server-unit/src/test/java/org/apache/directory/server/DefaultAuthorizationTest.java - directory-server - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */
 package org.apache.directory.server;

 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Set;

 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;

 import org.apache.directory.server.unit.AbstractServerTest;
 import org.apache.directory.shared.ldap.message.LockableAttributeImpl;
 import org.apache.directory.shared.ldap.message.LockableAttributesImpl;

 /**
  * Simple test for DefaultAuthorizationService. Adds two users emtries below
  * ou=users,ou=system and checks whether a user is only allowed to see his own
  * entry.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev: $
  */
 public class DefaultAuthorizationTest extends AbstractServerTest
 {
     private LdapContext ctx = null;

     public static final String TORI_RDN = "cn=Tori Amos";

     public static final String FIONA_RDN = "cn=Fiona Apple";

     public static final String FIONA_DN = "cn=Fiona apple,ou=users,ou=system";

     public static final String FIONA_PASSWORD = "machine";

     /**
      * Creation of required attributes of a person entry.
      */
     protected Attributes getPersonAttributes(String sn, String cn)
     {
         Attributes attributes = new LockableAttributesImpl();
         Attribute attribute = new LockableAttributeImpl( "objectClass" );
         attribute.add( "top" );
         attribute.add( "person" );
         attributes.put( attribute );
         attributes.put( "cn", cn );
         attributes.put( "sn", sn );

         return attributes;
     }

     /**
      * Creates an environment for JNDI LDAP connection.
      *
      * @param principalDn
      *            Bind DN
      * @param password
      *            password
      */
     protected Hashtable getEnvironment(String principalDn, String password)
     {

         Hashtable env = new Hashtable();
         env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
         env.put( "java.naming.provider.url", "ldap://localhost:" + port + "/ou=system" );
         env.put( "java.naming.security.principal", principalDn );
         env.put( "java.naming.security.credentials", password );
         env.put( "java.naming.security.authentication", "simple" );

         return env;
     }

     /**
      * Create context and two person entries.
      */
     public void setUp() throws Exception
     {
         super.setUp();

         Hashtable env = getEnvironment( "uid=admin,ou=system", "secret" );
         ctx = new InitialLdapContext( env, null );
         assertNotNull( ctx );

         LdapContext users = (LdapContext) ctx.lookup( "ou=users" );

         // Create two persons
         Attributes tori = this.getPersonAttributes( "Amos", "Tori Amos" );
         users.createSubcontext( TORI_RDN, tori );
         Attributes fiona = this.getPersonAttributes( "Apple", "Fiona Apple" );
         fiona.put( "userPassword", FIONA_PASSWORD );
         users.createSubcontext( FIONA_RDN, fiona );
     }

     /**
      * Remove person entries and close context.
      */
     public void tearDown() throws Exception
     {
         LdapContext users = (LdapContext) ctx.lookup( "ou=users" );

         users.unbind( FIONA_RDN );
         users.unbind( TORI_RDN );
         ctx.close();
         ctx = null;
         super.tearDown();
     }

     /**
      * Check whether a user is only allowed to see his/her own entry, if located
      * below ou=users,ou=system.
      */
     public void testUserOnlySeesOwnUserEntry() throws Exception
     {

         Hashtable env = getEnvironment( FIONA_DN, FIONA_PASSWORD );
         LdapContext uCtx = new InitialLdapContext( env, null );
         assertNotNull( uCtx );

         SearchControls ctls = new SearchControls();
         ctls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         NamingEnumeration enm = uCtx.search( "ou=users", "(objectClass=*)", ctls );
         int count = 0;
         while (enm.hasMore())
         {
             count++;
             SearchResult sr = (SearchResult) enm.next();
             assertEquals( FIONA_RDN, sr.getName() );
         }
         assertEquals( 1, count );

         enm.close();
         uCtx.close();
     }

     /**
      * Check whether admin is allowed to see both user entries
      */
     public void testAdminSeesAllUserEntries() throws Exception
     {

         SearchControls ctls = new SearchControls();
         ctls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
         NamingEnumeration enm = ctx.search( "ou=users", "(objectClass=*)", ctls );

         Set allNames = new HashSet();
         allNames.add( TORI_RDN );
         allNames.add( FIONA_RDN );
         int count = 0;

         while (enm.hasMore())
         {
             count++;
             SearchResult sr = (SearchResult) enm.next();
             assertTrue( allNames.contains( sr.getName() ) );
         }
         assertEquals( 2, count );

         enm.close();
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.server;

	import java.util.HashSet;
	import java.util.Hashtable;
	import java.util.Set;

	import javax.naming.NamingEnumeration;
	import javax.naming.directory.Attribute;
	import javax.naming.directory.Attributes;
	import javax.naming.directory.SearchControls;
	import javax.naming.directory.SearchResult;
	import javax.naming.ldap.InitialLdapContext;
	import javax.naming.ldap.LdapContext;

	import org.apache.directory.server.unit.AbstractServerTest;
	import org.apache.directory.shared.ldap.message.LockableAttributeImpl;
	import org.apache.directory.shared.ldap.message.LockableAttributesImpl;

