You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/08/21 09:14:42 UTC
[ambari] branch branch-2.7 updated: [AMBARI-24507] Remove
dependency on org.bouncycastle bcprov-jdk15on before version 1.6.0 for
Ambari Server
This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 9ffd67f [AMBARI-24507] Remove dependency on org.bouncycastle bcprov-jdk15on before version 1.6.0 for Ambari Server
9ffd67f is described below
commit 9ffd67ff3b39a8d4bdeb9a9428ae7196a3fffd48
Author: Robert Levas <rl...@hortonworks.com>
AuthorDate: Mon Aug 20 17:21:18 2018 -0400
[AMBARI-24507] Remove dependency on org.bouncycastle bcprov-jdk15on before version 1.6.0 for Ambari Server
---
ambari-server/pom.xml | 12 +-
.../ads/DefaultLdapConfigurationService.java | 2 +-
.../ads/detectors/GroupMemberAttrDetectorTest.java | 4 +-
.../AmbariLdapAuthenticationProviderBaseTest.java | 58 ----
...apAuthenticationProviderForDNWithSpaceTest.java | 184 -------------
...AuthenticationProviderForDuplicateUserTest.java | 143 ----------
.../AmbariLdapAuthenticationProviderTest.java | 306 ++++++---------------
7 files changed, 94 insertions(+), 615 deletions(-)
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index e1fd745..5ece1e6 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1803,8 +1803,18 @@
<version>4.2.2</version>
</dependency>
<dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-model</artifactId>
+ <version>2.0.0.AM1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-client-api</artifactId>
+ <version>2.0.0.AM1</version>
+ </dependency>
+ <dependency>
<groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-all</artifactId>
+ <artifactId>apacheds-kerberos-codec</artifactId>
<version>2.0.0-M24</version>
</dependency>
<dependency>
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
index cffb190..47e758c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
@@ -181,7 +181,7 @@ public class DefaultLdapConfigurationService implements LdapConfigurationService
EntryMapper<String> entryMapper = new EntryMapper<String>() {
@Override
public String map(Entry entry) throws LdapException {
- return entry.get(ambariLdapConfiguration.groupNameAttribute()).get().getString();
+ return entry.get(ambariLdapConfiguration.groupNameAttribute()).get().getValue();
}
};
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetectorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetectorTest.java
index 79af467..3f4c7b1 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetectorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetectorTest.java
@@ -20,7 +20,7 @@ import java.util.Map;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.StringValue;
+import org.apache.directory.api.ldap.model.entry.Value;
import org.easymock.TestSubject;
import org.junit.Assert;
import org.junit.Test;
@@ -96,7 +96,7 @@ public class GroupMemberAttrDetectorTest {
Entry entry = new DefaultEntry();
try {
entry.setDn("dn=" + member.name() + "-" + i);
- entry.add(new DefaultAttribute(member.attrName(), new StringValue("xxx")));
+ entry.add(new DefaultAttribute(member.attrName(), new Value("xxx")));
entryList.add(entry);
} catch (Exception e) {
LOG.error(e.getMessage());
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderBaseTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderBaseTest.java
deleted file mode 100644
index 22bdf48..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderBaseTest.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.security.authorization;
-
-import org.apache.directory.server.core.api.DirectoryService;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.kerberos.kdc.KdcServer;
-import org.apache.directory.server.ldap.LdapServer;
-import org.easymock.EasyMockSupport;
-
-public class AmbariLdapAuthenticationProviderBaseTest extends EasyMockSupport {
-
- public static DirectoryService getService() {
- return AbstractLdapTestUnit.service;
- }
-
-
