| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.catalina.realm; |
| |
| import java.net.InetAddress; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Collection; |
| import java.util.HashSet; |
| import java.util.List; |
| import java.util.Set; |
| |
| import org.junit.AfterClass; |
| import org.junit.Assert; |
| import org.junit.BeforeClass; |
| import org.junit.Test; |
| import org.junit.runner.RunWith; |
| import org.junit.runners.Parameterized; |
| import org.junit.runners.Parameterized.Parameter; |
| |
| import org.apache.juli.logging.LogFactory; |
| |
| import com.unboundid.ldap.listener.InMemoryDirectoryServer; |
| import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig; |
| import com.unboundid.ldap.listener.InMemoryListenerConfig; |
| import com.unboundid.ldap.sdk.AddRequest; |
| import com.unboundid.ldap.sdk.LDAPConnection; |
| import com.unboundid.ldap.sdk.LDAPResult; |
| import com.unboundid.ldap.sdk.ResultCode; |
| |
| @RunWith(Parameterized.class) |
| public class TestJNDIRealmIntegration { |
| |
| private static final String USER_PATTERN = "cn={0},ou=people,dc=example,dc=com"; |
| private static final String USER_SEARCH = "cn={0}"; |
| private static final String USER_BASE = "ou=people,dc=example,dc=com"; |
| private static final String ROLE_SEARCH_A = "member={0}"; |
| private static final String ROLE_SEARCH_B = "member=cn={1},ou=people,dc=example,dc=com"; |
| private static final String ROLE_SEARCH_C = "member=cn={2},ou=people,dc=example,dc=com"; |
| private static final String ROLE_BASE = "ou=people,dc=example,dc=com"; |
| |
| private static InMemoryDirectoryServer ldapServer; |
| |
| @Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]") |
| public static Collection<Object[]> parameters() { |
| List<Object[]> parameterSets = new ArrayList<>(); |
| for (String userRoleAttribute : new String[] { "cn", null }) { |
| for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) { |
| if (userRoleAttribute != null) { |
| addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets, 1); |
| addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets, 4); |
| addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets, 1); |
| addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets, 4); |
| } |
| } |
| parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A, |
| "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] { "TestGroup4" }, |
| userRoleAttribute, Integer.valueOf(1) }); |
| parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A, |
| "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] { "TestGroup4" }, |
| userRoleAttribute, Integer.valueOf(4) }); |
| } |
| return parameterSets; |
| } |
| |
| |
| private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch, |
| String roleBase, String userRoleAttribute, List<Object[]> parameterSets, int poolSize) { |
| parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase, |
| "test", "test", new String[] {"TestGroup"}, userRoleAttribute, Integer.valueOf(poolSize) }); |
| parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase, |
| "t;", "test", new String[] {"TestGroup"}, userRoleAttribute, Integer.valueOf(poolSize) }); |
| parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase, |
| "t*", "test", new String[] {"TestGroup"}, userRoleAttribute, Integer.valueOf(poolSize) }); |
| parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase, |
| "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"}, userRoleAttribute, Integer.valueOf(poolSize) }); |
| parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase, |
| "norole", "test", new String[0], userRoleAttribute, Integer.valueOf(poolSize) }); |
| // Bug 65373 |
| parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase, |
| "<>+=\"#;,rrr", "<>+=\"#;,rrr", new String[0], userRoleAttribute, Integer.valueOf(poolSize) }); |
| } |
| |
| |
| @Parameter(0) |
| public String realmConfigUserPattern; |
| @Parameter(1) |
| public String realmConfigUserSearch; |
| @Parameter(2) |
| public String realmConfigUserBase; |
| @Parameter(3) |
| public String realmConfigRoleSearch; |
| @Parameter(4) |
| public String realmConfigRoleBase; |
| @Parameter(5) |
| public String username; |
| @Parameter(6) |
| public String credentials; |
| @Parameter(7) |
| public String[] groups; |
| @Parameter(8) |
| public String realmConfigUserRoleAttribute; |
| @Parameter(9) |
| public int poolSize; |
| |
| @Test |
| public void testAuthentication() throws Exception { |
| JNDIRealm realm = new JNDIRealm(); |
| realm.containerLog = LogFactory.getLog(TestJNDIRealmIntegration.class); |
| |
| realm.setConnectionURL("ldap://localhost:" + ldapServer.getListenPort()); |
| realm.setUserPattern(realmConfigUserPattern); |
| realm.setUserSearch(realmConfigUserSearch); |
| realm.setUserBase(realmConfigUserBase); |
| realm.setUserRoleAttribute(realmConfigUserRoleAttribute); |
| realm.setRoleName("cn"); |
| realm.setRoleBase(realmConfigRoleBase); |
| realm.setRoleSearch(realmConfigRoleSearch); |
| realm.setRoleNested(true); |
| realm.setConnectionPoolSize(poolSize); |
| |
| // If using pooling, simply try more to see what happens |
| for (int i = 0; i < poolSize; i++) { |
| GenericPrincipal p = (GenericPrincipal) realm.authenticate(username, credentials); |
| |
| Assert.assertNotNull(p); |