	/**
	* Simple test for DefaultAuthorizationService. Adds two users emtries below
	* ou=users,ou=system and checks whether a user is only allowed to see his own
	* entry.
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	* @version $Rev: $
	*/
	public class DefaultAuthorizationTest extends AbstractServerTest
	{
	private LdapContext ctx = null;

	public static final String TORI_RDN = "cn=Tori Amos";

	public static final String FIONA_RDN = "cn=Fiona Apple";

	public static final String FIONA_DN = "cn=Fiona apple,ou=users,ou=system";

	public static final String FIONA_PASSWORD = "machine";

	/**
	* Creation of required attributes of a person entry.
	*/
	protected Attributes getPersonAttributes(String sn, String cn)
	{
	Attributes attributes = new LockableAttributesImpl();
	Attribute attribute = new LockableAttributeImpl( "objectClass" );
	attribute.add( "top" );
	attribute.add( "person" );
	attributes.put( attribute );
	attributes.put( "cn", cn );
	attributes.put( "sn", sn );

	return attributes;
	}

	/**
	* Creates an environment for JNDI LDAP connection.
	*
	* @param principalDn
	* Bind DN
	* @param password
	* password
	*/
	protected Hashtable getEnvironment(String principalDn, String password)
	{

	Hashtable env = new Hashtable();
	env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
	env.put( "java.naming.provider.url", "ldap://localhost:" + port + "/ou=system" );
	env.put( "java.naming.security.principal", principalDn );
	env.put( "java.naming.security.credentials", password );
	env.put( "java.naming.security.authentication", "simple" );

	return env;
	}

	/**
	* Create context and two person entries.
	*/
	public void setUp() throws Exception
	{
	super.setUp();

	Hashtable env = getEnvironment( "uid=admin,ou=system", "secret" );
	ctx = new InitialLdapContext( env, null );
	assertNotNull( ctx );

	LdapContext users = (LdapContext) ctx.lookup( "ou=users" );

	// Create two persons
	Attributes tori = this.getPersonAttributes( "Amos", "Tori Amos" );
	users.createSubcontext( TORI_RDN, tori );
	Attributes fiona = this.getPersonAttributes( "Apple", "Fiona Apple" );
	fiona.put( "userPassword", FIONA_PASSWORD );
	users.createSubcontext( FIONA_RDN, fiona );
	}

	/**
	* Remove person entries and close context.
	*/
	public void tearDown() throws Exception
	{
	LdapContext users = (LdapContext) ctx.lookup( "ou=users" );

	users.unbind( FIONA_RDN );
	users.unbind( TORI_RDN );
	ctx.close();
	ctx = null;
	super.tearDown();
	}

	/**
	* Check whether a user is only allowed to see his/her own entry, if located
	* below ou=users,ou=system.
	*/
	public void testUserOnlySeesOwnUserEntry() throws Exception
	{

	Hashtable env = getEnvironment( FIONA_DN, FIONA_PASSWORD );
	LdapContext uCtx = new InitialLdapContext( env, null );
	assertNotNull( uCtx );

	SearchControls ctls = new SearchControls();
	ctls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
	NamingEnumeration enm = uCtx.search( "ou=users", "(objectClass=*)", ctls );
	int count = 0;
	while (enm.hasMore())
	{
	count++;
	SearchResult sr = (SearchResult) enm.next();
	assertEquals( FIONA_RDN, sr.getName() );
	}
	assertEquals( 1, count );

	enm.close();
	uCtx.close();
	}

	/**
	* Check whether admin is allowed to see both user entries
	*/
	public void testAdminSeesAllUserEntries() throws Exception
	{

	SearchControls ctls = new SearchControls();
	ctls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
	NamingEnumeration enm = ctx.search( "ou=users", "(objectClass=*)", ctls );

	Set allNames = new HashSet();
	allNames.add( TORI_RDN );
	allNames.add( FIONA_RDN );
	int count = 0;

	while (enm.hasMore())
	{
	count++;
	SearchResult sr = (SearchResult) enm.next();
	assertTrue( allNames.contains( sr.getName() ) );
	}
	assertEquals( 2, count );

	enm.close();
	}
	}