- public static void setService(DirectoryService service) {
- AbstractLdapTestUnit.service = service;
- }
-
-
- public static LdapServer getLdapServer() {
- return AbstractLdapTestUnit.ldapServer;
- }
-
-
- public static void setLdapServer(LdapServer ldapServer) {
- AbstractLdapTestUnit.ldapServer = ldapServer;
- }
-
-
- public static KdcServer getKdcServer() {
- return AbstractLdapTestUnit.kdcServer;
- }
-
-
- public static void setKdcServer(KdcServer kdcServer) {
- AbstractLdapTestUnit.kdcServer = kdcServer;
- }
-
-}
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
deleted file mode 100644
index 75dbd2a..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ambari.server.security.authorization;
-
-import static org.easymock.EasyMock.anyObject;
-import static org.easymock.EasyMock.expect;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Collections;
-import java.util.Properties;
-
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.H2DatabaseCleaner;
-import org.apache.ambari.server.audit.AuditLoggerModule;
-import org.apache.ambari.server.configuration.AmbariServerConfigurationKey;
-import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.controller.ControllerModule;
-import org.apache.ambari.server.ldap.LdapModule;
-import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.service.AmbariLdapConfigurationProvider;
-import org.apache.ambari.server.orm.GuiceJpaInitializer;
-import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.UserEntity;
-import org.apache.ambari.server.security.ClientSecurityType;
-import org.apache.ambari.server.security.authentication.InvalidUsernamePasswordCombinationException;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.ContextEntry;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.easymock.EasyMockRule;
-import org.easymock.Mock;
-import org.easymock.MockType;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-
-import com.google.inject.Guice;
-import com.google.inject.Inject;
-import com.google.inject.Injector;
-
-@RunWith(FrameworkRunner.class)
-@CreateDS(allowAnonAccess = true,
- name = "AmbariLdapAuthenticationProviderForDNWithSpaceTest",
- partitions = {
- @CreatePartition(name = "Root",
- suffix = "dc=the apache,dc=org",
- contextEntry = @ContextEntry(
- entryLdif =
- "dn: dc=the apache,dc=org\n" +
- "dc: the apache\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n" +
- "dn: dc=ambari,dc=the apache,dc=org\n" +
- "dc: ambari\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n"))
- })
-@CreateLdapServer(allowAnonymousAccess = true,
- transports = {@CreateTransport(protocol = "LDAP")})
-@ApplyLdifFiles("users_for_dn_with_space.ldif")
-public class AmbariLdapAuthenticationProviderForDNWithSpaceTest extends AmbariLdapAuthenticationProviderBaseTest {
-
- @Rule
- public EasyMockRule mocks = new EasyMockRule(this);
-
- private static Injector injector;
-
- @Inject
- private UserDAO userDAO;
-
- @Inject
- private Users users;
-
- @Inject
- Configuration configuration;
-
- @Mock(type = MockType.NICE)
- private AmbariLdapAuthoritiesPopulator authoritiesPopulator;
-
- @Mock(type = MockType.NICE)
- private AmbariLdapConfigurationProvider ldapConfigurationProvider;
-
- private AmbariLdapAuthenticationProvider authenticationProvider;
-
- @Before
- public void setUp() throws Exception {
- injector = Guice.createInjector(new ControllerModule(getTestProperties()), new AuditLoggerModule(), new LdapModule());
- injector.getInstance(GuiceJpaInitializer.class);
- injector.injectMembers(this);
-
- configuration.setClientSecurityType(ClientSecurityType.LDAP);
- final AmbariLdapConfiguration ldapConfiguration = new AmbariLdapConfiguration();
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.SERVER_HOST, "localhost");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.SERVER_PORT, String.valueOf(getLdapServer().getPort()));
