DirContext;
|
||||
import javax.naming.directory.InitialDirContext;
|
||||
import javax.naming.directory.SearchControls;
|
||||
import javax.naming.directory.SearchResult;
|
||||
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
import org.apache.directory.server.annotations.CreateTransport;
|
||||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.annotations.CreateDS;
|
||||
import org.apache.directory.server.core.annotations.CreatePartition;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
@RunWith(FrameworkRunner.class)
|
||||
@CreateLdapServer(transports = { @CreateTransport(protocol = "LDAP", address = "localhost", port = 10390)})
|
||||
@CreateDS(
|
||||
allowAnonAccess = false, partitions = {@CreatePartition(name = "TestPartition", suffix = "dc=baeldung,dc=com")})
|
||||
@ApplyLdifFiles({"users.ldif"})
|
||||
// class marked as manual test, as it has to run independently from the other unit tests in the module
|
||||
public class JndiLdapAuthManualTest extends AbstractLdapTestUnit {
|
||||
|
||||
private static void authenticateUser(Hashtable<String, String> environment) throws Exception {
|
||||
DirContext context = new InitialDirContext(environment);
|
||||
context.close();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPreloadedLDAPUserJoe_whenAuthUserWithCorrectPW_thenAuthSucceeds() throws Exception {
|
||||
|
||||
Hashtable<String, String> environment = new Hashtable<String, String>();
|
||||
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
environment.put(Context.PROVIDER_URL, "ldap://localhost:10390");
|
||||
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
|
||||
environment.put(Context.SECURITY_PRINCIPAL, "cn=Joe Simms,ou=Users,dc=baeldung,dc=com");
|
||||
environment.put(Context.SECURITY_CREDENTIALS, "12345");
|
||||
|
||||
assertThatCode(() -> authenticateUser(environment)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPreloadedLDAPUserJoe_whenAuthUserWithWrongPW_thenAuthFails() throws Exception {
|
||||
|
||||
Hashtable<String, String> environment = new Hashtable<String, String>();
|
||||
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
environment.put(Context.PROVIDER_URL, "ldap://localhost:10390");
|
||||
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
|
||||
environment.put(Context.SECURITY_PRINCIPAL, "cn=Joe Simms,ou=Users,dc=baeldung,dc=com");
|
||||
environment.put(Context.SECURITY_CREDENTIALS, "wronguserpw");
|
||||
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> authenticateUser(environment));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPreloadedLDAPUserJoe_whenSearchAndAuthUserWithCorrectPW_thenAuthSucceeds() throws Exception {
|
||||
|
||||
// first authenticate against LDAP as admin to search up DN of user : Joe Simms
|
||||
|
||||
Hashtable<String, String> environment = new Hashtable<String, String>();
|
||||
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
environment.put(Context.PROVIDER_URL, "ldap://localhost:10390");
|
||||
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
environment.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
|
||||
environment.put(Context.SECURITY_CREDENTIALS, "secret");
|
||||
|
||||
DirContext adminContext = new InitialDirContext(environment);
|
||||
|
||||
// define the search filter to find the person with CN : Joe Simms
|
||||
String filter = "(&(objectClass=person)(cn=Joe Simms))";
|
||||
|
||||
// declare the attributes we want returned for the object being searched
|
||||
String[] attrIDs = { "cn" };
|
||||
|
||||
// define the search controls
|
||||
SearchControls searchControls = new SearchControls();
|
||||
searchControls.setReturningAttributes(attrIDs);
|
||||
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
||||
|
||||
// search for User with filter cn=Joe Simms
|
||||
NamingEnumeration<SearchResult> searchResults = adminContext.search("dc=baeldung,dc=com", filter, searchControls);
|
||||
if (searchResults.hasMore()) {
|
||||
|
||||
SearchResult result = (SearchResult) searchResults.next();
|
||||
Attributes attrs = result.getAttributes();
|
||||
|
||||
String distinguishedName = result.getNameInNamespace();
|
||||
assertThat(distinguishedName).isEqualTo("cn=Joe Simms,ou=Users,dc=baeldung,dc=com");
|
||||
|
||||
String commonName = attrs.get("cn").toString();
|
||||
assertThat(commonName).isEqualTo("cn: Joe Simms");
|
||||
|
||||
// authenticate new context with DN for user Joe Simms, using correct password
|
||||
|
||||
environment.put(Context.SECURITY_PRINCIPAL, distinguishedName);
|
||||
environment.put(Context.SECURITY_CREDENTIALS, "12345");
|
||||
|
||||
assertThatCode(() -> authenticateUser(environment)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
adminContext.close();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPreloadedLDAPUserJoe_whenSearchAndAuthUserWithWrongPW_thenAuthFails() throws Exception {
|
||||
|
||||
// first authenticate against LDAP as admin to search up DN of user : Joe Simms
|
||||
|
||||
Hashtable<String, String> environment = new Hashtable<String, String>();
|
||||
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
environment.put(Context.PROVIDER_URL, "ldap://localhost:10390");
|
||||
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
environment.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
|
||||
environment.put(Context.SECURITY_CREDENTIALS, "secret");
|
||||
DirContext adminContext = new InitialDirContext(environment);
|
||||
|
||||
// define the search filter to find the person with CN : Joe Simms
|
||||
String filter = "(&(objectClass=person)(cn=Joe Simms))";
|
||||
|
||||
// declare the attributes we want returned for the object being searched
|
||||
String[] attrIDs = { "cn" };
|
||||
|
||||
// define the search controls
|
||||
SearchControls searchControls = new SearchControls();
|
||||
searchControls.setReturningAttributes(attrIDs);
|
||||
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
||||
|
||||
// search for User with filter cn=Joe Simms
|
||||
NamingEnumeration<SearchResult> searchResults = adminContext.search("dc=baeldung,dc=com", filter, searchControls);
|
||||
if (searchResults.hasMore()) {
|
||||
|
||||
SearchResult result = (SearchResult) searchResults.next();
|
||||
Attributes attrs = result.getAttributes();
|
||||
|
||||
String distinguishedName = result.getNameInNamespace();
|
||||
assertThat(distinguishedName).isEqualTo("cn=Joe Simms,ou=Users,dc=baeldung,dc=com");
|
||||
|
||||
String commonName = attrs.get("cn").toString();
|
||||
assertThat(commonName).isEqualTo("cn: Joe Simms");
|
||||
|
||||
// authenticate new context with DN for user Joe Simms, using wrong password
|
||||
|
||||
environment.put(Context.SECURITY_PRINCIPAL, distinguishedName);
|
||||
environment.put(Context.SECURITY_CREDENTIALS, "wronguserpassword");
|
||||
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> authenticateUser(environment));
|
||||
}
|
||||
|
||||
adminContext.close();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
|
||||
<encoder>
|
||||
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
|
||||
</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
|
||||
<root level="WARN">
|
||||
<appender-ref ref="STDOUT" />
|
||||
</root>
|
||||
</configuration>
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
version: 1
|
||||
dn: dc=baeldung,dc=com
|
||||
objectClass: domain
|
||||
objectClass: top
|
||||
dc: baeldung
|
||||
|
||||
dn: ou=Users,dc=baeldung,dc=com
|
||||
objectClass: organizationalUnit
|
||||
objectClass: top
|
||||
ou: Users
|
||||
|
||||
dn: cn=Joe Simms,ou=Users,dc=baeldung,dc=com
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
cn: Joe Simms
|
||||
sn: Simms
|
||||
uid: user1
|
||||
userPassword: 12345
|
||||
Loading…
Reference in New Issue