Google Git
Sign in
apache / directory-server / c6abbe49547d60df9c324badadaf7fba0a283aa9 / . / trunk / ldap-client-test / src / test / java / org / apache / directory / shared / client / api / operations / bind / SimpleBindRequestTest.java
blob: e0ef9ed0cabea57fd803883b6f8ae1c6ef298c96 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.shared.client.api.operations.bind;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.util.concurrent.TimeUnit;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationException;
import org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException;
import org.apache.directory.api.ldap.model.message.BindRequest;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.ldap.client.api.LdapAsyncConnection;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.ldap.client.api.future.BindFuture;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifs;
import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
import org.apache.directory.server.core.api.interceptor.Interceptor;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
/**
* Test the Simple BindRequest operation
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
@RunWith(FrameworkRunner.class)
@CreateLdapServer(transports =
{ @CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS") })
@ApplyLdifs(
{
// Entry # 1
"dn: uid=superuser,ou=system",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: top",
"cn: superuser",
"sn: administrator",
"displayName: Directory Superuser",
"uid: superuser",
"userPassword: test",
"",
// Entry # 2
"dn: uid=superuser2,ou=system",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: top",
"cn: superuser2",
"sn: administrator",
"displayName: Directory Superuser",
"uid: superuser2",
"userPassword: test1",
"userPassword: test2"
})
public class SimpleBindRequestTest extends AbstractLdapTestUnit
{
private LdapAsyncConnection connection;
/**
* Create the LdapConnection
*/
@Before
public void setup() throws Exception
{
connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
connection.setTimeOut( 0L );
}
/**
* Close the LdapConnection
*/
@After
public void shutdown() throws Exception
{
if ( connection != null )
{
connection.close();
}
}
/**
* Test a successful synchronous bind request. the server allows it.
*/
@Test
public void testSyncBindRequest() throws Exception
{
connection.bind( "uid=admin,ou=system", "secret" );
assertTrue( connection.isAuthenticated() );
connection.unBind();
connection.close();
}
/**
* Test a successful asynchronous bind request, 10 times.
*/
@Test
public void testAsyncBindRequest() throws Exception
{
int i = 0;
int nbLoop = 10;
for ( ; i < nbLoop; i++ )
{
BindRequest bindRequest = new BindRequestImpl();
bindRequest.setDn( new Dn( "uid=admin,ou=system" ) );
bindRequest.setCredentials( "secret" );
BindFuture bindFuture = connection.bindAsync( bindRequest );
BindResponse bindResponse = bindFuture.get( 1000, TimeUnit.MILLISECONDS );
assertNotNull( bindResponse );
assertEquals( ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode() );
assertTrue( connection.isAuthenticated() );
}
}
/**
* Test a successful simple bind request.
*/
@Test
public void testSimpleBindRequest() throws Exception
{
BindRequest bindRequest = new BindRequestImpl();
bindRequest.setDn( new Dn( "uid=admin,ou=system" ) );
bindRequest.setCredentials( "secret" );
BindResponse bindResponse = connection.bind( bindRequest );
assertNotNull( bindResponse );
assertEquals( ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode() );
assertTrue( connection.isAuthenticated() );
}
/**
* Test a successful simple bind request when the user has 2 passwords.
*/
@Test
public void testSimpleBindRequest2Passwords() throws Exception
{
BindRequest bindRequest = new BindRequestImpl();
bindRequest.setDn( new Dn( "uid=superUser2,ou=system" ) );
bindRequest.setCredentials( "test1" );
BindResponse bindResponse = connection.bind( bindRequest );
assertNotNull( bindResponse );
assertEquals( ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode() );
assertTrue( connection.isAuthenticated() );
bindRequest = new BindRequestImpl();
bindRequest.setDn( new Dn( "uid=superUser2,ou=system" ) );
bindRequest.setCredentials( "test2" );
bindResponse = connection.bind( bindRequest );
assertNotNull( bindResponse );
assertEquals( ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode() );
assertTrue( connection.isAuthenticated() );
}
/**
* Test a successful blank (anonymous) bind request.
*/
@Test
public void testBlankBindRequest() throws Exception
{
BindRequest bindRequest = new BindRequestImpl();
BindResponse bindResponse = connection.bind( bindRequest );
assertNotNull( bindResponse );
assertEquals( ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode() );
assertTrue( connection.isAuthenticated() );
}
/**
* Test a failing blank (anonymous) bind request.