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.USER_SEARCH_BASE, "dc=ambari,dc=the apache,dc=org");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.GROUP_BASE, "ou=the groups,dc=ambari,dc=the apache,dc=org");
- expect(ldapConfigurationProvider.get()).andReturn(ldapConfiguration).anyTimes();
- expect(authoritiesPopulator.getGrantedAuthorities(anyObject(), anyObject())).andReturn(Collections.emptyList()).anyTimes();
- replayAll();
-
- authenticationProvider = new AmbariLdapAuthenticationProvider(users, configuration, ldapConfigurationProvider, authoritiesPopulator);
- }
-
- @After
- public void tearDown() throws Exception {
- H2DatabaseCleaner.clearDatabaseAndStopPersistenceService(injector);
- }
-
- @Test(expected = InvalidUsernamePasswordCombinationException.class)
- public void testBadCredential() throws Exception {
- Authentication authentication = new UsernamePasswordAuthenticationToken("notFound", "wrong");
- authenticationProvider.authenticate(authentication);
- }
-
- @Test
- public void testAuthenticateMatchingDN() throws Exception {
- testAuthenticate("uid=the allowedUser,ou=the people,dc=ambari,dc=the apache,dc=org");
- }
-
- @Test
- public void testAuthenticateNullDN() throws Exception {
- testAuthenticate(null);
- }
-
- @Test(expected = InvalidUsernamePasswordCombinationException.class)
- public void testAuthenticateNonMatchingDN() throws Exception {
- testAuthenticate("This is not a matching DN");
- }
-
- private void testAuthenticate(String dn) throws AmbariException {
- assertNull("User already exists in DB", userDAO.findUserByName("the allowedUser"));
- UserEntity userEntity = users.createUser("the allowedUser", null, null);
- users.addLdapAuthentication(userEntity, dn);
-
- Authentication authentication = new UsernamePasswordAuthenticationToken("the allowedUser", "password");
- Authentication result = authenticationProvider.authenticate(authentication);
- assertTrue(result.isAuthenticated());
- result = authenticationProvider.authenticate(authentication);
- assertTrue(result.isAuthenticated());
- }
-
- @Test
- public void testDisabled() throws Exception {
- configuration.setClientSecurityType(ClientSecurityType.LOCAL);
- Authentication authentication = new UsernamePasswordAuthenticationToken("the allowedUser", "password");
- Authentication auth = authenticationProvider.authenticate(authentication);
- assertTrue(auth == null);
- }
-
-
- protected Properties getTestProperties() {
- Properties properties = new Properties();
- properties.setProperty(Configuration.CLIENT_SECURITY.getKey(), "ldap");
- properties.setProperty(Configuration.SERVER_PERSISTENCE_TYPE.getKey(), "in-memory");
- properties.setProperty(Configuration.METADATA_DIR_PATH.getKey(), "src/test/resources/stacks");
- properties.setProperty(Configuration.SERVER_VERSION_FILE.getKey(), "src/test/resources/version");
- properties.setProperty(Configuration.OS_VERSION.getKey(), "centos5");
- properties.setProperty(Configuration.SHARED_RESOURCES_DIR.getKey(), "src/test/resources/");
- return properties;
- }
-}
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDuplicateUserTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDuplicateUserTest.java
deleted file mode 100644
index d6f2ee6..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDuplicateUserTest.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ambari.server.security.authorization;
-
-import static org.easymock.EasyMock.expect;
-
-import java.util.Properties;
-
-import org.apache.ambari.server.configuration.AmbariServerConfigurationKey;
-import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.service.AmbariLdapConfigurationProvider;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.ContextEntry;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.easymock.EasyMockRule;
-import org.easymock.Mock;
-import org.easymock.MockType;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.junit.runner.RunWith;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-