| Assert.assertEquals(username, p.name); |
| |
| Set<String> actualGroups = new HashSet<>(Arrays.asList(p.getRoles())); |
| Set<String> expectedGroups = new HashSet<>(Arrays.asList(groups)); |
| |
| Assert.assertEquals(expectedGroups.size(), actualGroups.size()); |
| Set<String> tmp = new HashSet<>(); |
| tmp.addAll(expectedGroups); |
| tmp.removeAll(actualGroups); |
| Assert.assertEquals(0, tmp.size()); |
| } |
| } |
| |
| |
| @BeforeClass |
| public static void createLDAP() throws Exception { |
| InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=example,dc=com"); |
| InetAddress localhost = InetAddress.getByName("localhost"); |
| InMemoryListenerConfig listenerConfig = |
| new InMemoryListenerConfig("localListener", localhost, 0, null, null, null); |
| config.setListenerConfigs(listenerConfig); |
| config.addAdditionalBindCredentials("cn=admin", "password"); |
| ldapServer = new InMemoryDirectoryServer(config); |
| |
| ldapServer.startListening(); |
| |
| try (LDAPConnection conn = ldapServer.getConnection()) { |
| |
| // Note: Only the DNs need attribute value escaping |
| AddRequest addBase = new AddRequest( |
| "dn: dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: domain", |
| "dc: example"); |
| LDAPResult result = conn.processOperation(addBase); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addPeople = new AddRequest( |
| "dn: ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: organizationalUnit"); |
| result = conn.processOperation(addPeople); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addUserTest = new AddRequest( |
| "dn: cn=test,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: test", |
| "sn: Test", |
| "userPassword: test"); |
| result = conn.processOperation(addUserTest); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addUserTestSemicolon = new AddRequest( |
| "dn: cn=t\\;,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: t;", |
| "sn: Tsemicolon", |
| "userPassword: test"); |
| result = conn.processOperation(addUserTestSemicolon); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addUserTestAsterisk = new AddRequest( |
| "dn: cn=t*,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: t*", |
| "sn: Tasterisk", |
| "userPassword: test"); |
| result = conn.processOperation(addUserTestAsterisk); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addUserTestEquals = new AddRequest( |
| "dn: cn=t\\=,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: t=", |
| "sn: Tequals", |
| "userPassword: test"); |
| result = conn.processOperation(addUserTestEquals); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addUserNoRole = new AddRequest( |
| "dn: cn=norole,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: norole", |
| "sn: No Role", |
| "userPassword: test"); |
| result = conn.processOperation(addUserNoRole); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addGroupTest = new AddRequest( |
| "dn: cn=TestGroup,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: groupOfNames", |
| "cn: TestGroup", |
| "member: cn=test,ou=people,dc=example,dc=com", |
| "member: cn=t\\;,ou=people,dc=example,dc=com", |
| "member: cn=t\\*,ou=people,dc=example,dc=com"); |
| result = conn.processOperation(addGroupTest); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addGroupTest2 = new AddRequest( |
| "dn: cn=Test\\<Group*2,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: groupOfNames", |
| "cn: Test<Group*2", |
| "member: cn=t\\=,ou=people,dc=example,dc=com"); |
| result = conn.processOperation(addGroupTest2); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addGroupTest3 = new AddRequest( |
| "dn: cn=Test\\>Group*3,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: groupOfNames", |
| "cn: Test>Group*3", |
| "member: cn=Test\\<Group*2,ou=people,dc=example,dc=com"); |
| result = conn.processOperation(addGroupTest3); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addPeopleSub = new AddRequest( |
| "dn: ou=s\\;ub,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: organizationalUnit"); |
| result = conn.processOperation(addPeopleSub); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addUserTestSub = new AddRequest( |
| "dn: cn=testsub,ou=s\\;ub,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: testsub", |
| "sn: Testsub", |
| "userPassword: test"); |
| result = conn.processOperation(addUserTestSub); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| AddRequest addGroupTest4 = new AddRequest( |
| "dn: cn=TestGroup4,ou=s\\;ub,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: groupOfNames", |
| "cn: TestGroup4", |
| "member: cn=testsub,ou=s\\;ub,ou=people,dc=example,dc=com"); |
| result = conn.processOperation(addGroupTest4); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| |
| // Bug 65373 |
| AddRequest addUserBug65373 = new AddRequest( |
| "dn: cn=\\3C\\3E\\2B=\\22#\\3B\\2Crrr,ou=people,dc=example,dc=com", |
| "objectClass: top", |
| "objectClass: person", |
| "objectClass: organizationalPerson", |
| "cn: <>+=\"#;,rrr", |
| "sn: Bug 65373", |
| "userPassword: <>+=\"#;,rrr"); |
| result = conn.processOperation(addUserBug65373); |
| Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode()); |
| } |
| } |
| |
| |
| @AfterClass |
| public static void destroyLDAP() { |
| ldapServer.shutDown(true); |
| } |
| } |