*/
@Test
public void testBlankBindRequestNotAllowed() throws Exception
{
getLdapServer().getDirectoryService().setAllowAnonymousAccess( false );
try
{
connection.bind();
fail();
}
catch ( LdapOperationException le )
{
assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, le.getResultCode() );
}
getLdapServer().getDirectoryService().setAllowAnonymousAccess( true );
connection.bind();
assertTrue( connection.isAuthenticated() );
}
/**
* Test an Anonymous BindRequest
*/
@Test
public void testSimpleBindAnonymous() throws Exception
{
getLdapServer().getDirectoryService().setAllowAnonymousAccess( true );
//System.out.println( "------------------Create connection" + i + "-------------" );
LdapConnection connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
//System.out.println( "------------------Bind" + i + "-------------" );
// Try with no parameters
connection.anonymousBind();
assertTrue( connection.isAuthenticated() );
//System.out.println( "----------------Unbind" + i + "-------------" );
connection.unBind();
assertFalse( connection.isConnected() );
connection.close();
// Try with empty strings
connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
connection.bind( "", "" );
assertTrue( connection.isAuthenticated() );
connection.unBind();
assertFalse( connection.isConnected() );
connection.close();
// Try with null parameters
connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
connection.bind( ( String ) null, ( String ) null );
assertTrue( connection.isAuthenticated() );
assertTrue( connection.isConnected() );
connection.unBind();
assertFalse( connection.isConnected() );
connection.close();
connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
//System.out.println( "----------------Unbind done" + i + "-------------" );
assertFalse( connection.isConnected() );
connection.close();
//System.out.println( "----------------Unconnected" + i + "-------------" );
}
/**
* Test for DIRAPI-49 (LdapNetworkConnection.anonymousBind() uses name and credentials
* from configuration instead of empty values).
*/
@Test
public void testDIRAPI47() throws Exception
{
LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost( "localhost" );
config.setLdapPort( getLdapServer().getPort() );
config.setName( "uid=nonexisting,dc=example,dc=com" );
connection = new LdapNetworkConnection( config );
connection.anonymousBind();
assertTrue( connection.isAuthenticated() );
}
/**
* Test a failing Anonymous BindRequest
*/
@Test
public void testSimpleBindAnonymousNotAllowed() throws Exception
{
getLdapServer().getDirectoryService().setAllowAnonymousAccess( false );
try
{
connection.anonymousBind();
fail();
}
catch ( LdapOperationException le )
{
assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, le.getResultCode() );
}
getLdapServer().getDirectoryService().setAllowAnonymousAccess( true );
connection.anonymousBind();
assertTrue( connection.isAuthenticated() );
}
/**
* A bind with no name and a password is invalid
*/
@Test
public void testSimpleBindNoNamePassword() throws Exception
{
try
{
connection.bind( ( String ) null, "abc" );
fail();
}
catch ( LdapAuthenticationException lae )
{
ResultCodeEnum resultCode = lae.getResultCode();
assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resultCode );
assertFalse( connection.isAuthenticated() );
assertTrue( connection.isConnected() );
}
}
/**
* Test an unauthenticated bind (name, no password)
*/
@Test
public void testSimpleBindUnauthenticated() throws Exception
{
try
{
connection.bind( "uid=admin,ou=system" );
fail();
}
catch ( LdapUnwillingToPerformException lutpe )
{
ResultCodeEnum resultCode = lutpe.getResultCode();
assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, resultCode );
assertFalse( connection.isAuthenticated() );
assertTrue( connection.isConnected() );
}
}
/**
* Test an bind with no password
*/
@Test(expected = LdapUnwillingToPerformException.class)
public void testSimpleBindNoPassword() throws Exception
{
connection.bind( "uid=admin,ou=system", ( String ) null );
}
/**
* Test a valid bind
*/
@Test
public void testSimpleBindValid() throws Exception
{
connection.bind( "uid=admin,ou=system", "secret" );
assertTrue( connection.isAuthenticated() );
}
/**
* Test a bind with a valid user but a wrong password
*/
@Test
public void testSimpleBindValidUserWrongPassword() throws Exception
{
try
{
connection.bind( "uid=admin,ou=system", "badpassword" );
fail();
}
catch ( LdapAuthenticationException lae )
{
ResultCodeEnum resultCode = lae.getResultCode();
assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resultCode );