-@RunWith(FrameworkRunner.class)
-@CreateDS(allowAnonAccess = true,
- name = "AmbariLdapAuthenticationProviderForDuplicateUserTest",
- partitions = {
- @CreatePartition(name = "Root",
- suffix = "dc=apache,dc=org",
- contextEntry = @ContextEntry(
- entryLdif =
- "dn: dc=apache,dc=org\n" +
- "dc: apache\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n" +
- "dn: dc=ambari,dc=apache,dc=org\n" +
- "dc: ambari\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n"))
- })
-@CreateLdapServer(allowAnonymousAccess = true,
- transports = {@CreateTransport(protocol = "LDAP")})
-@ApplyLdifFiles("users_with_duplicate_uid.ldif")
-public class AmbariLdapAuthenticationProviderForDuplicateUserTest extends AmbariLdapAuthenticationProviderBaseTest {
-
- @Rule
- public EasyMockRule mocks = new EasyMockRule(this);
-
- @Rule
- public ExpectedException expectedException = ExpectedException.none();
-
- @Mock(type = MockType.NICE)
- private AmbariLdapAuthoritiesPopulator authoritiesPopulator;
-
- @Mock(type = MockType.NICE)
- private Users users;
-
- @Mock(type = MockType.NICE)
- private AmbariLdapConfigurationProvider ldapConfigurationProvider;
-
- private AmbariLdapConfiguration ldapConfiguration;
-
- private AmbariLdapAuthenticationProvider authenticationProvider;
-
- @Before
- public void setUp() {
- Properties properties = new Properties();
- properties.setProperty(Configuration.CLIENT_SECURITY.getKey(), "ldap");
- properties.setProperty(Configuration.SERVER_PERSISTENCE_TYPE.getKey(), "in-memory");
- properties.setProperty(Configuration.METADATA_DIR_PATH.getKey(),"src/test/resources/stacks");
- properties.setProperty(Configuration.SERVER_VERSION_FILE.getKey(),"src/test/resources/version");
- properties.setProperty(Configuration.OS_VERSION.getKey(),"centos5");
- properties.setProperty(Configuration.SHARED_RESOURCES_DIR.getKey(), "src/test/resources/");
- Configuration configuration = new Configuration(properties);
-
- ldapConfiguration = new AmbariLdapConfiguration();
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.USER_SEARCH_BASE, "dc=apache,dc=org");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.SERVER_HOST, "localhost");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.SERVER_PORT, String.valueOf(getLdapServer().getPort()));
- expect(ldapConfigurationProvider.get()).andReturn(ldapConfiguration).anyTimes();
- replayAll();
-
- authenticationProvider = new AmbariLdapAuthenticationProvider(users, configuration, ldapConfigurationProvider, authoritiesPopulator);
- }
-
- @Test
- public void testAuthenticateDuplicateUserAltUserSearchDisabled() throws Exception {
- // Given
- Authentication authentication = new UsernamePasswordAuthenticationToken("user_dup", "password");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_ENABLED, "false");
-
- expectedException.expect(DuplicateLdapUserFoundAuthenticationException.class);
- expectedException.expectMessage("Login Failed: More than one user with that username found, please work with your Ambari Administrator to adjust your LDAP configuration");
-
- // When
- authenticationProvider.authenticate(authentication);
-
- // Then
- // DuplicateLdapUserFoundAuthenticationException should be thrown
-
-
- }
-
- @Test
- public void testAuthenticateDuplicateUserAltUserSearchEnabled() throws Exception {
- // Given
- Authentication authentication = new UsernamePasswordAuthenticationToken("user_dup", "password");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_ENABLED, "true");
-
- expectedException.expect(DuplicateLdapUserFoundAuthenticationException.class);
- expectedException.expectMessage("Login Failed: Please append your domain to your username and try again. Example: user_dup@domain");
-
- // When
- authenticationProvider.authenticate(authentication);
-
- // Then
- // DuplicateLdapUserFoundAuthenticationException should be thrown
-
-
- }
-}
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
