You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2009/08/15 13:53:38 UTC
svn commit: r804457 [2/2] - in /incubator/jspwiki/trunk: ./ etc/ etc/ldap/
src/WebContent/templates/default/ src/java/org/apache/wiki/
src/java/org/apache/wiki/auth/ src/java/org/apache/wiki/auth/authorize/
src/java/org/apache/wiki/auth/login/ src/java...
Modified: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java?rev=804457&r1=804456&r2=804457&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java (original)
+++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java Sat Aug 15 11:53:37 2009
@@ -20,9 +20,13 @@
*/
package org.apache.wiki.auth.login;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
+import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
@@ -32,22 +36,26 @@
import junit.framework.TestCase;
-import org.apache.wiki.auth.WikiPrincipal;
+import org.apache.wiki.TestEngine;
+import org.apache.wiki.WikiSession;
+import org.apache.wiki.auth.*;
+import org.apache.wiki.auth.authorize.LdapAuthorizer;
import org.apache.wiki.auth.authorize.Role;
+import org.freshcookies.security.Keychain;
/**
* @author Andrew R. Jaquith
*/
public class LdapLoginModuleTest extends TestCase
{
- private Map<String,String> m_options = null;
+ private Map<String,String> m_options = new HashMap<String, String>();
public void setUp() {
m_options = new HashMap<String, String>();
+ m_options.putAll( LdapConfig.OPEN_LDAP_CONFIG );
m_options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://127.0.0.1:4890" );
m_options.put( LdapLoginModule.OPTION_LOGIN_ID_PATTERN, "uid={0},ou=people,dc=jspwiki,dc=org" );
- m_options.put( LdapLoginModule.OPTION_USER_BASE, "ou=people,dc=jspwiki,dc=org" );
- m_options.put( LdapLoginModule.OPTION_USER_PATTERN, "(&(objectClass=inetOrgPerson)(uid={0}))" );
+ m_options.put( LdapLoginModule.OPTION_USER_BASE, "dc=jspwiki,dc=org" );
m_options.put( LdapLoginModule.OPTION_AUTHENTICATION, "simple" );
}
@@ -118,29 +126,61 @@
assertTrue( principals.contains( new WikiPrincipal( "FredFlintstone", WikiPrincipal.WIKI_NAME ) ) );
}
+ /**
+ * Script for logging into test Active Directory.
+ * @param args
+ * @throws Exception
+ */
+ @SuppressWarnings("deprecation")
public static final void main( String... args ) throws Exception
{
- LdapLoginModuleTest t = new LdapLoginModuleTest();
-
- t.m_options.clear();
- t.m_options.put( LdapLoginModule.OPTION_AUTHENTICATION, "DIGEST-MD5" );
- t.m_options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://camb-dc01.forrester.loc:389" );
- t.m_options.put( LdapLoginModule.OPTION_LOGIN_ID_PATTERN, "(uid={0})" );
- t.m_options.put( LdapLoginModule.OPTION_USER_BASE, "OU=users,OU=Cambridge,OU=Office Locations,OU=forrester,DC=forrester,DC=loc" );
- t.m_options.put( LdapLoginModule.OPTION_USER_PATTERN, "(&(objectClass=person)(mailNickname={0}))" );
+ // Create the TestEngine properties
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+
+ // Set the LoginModule options
+ Map<String,String> options = new HashMap<String,String>();
+ options.putAll( LdapConfig.ACTIVE_DIRECTORY_CONFIG );
+ options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://camb-dc01.forrester.loc:389" );
+ options.put( LdapLoginModule.OPTION_USER_BASE, "OU=Office Locations,OU=forrester,DC=forrester,DC=loc" );
+ options.put( LdapLoginModule.OPTION_AUTHENTICATION, "DIGEST-MD5" );
+ options.put( LdapConfig.PROPERTY_SSL, "false" );
+ for ( Map.Entry<String,String> option : options.entrySet() )
+ {
+ props.put( AuthenticationManager.PREFIX_LOGIN_MODULE_OPTIONS + option.getKey(), option.getValue() );
+ }
+ props.put( AuthenticationManager.PROP_LOGIN_MODULE, LdapLoginModule.class.getName() );
- // Login with a user that IS in the database
+ // Set the Authorizer properties
+ props.put( AuthorizationManager.PROP_AUTHORIZER, LdapAuthorizer.class.getCanonicalName() );
+ props.put( LdapConfig.PROPERTY_ROLE_BASE, "OU=Distribution Lists,OU=.Global,OU=forrester,DC=forrester,DC=loc" );
+ props.put( LdapConfig.PROPERTY_BIND_DN, "ajaquith" );
+ props.put( AuthenticationManager.PROP_KEYCHAIN_PATH, "/Users/arj/workspace/ldap/forrester" );