assertFalse( connection.isAuthenticated() );
assertTrue( connection.isConnected() );
}
}
/**
* Test a bind with an invalid user
*/
@Test
public void testSimpleBindInvalidUser() throws Exception
{
try
{
connection.bind( "uid=wrong,ou=system", "secret" );
fail();
}
catch ( LdapAuthenticationException lae )
{
ResultCodeEnum resultCode = lae.getResultCode();
assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resultCode );
assertFalse( connection.isAuthenticated() );
assertTrue( connection.isConnected() );
}
}
/**
* Test a valid bind followed by another valid bind
*/
@Test
public void testDoubleSimpleBindValid() throws Exception
{
BindRequest br1 = new BindRequestImpl();
br1.setDn( new Dn( "uid=admin,ou=system" ) );
br1.setCredentials( Strings.getBytesUtf8( "secret" ) );
BindResponse response1 = connection.bind( br1 );
assertTrue( connection.isAuthenticated() );
int messageId1 = response1.getMessageId();
// The messageId must have been incremented
BindRequest br2 = new BindRequestImpl();
br2.setDn( new Dn( "uid=admin,ou=system" ) );
br2.setCredentials( Strings.getBytesUtf8( "secret" ) );
BindResponse response2 = connection.bind( br2 );
int messageId2 = response2.getMessageId();
assertTrue( messageId2 > messageId1 );
assertTrue( connection.isAuthenticated() );
// Now, unbind
connection.unBind();
assertFalse( connection.isAuthenticated() );
assertFalse( connection.isConnected() );
// And Bind again. The messageId should be 1
BindRequest br3 = new BindRequestImpl();
br3.setDn( new Dn( "uid=admin,ou=system" ) );
br3.setCredentials( Strings.getBytesUtf8( "secret" ) );
BindResponse response3 = connection.bind( br3 );
int messageId = response3.getMessageId();
assertEquals( 1, messageId );
assertTrue( connection.isAuthenticated() );
}
/**
* Test that we can't send another request until the BindResponse arrives
*/
@Test
public void testRequestWhileBinding() throws Exception
{
try
{
// Inject the interceptor that waits 1 second when binding
// in order to be able to send a request before we get the response
Interceptor interceptor = new BaseInterceptor( "test" )
{
/**
* Wait 1 second before going any further
*/
public void bind( BindOperationContext bindContext ) throws LdapException
{
// Wait 1 second
try
{
Thread.sleep( 1000 );
}
catch ( InterruptedException ie )
{
// Ok, get out
}
next( bindContext );
}
};
getService().addFirst( interceptor );
// Send another BindRequest
BindRequest bindRequest = new BindRequestImpl();
bindRequest.setDn( new Dn( "uid=admin,ou=system" ) );
bindRequest.setCredentials( "secret" );
BindFuture bindFuture = connection.bindAsync( bindRequest );
// Wait a bit to be sure the server is processing the bind request
Thread.sleep( 200 );
// It will take 1 seconds to bind, let's send another bind request : it should fail
try
{
connection.bind( "uid=admin,ou=system", "secret" );
fail();
}
catch ( LdapUnwillingToPerformException lutpe )
{
assertFalse( connection.isAuthenticated() );
assertTrue( true );
}
// Now get back the BindResponse
BindResponse bindResponse = bindFuture.get( 2000, TimeUnit.MILLISECONDS );
assertNotNull( bindResponse );
assertEquals( ResultCodeEnum.SUCCESS, bindResponse.getLdapResult().getResultCode() );
assertTrue( connection.isAuthenticated() );
}
finally
{
getService().remove( "test" );
}
}
/**
* Bind with a new user when the connection is establish with an anonymous authent.
*/
@Test
public void testBindUserWhenAnonymous() throws Exception
{
// Bind anonymous
connection.bind();
assertTrue( connection.isAuthenticated() );
// Now bind with some credentials
connection.bind( "uid=admin, ou=system", "secret" );
assertTrue( connection.isAuthenticated() );
// And back to anonymous
connection.bind();
assertTrue( connection.isAuthenticated() );
}
/**
* Bind with a new user when the connection is establish with an anonymous authent.
*/
@Test
public void testBindUserWhenAlreadyBound() throws Exception
{
// Bind with some credentials
connection.bind( "uid=admin, ou=system", "secret" );
assertTrue( connection.isAuthenticated() );
// Bind with another user
connection.bind( "uid=superuser,ou=system", "test" );
assertTrue( connection.isAuthenticated() );
}
/**
* DIRSERVER-1548
*/
@Test
public void testSimpleBindInvalidFwdByValidOnSameCon() throws Exception
{
try
{
connection.bind( "uid=admin,ou=system", "wrongpwd" );
fail();
}
catch ( LdapAuthenticationException lae )
{
assertFalse( connection.isAuthenticated() );
}
connection.bind( "uid=admin,ou=system", "secret" );
assertTrue( connection.isAuthenticated() );
}
}