index f062dc0..3e87d36 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
@@ -17,276 +17,130 @@
*/
package org.apache.ambari.server.security.authorization;
-import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
-import static org.easymock.EasyMock.find;
-import static org.easymock.EasyMock.replay;
-import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
import java.util.Collections;
-import org.apache.ambari.server.H2DatabaseCleaner;
-import org.apache.ambari.server.audit.AuditLoggerModule;
-import org.apache.ambari.server.configuration.AmbariServerConfigurationKey;
import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.ldap.LdapModule;
-import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
import org.apache.ambari.server.ldap.service.AmbariLdapConfigurationProvider;
-import org.apache.ambari.server.orm.GuiceJpaInitializer;
-import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
import org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
import org.apache.ambari.server.security.authentication.InvalidUsernamePasswordCombinationException;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.ContextEntry;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.easymock.EasyMockRule;
-import org.easymock.IAnswer;
-import org.easymock.Mock;
-import org.easymock.MockType;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Rule;
+import org.easymock.EasyMockSupport;
import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.slf4j.Logger;
+import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.ldap.userdetails.LdapUserDetails;
-import com.google.inject.Guice;
-import com.google.inject.Inject;
-import com.google.inject.Injector;
-
-import junit.framework.Assert;
-
-@RunWith(FrameworkRunner.class)
-@CreateDS(allowAnonAccess = true,
- name = "AmbariLdapAuthenticationProviderTest",
- partitions = {
- @CreatePartition(name = "Root",
- suffix = "dc=apache,dc=org",
- contextEntry = @ContextEntry(
- entryLdif =
- "dn: dc=apache,dc=org\n" +
- "dc: apache\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n" +
- "dn: dc=ambari,dc=apache,dc=org\n" +
- "dc: ambari\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n"))
- })
-@CreateLdapServer(allowAnonymousAccess = true,
- transports = {@CreateTransport(protocol = "LDAP")})
-@ApplyLdifFiles("users.ldif")
-public class AmbariLdapAuthenticationProviderTest extends AmbariLdapAuthenticationProviderBaseTest {
-
- @Rule
- public EasyMockRule mocks = new EasyMockRule(this);
-
- private static Injector injector;
-
- private AmbariLdapAuthenticationProvider authenticationProvider;
-
- @Inject
- private UserDAO userDAO;
- @Inject
- private Users users;
- @Inject
- private Configuration configuration;
-
- @Mock(type = MockType.NICE)
- private AmbariLdapAuthoritiesPopulator authoritiesPopulator;
-
- @Mock(type = MockType.NICE)
- private AmbariLdapConfigurationProvider ldapConfigurationProvider;
-
- private AmbariLdapConfiguration ldapConfiguration;
-
- @Before
- public void setUp() throws Exception {
- injector = Guice.createInjector(new AuthorizationTestModule(), new AuditLoggerModule(), new LdapModule());
- injector.getInstance(GuiceJpaInitializer.class);
- injector.injectMembers(this);
- configuration.setClientSecurityType(ClientSecurityType.LDAP);
- ldapConfiguration = new AmbariLdapConfiguration();
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_ENABLED, "false");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_FILTER, "(&(mail={0})(objectClass={userObjectClass}))");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.SERVER_HOST, "localhost");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.SERVER_PORT, String.valueOf(getLdapServer().getPort()));
- expect(ldapConfigurationProvider.get()).andReturn(ldapConfiguration).anyTimes();
-
- authenticationProvider = new AmbariLdapAuthenticationProvider(users, configuration, ldapConfigurationProvider, authoritiesPopulator);
- }
-