+ props.put( AuthenticationManager.PROP_KEYCHAIN_PASSWORD, "keychain-password" );
+
+ // Set the UserDatabase properties
+ props.put( UserManager.PROP_READ_ONLY_PROFILES, "true" );
+
+ TestEngine engine = new TestEngine( props );
+
+ //
+ // 1. Test the LoginModule
+ //
+ Keychain keychain = new Keychain();
+ InputStream stream = new FileInputStream( new File( "/Users/arj/workspace/ldap/forrester") );
+ keychain.load( stream, "keychain-password".toCharArray() );
+ Keychain.Password password = (Keychain.Password)keychain.getEntry( LdapConfig.KEYCHAIN_BIND_DN_ENTRY );
Subject subject = new Subject();
- CallbackHandler handler = new WikiCallbackHandler( null, null, "ajaquith", "****" );
+ CallbackHandler handler = new WikiCallbackHandler( null, null, "ajaquith", password.getPassword() );
LoginModule module = new LdapLoginModule();
- module.initialize( subject, handler, new HashMap<String, Object>(), t.m_options );
+ module.initialize( subject, handler, new HashMap<String, Object>(), options );
module.login();
module.commit();
// Successful login will inject the usual LoginPrincipal
Set<Principal> principals = subject.getPrincipals();
assertEquals( 3, principals.size() );
- assertTrue( principals.contains( new WikiPrincipal( "ajaquith", WikiPrincipal.LOGIN_NAME ) ) );
+ //assertTrue( principals.contains( new WikiPrincipal( "ajaquith", WikiPrincipal.LOGIN_NAME ) ) );
// PLUS, in this case only, principals for Wiki Name and Full Name
assertTrue( principals.contains( new WikiPrincipal( "Andrew Jaquith", WikiPrincipal.FULL_NAME ) ) );
@@ -149,6 +189,23 @@
// AuthenticationManager, NOT the LoginModule, adds the Role principals
assertFalse( principals.contains( Role.AUTHENTICATED ) );
assertFalse( principals.contains( Role.ALL ) );
+
+ //
+ // 2. Test the LdapAuthorizer
+ //
+ assertTrue( engine.getUserManager().isReadOnly() );
+ Authorizer authorizer = engine.getAuthorizationManager().getAuthorizer();
+
+ Principal[] roles = authorizer.getRoles();
+ assertNotSame( 0, roles.length );
+
+ // User does not belong to any roles
+ WikiSession session = engine.guestSession();
+ engine.getAuthenticationManager().login( session, "ajaquith", password.getPassword() );
+ Role admin = new Role( "Admin" );
+ Role research = new Role( "Research - IT - Analysts" );
+ assertFalse( authorizer.isUserInRole( session, admin ) );
+ assertTrue( authorizer.isUserInRole( session, research ) );
}
public final void testLogout() throws Exception
Modified: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java?rev=804457&r1=804456&r2=804457&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java (original)
+++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java Sat Aug 15 11:53:37 2009
@@ -39,6 +39,7 @@
TestSuite suite = new TestSuite( "User profile and database tests" );
suite.addTestSuite( UserProfileTest.class );
suite.addTestSuite( JDBCUserDatabaseTest.class );
+ suite.addTestSuite( LdapUserDatabaseTest.class );
suite.addTestSuite( XMLUserDatabaseTest.class );
return suite;
}
Added: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java?rev=804457&view=auto
==============================================================================
--- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java (added)
+++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java Sat Aug 15 11:53:37 2009
@@ -0,0 +1,191 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+package org.apache.wiki.auth.user;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.apache.wiki.TestEngine;
+import org.apache.wiki.auth.*;
+
+/**
+ * @author Andrew Jaquith
+ */
+public class LdapUserDatabaseTest extends TestCase
+{
+
+ private LdapUserDatabase m_db;
+
+ private TestEngine m_engine = null;
+
+ /**
+ * @see junit.framework.TestCase#setUp()
+ */
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+ props.put( UserManager.PROP_DATABASE, "org.apache.wiki.auth.user.LdapUserDatabase" );
+ props.put( LdapConfig.PROPERTY_CONNECTION_URL, "ldap://127.0.0.1:4890/" );
+ props.put( LdapConfig.PROPERTY_USER_BASE, "ou=people,dc=jspwiki,dc=org" );
+ props.put( LdapConfig.PROPERTY_AUTHENTICATION, "simple" );
+ props.put( LdapConfig.PROPERTY_LOGIN_ID_PATTERN, "uid={0},ou=people,dc=jspwiki,dc=org" );