- @After
- public void tearDown() throws Exception {
- H2DatabaseCleaner.clearDatabaseAndStopPersistenceService(injector);
- }
+public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport {
+ private static final String ALLOWED_USER_NAME = "allowedUser";
+ private static final String ALLOWED_USER_DN = "uid=alloweduser,ou=people,dc=ambari,dc=apache,dc=org";
@Test(expected = InvalidUsernamePasswordCombinationException.class)
public void testBadCredential() throws Exception {
- replay(ldapConfigurationProvider);
- Authentication authentication = new UsernamePasswordAuthenticationToken("notFound", "wrong");
- authenticationProvider.authenticate(authentication);
- }
+ Authentication authentication = new UsernamePasswordAuthenticationToken(ALLOWED_USER_NAME, "password");
- @Test
- public void testGoodManagerCredentials() throws Exception {
- AmbariLdapAuthenticationProvider provider = createMockBuilder(AmbariLdapAuthenticationProvider.class)
- .addMockedMethod("loadLdapAuthenticationProvider")
- .addMockedMethod("isLdapEnabled")
- .withConstructor(users, configuration, ldapConfigurationProvider, authoritiesPopulator).createMock();
- // Create the last thrown exception
- org.springframework.security.core.AuthenticationException exception =
- createNiceMock(org.springframework.security.core.AuthenticationException.class);
- expect(exception.getCause()).andReturn(exception).atLeastOnce();
-
- expect(provider.isLdapEnabled()).andReturn(true);
- expect(provider.loadLdapAuthenticationProvider("notFound")).andThrow(exception);
- // Logging call
- Logger log = createNiceMock(Logger.class);
- provider.LOG = log;
- log.warn(find("LDAP manager credentials"), (Throwable) anyObject());
- expectLastCall().andAnswer(new IAnswer<Object>() {
- @Override
- public Object answer() throws Throwable {
- fail("Should not print warning when LDAP manager credentials are not wrong");
- return null;
- }
- }).anyTimes();
- replayAll();
- Authentication authentication = new UsernamePasswordAuthenticationToken("notFound", "wrong");
- try {
- provider.authenticate(authentication);
- fail("Should throw exception");
- } catch(org.springframework.security.core.AuthenticationException e) {
- // expected
- }
- verifyAll();
- }
+ Configuration configuration = createMockConfiguration(ClientSecurityType.LDAP);
+
+ Users users = createMock(Users.class);
+ AmbariLdapConfigurationProvider ldapConfigurationProvider = createMock(AmbariLdapConfigurationProvider.class);
+ AmbariLdapAuthoritiesPopulator authoritiesPopulator = createMock(AmbariLdapAuthoritiesPopulator.class);
+
+ LdapAuthenticationProvider ldapAuthenticationProvider = createMock(LdapAuthenticationProvider.class);
+ expect(ldapAuthenticationProvider.authenticate(authentication)).andThrow(new BadCredentialsException("")).once();
+
+ AmbariLdapAuthenticationProvider authenticationProvider = createMockBuilder(AmbariLdapAuthenticationProvider.class)
+ .withConstructor(users, configuration, ldapConfigurationProvider, authoritiesPopulator)
+ .addMockedMethod("loadLdapAuthenticationProvider")
+ .createMock();
+ expect(authenticationProvider.loadLdapAuthenticationProvider(ALLOWED_USER_NAME)).andReturn(ldapAuthenticationProvider).once();
- @Test
- public void testBadManagerCredentials() throws Exception {
- AmbariLdapAuthenticationProvider provider = createMockBuilder(AmbariLdapAuthenticationProvider.class)
- .addMockedMethod("loadLdapAuthenticationProvider")
- .addMockedMethod("isLdapEnabled")
- .withConstructor(users, configuration, ldapConfigurationProvider, authoritiesPopulator).createMock();
- // Create the cause
- org.springframework.ldap.AuthenticationException cause =
- createNiceMock(org.springframework.ldap.AuthenticationException.class);
- // Create the last thrown exception
- org.springframework.security.core.AuthenticationException exception =
- createNiceMock(org.springframework.security.core.AuthenticationException.class);
- expect(exception.getCause()).andReturn(cause).atLeastOnce();
-
- expect(provider.isLdapEnabled()).andReturn(true);
- expect(provider.loadLdapAuthenticationProvider("notFound")).andThrow(exception);
- // Logging call
- Logger log = createNiceMock(Logger.class);
- provider.LOG = log;
- log.warn(find("LDAP manager credentials"), (Throwable) anyObject());
- expectLastCall().atLeastOnce();
replayAll();
- Authentication authentication = new UsernamePasswordAuthenticationToken("notFound", "wrong");
- try {
- provider.authenticate(authentication);
- fail("Should throw exception");
- } catch(org.springframework.security.core.AuthenticationException e) {
- // expected
- }
- verifyAll();
+
+ authenticationProvider.authenticate(authentication);
}
@Test
public void testAuthenticate() throws Exception {
- assertNull("User alread exists in DB", userDAO.findUserByName("allowedUser"));
- UserEntity userEntity = users.createUser("allowedUser", null, null);
- users.addLdapAuthentication(userEntity, "uid=allowedUser,ou=people,dc=ambari,dc=apache,dc=org");
+ Authentication authentication = new UsernamePasswordAuthenticationToken(ALLOWED_USER_NAME, "password");
- UserEntity ldapUser = userDAO.findUserByName("allowedUser");
- Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser", "password");
- expect(authoritiesPopulator.getGrantedAuthorities(anyObject(), anyObject())).andReturn(Collections.emptyList()).anyTimes();
+ LdapUserDetails ldapUserDetails = createMock(LdapUserDetails.class);
+ expect(ldapUserDetails.getDn()).andReturn(ALLOWED_USER_DN).atLeastOnce();
- replay(ldapConfigurationProvider, authoritiesPopulator);
+ Authentication authenticatedAuthentication = createMock(Authentication.class);
+ expect(authenticatedAuthentication.getPrincipal()).andReturn(ldapUserDetails).atLeastOnce();
- AmbariUserAuthentication result = (AmbariUserAuthentication)authenticationProvider.authenticate(authentication);
- assertTrue(result.isAuthenticated());
- assertEquals(ldapUser.getUserId(), result.getUserId());
+ Configuration configuration = createMockConfiguration(ClientSecurityType.LDAP);
- result = (AmbariUserAuthentication) authenticationProvider.authenticate(authentication);
- assertTrue(result.isAuthenticated());
- assertEquals(ldapUser.getUserId(), result.getUserId());
- }
+ UserEntity userEntity = createMock(UserEntity.class);
- @Test
- public void testDisabled() throws Exception {
- configuration.setClientSecurityType(ClientSecurityType.LOCAL);
- Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser", "password");
- replay(ldapConfigurationProvider);
- Authentication auth = authenticationProvider.authenticate(authentication);
- Assert.assertTrue(auth == null);
- }
+ UserAuthenticationEntity userAuthenticationEntity = createMock(UserAuthenticationEntity.class);
+ expect(userAuthenticationEntity.getUser()).andReturn(userEntity).atLeastOnce();
- @Test
- public void testAuthenticateLoginAlias() throws Exception {
- // Given
- assertNull("User already exists in DB", userDAO.findUserByName("allowedUser@ambari.apache.org"));
- UserEntity userEntity = users.createUser("allowedUser@ambari.apache.org", null, null);
- users.addLdapAuthentication(userEntity, "uid=allowedUser,ou=people,dc=ambari,dc=apache,dc=org");
-
- Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser@ambari.apache.org", "password");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_ENABLED, "true");
- expect(authoritiesPopulator.getGrantedAuthorities(anyObject(), anyObject())).andReturn(Collections.emptyList()).anyTimes();
- replay(ldapConfigurationProvider, authoritiesPopulator);
-
- // When
- Authentication result = authenticationProvider.authenticate(authentication);
+ User user = createMock(User.class);
- // Then
- assertTrue(result.isAuthenticated());
- }
+ Users users = createMock(Users.class);
+ expect(users.getUserAuthenticationEntities(UserAuthenticationType.LDAP, ALLOWED_USER_DN)).andReturn(Collections.singleton(userAuthenticationEntity)).atLeastOnce();