+ m_engine = new TestEngine( props );
+ m_db = new LdapUserDatabase();
+ m_db.initialize( m_engine, props );
+ }
+
+ protected void tearDown() throws Exception
+ {
+ super.tearDown();
+ m_engine.shutdown();
+ }
+
+ public void testFindByEmail() throws Exception
+ {
+ UserProfile profile = m_db.findByEmail( "janne@ecyrd.com" );
+ assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+ assertEquals( "janne", profile.getLoginName() );
+ assertEquals( "Janne Jalkanen", profile.getFullname() );
+ assertEquals( "JanneJalkanen", profile.getWikiName() );
+ assertEquals( "janne@ecyrd.com", profile.getEmail() );
+
+ try
+ {
+ m_db.findByEmail( "foo@bar.org" );
+ // We should never get here
+ fail( "Found nonexistent user!" );
+ }
+ catch( NoSuchPrincipalException e )
+ {
+ }
+ }
+
+ public void testFindByFullName() throws Exception
+ {
+ UserProfile profile = m_db.findByFullName( "Janne Jalkanen" );
+ assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+ assertEquals( "janne", profile.getLoginName() );
+ assertEquals( "Janne Jalkanen", profile.getFullname() );
+ assertEquals( "JanneJalkanen", profile.getWikiName() );
+ assertEquals( "janne@ecyrd.com", profile.getEmail() );
+
+ try
+ {
+ m_db.findByEmail( "foo@bar.org" );
+ // We should never get here
+ fail( "Found nonexistent user!" );
+ }
+ catch( NoSuchPrincipalException e )
+ {
+ assertTrue( true );
+ }
+ }
+
+ public void testFindByUid() throws Exception
+ {
+ UserProfile profile = m_db.findByUid( "uid=janne,ou=people,dc=jspwiki,dc=org" );
+ assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+ assertEquals( "janne", profile.getLoginName() );
+ assertEquals( "Janne Jalkanen", profile.getFullname() );
+ assertEquals( "JanneJalkanen", profile.getWikiName() );
+ assertEquals( "janne@ecyrd.com", profile.getEmail() );
+
+ try
+ {
+ m_db.findByEmail( "foo@bar.org" );
+ // We should never get here
+ fail( "Found nonexistent user!" );
+ }
+ catch( NoSuchPrincipalException e )
+ {
+ assertTrue( true );
+ }
+ }
+
+ public void testFindByWikiName() throws Exception
+ {
+ UserProfile profile = m_db.findByWikiName( "JanneJalkanen" );
+ assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+ assertEquals( "janne", profile.getLoginName() );
+ assertEquals( "Janne Jalkanen", profile.getFullname() );
+ assertEquals( "JanneJalkanen", profile.getWikiName() );
+ assertEquals( "janne@ecyrd.com", profile.getEmail() );
+
+ try
+ {
+ m_db.findByEmail( "foo" );
+ // We should never get here
+ fail( "Found nonexistent user!" );
+ }
+ catch( NoSuchPrincipalException e )
+ {
+ assertTrue( true );
+ }
+ }
+
+ public void testFindByLoginName() throws Exception
+ {
+ UserProfile profile = m_db.findByLoginName( "janne" );
+ assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() );
+ assertEquals( "janne", profile.getLoginName() );
+ assertEquals( "Janne Jalkanen", profile.getFullname() );
+ assertEquals( "JanneJalkanen", profile.getWikiName() );
+ assertEquals( "janne@ecyrd.com", profile.getEmail() );
+ try
+ {
+ m_db.findByEmail( "FooBar" );
+ // We should never get here
+ fail( "Found nonexistent user!" );
+ }
+ catch( NoSuchPrincipalException e )
+ {
+ assertTrue( true );
+ }
+ }
+
+ public void testGetWikiNames() throws WikiSecurityException
+ {
+ // There are 8 test users in the database
+ Principal[] p = m_db.getWikiNames();
+ assertEquals( 8, p.length );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "TestUser", WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "Administrator", WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.ALICE, WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.BOB, WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.CHARLIE, WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "FredFlintstone", WikiPrincipal.WIKI_NAME ) ) );
+ assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.BIFF, WikiPrincipal.WIKI_NAME ) ) );
+ }
+
+ public void testValidatePassword()
+ {
+ assertFalse( m_db.validatePassword( "janne", "test" ) );
+ assertTrue( m_db.validatePassword( "janne", "myP@5sw0rd" ) );
+ assertTrue( m_db.validatePassword( "user", "password" ) );
+ }
+
+}