+ users.validateLogin(userEntity, ALLOWED_USER_NAME);
+ expectLastCall().atLeastOnce();
+ expect(users.getUser(userEntity)).andReturn(user).atLeastOnce();
+ expect(users.getUserAuthorities(userEntity)).andReturn(Collections.emptyList()).atLeastOnce();
- @Test(expected = InvalidUsernamePasswordCombinationException.class)
- public void testBadCredentialsForMissingLoginAlias() throws Exception {
- // Given
- assertNull("User already exists in DB", userDAO.findUserByName("allowedUser"));
- Authentication authentication = new UsernamePasswordAuthenticationToken("missingloginalias@ambari.apache.org", "password");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_ENABLED, "true");
+ AmbariLdapConfigurationProvider ldapConfigurationProvider = createMock(AmbariLdapConfigurationProvider.class);
- replay(ldapConfigurationProvider);
+ AmbariLdapAuthoritiesPopulator authoritiesPopulator = createMock(AmbariLdapAuthoritiesPopulator.class);
- // When
- authenticationProvider.authenticate(authentication);
+ LdapAuthenticationProvider ldapAuthenticationProvider = createMock(LdapAuthenticationProvider.class);
+ expect(ldapAuthenticationProvider.authenticate(authentication)).andReturn(authenticatedAuthentication).once();
+
+ AmbariLdapAuthenticationProvider authenticationProvider = createMockBuilder(AmbariLdapAuthenticationProvider.class)
+ .withConstructor(users, configuration, ldapConfigurationProvider, authoritiesPopulator)
+ .addMockedMethod("loadLdapAuthenticationProvider")
+ .createMock();
+ expect(authenticationProvider.loadLdapAuthenticationProvider(ALLOWED_USER_NAME)).andReturn(ldapAuthenticationProvider).once();
+
+ replayAll();
+
+ Authentication result = authenticationProvider.authenticate(authentication);
+ assertTrue(result instanceof AmbariUserAuthentication);
+ assertTrue(result.isAuthenticated());
- // Then
- // InvalidUsernamePasswordCombinationException should be thrown due to no user with 'missingloginalias@ambari.apache.org' is found in ldap
+ verifyAll();
}
+ @Test
+ public void testDisabled() throws Exception {
+ Authentication authentication = new UsernamePasswordAuthenticationToken(ALLOWED_USER_NAME, "password");
- @Test(expected = InvalidUsernamePasswordCombinationException.class)
- public void testBadCredentialsBadPasswordForLoginAlias() throws Exception {
- // Given
- assertNull("User already exists in DB", userDAO.findUserByName("allowedUser"));
- Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser@ambari.apache.org", "bad_password");
- ldapConfiguration.setValueFor(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_ENABLED, "true");
+ Configuration configuration = createMockConfiguration(ClientSecurityType.LOCAL);
+ Users users = createMock(Users.class);
+ AmbariLdapConfigurationProvider ldapConfigurationProvider = createMock(AmbariLdapConfigurationProvider.class);
+ AmbariLdapAuthoritiesPopulator authoritiesPopulator = createMock(AmbariLdapAuthoritiesPopulator.class);
- replay(ldapConfigurationProvider);
+ AmbariLdapAuthenticationProvider authenticationProvider = createMockBuilder(AmbariLdapAuthenticationProvider.class)
+ .withConstructor(users, configuration, ldapConfigurationProvider, authoritiesPopulator)
+ .addMockedMethod("loadLdapAuthenticationProvider")
+ .createMock();
- // When
- authenticationProvider.authenticate(authentication);
+ replayAll();
+
+ Authentication result = authenticationProvider.authenticate(authentication);
+ assertNull(result);
+
+ verifyAll();
+ }
- // Then
- // InvalidUsernamePasswordCombinationException should be thrown due to wrong password
+ private Configuration createMockConfiguration(ClientSecurityType clientSecurityType) {
+ Configuration configuration = createMock(Configuration.class);
+ expect(configuration.getClientSecurityType()).andReturn(clientSecurityType).atLeastOnce();
+ return configuration;
}
}