You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2008/07/20 17:11:37 UTC
svn commit: r678280 - in /directory:
apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/
apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/
apacheds/branches/...
Author: elecharny
Date: Sun Jul 20 08:11:36 2008
New Revision: 678280
URL: http://svn.apache.org/viewvc?rev=678280&view=rev
Log:
o Added tests for the Simple Bind operation, covering all the different cases
o Adding some messages in the exceptions
o Using the UpDN instead of the normalized DN for messages and logs
o Modified the BindOperation.getAuthenticationLevel() method to handle the case where
the DN is empty but not the paword (returns a INVALID authent)
o Added an Authentication level INVALID
o Removing useless imports
Added:
directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/
directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/
directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
Modified:
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
Added: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java?rev=678280&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java (added)
+++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/operations/bind/SimpleBindIT.java Sun Jul 20 08:11:36 2008
@@ -0,0 +1,390 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.operations.bind;
+
+
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.InvalidNameException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.integ.CiRunner;
+import org.apache.directory.server.core.jndi.CoreContextFactory;
+import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
+import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
+import org.apache.directory.shared.ldap.exception.LdapNameNotFoundException;
+import org.apache.directory.shared.ldap.message.AliasDerefMode;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+
+/**
+ * Test the Simple BindRequest
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$
+ */
+@RunWith ( CiRunner.class )
+public class SimpleBindIT
+{
+ /** The directory service */
+ public static DirectoryService service;
+
+ /**
+ * A method to do a search
+ */
+ private NamingEnumeration<SearchResult> search( DirContext ctx, String baseDn, String filter, int scope ) throws NamingException
+ {
+ SearchControls controls = new SearchControls();
+ controls.setSearchScope( scope );
+ controls.setDerefLinkFlag( false );
+ controls.setReturningAttributes( new String[]{ "*", "+"} );
+ ctx.addToEnvironment( JndiPropertyConstants.JNDI_LDAP_DAP_DEREF_ALIASES,
+ AliasDerefMode.NEVER_DEREF_ALIASES.getJndiValue() );
+
+ NamingEnumeration<SearchResult> list = ctx.search( baseDn, filter, controls );
+ return list;
+ }
+
+
+ /**
+ * try to connect using a known user/password and read an entry.
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindUserPassword()
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+ env.put( Context.PROVIDER_URL, "ou=system" );
+
+ // Authenticate as admin and password "secret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
+ env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+ DirContext ctx = null;
+
+ // Create the initial context
+ try
+ {
+ ctx = new InitialDirContext(env);
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+
+ try
+ {
+ ctx.close();
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+
+
+ /**
+ * try to connect using a known user but with a bad password: we should get a invalidCredentials error.
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindUserBadPassword()
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+ env.put( Context.PROVIDER_URL, "ou=system" );
+
+ // Authenticate as admin and password "badsecret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
+ env.put(Context.SECURITY_CREDENTIALS, "badsecret");
+
+ // Create the initial context
+ try
+ {
+ new InitialDirContext(env);
+
+ // We should not be connected
+ fail();
+ }
+ catch ( LdapAuthenticationException lae )
+ {
+ assertTrue( true );
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+
+
+ /**
+ * try to connect using a user with an invalid DN: we should get a invalidDNSyntax error.
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindBadUserPassword()
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+ env.put( Context.PROVIDER_URL, "ou=system" );
+
+ // Authenticate as admin and password "secret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "admin");
+ env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+ // Create the initial context
+ try
+ {
+ new InitialDirContext(env);
+
+ // We should not be connected
+ fail();
+ }
+ catch ( InvalidNameException ine )
+ {
+ assertEquals( "Bad DN : admin", ine.getMessage() );
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+
+
+ /**
+ * try to connect using a unknown user: we should get a invalidCredentials error.
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindUnknowUserPassword()
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+ env.put( Context.PROVIDER_URL, "ou=system" );
+
+ // Authenticate as uid=unknown and password "secret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "uid=unknown,ou=system");
+ env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+ // Create the initial context
+ try
+ {
+ new InitialDirContext(env);
+
+ // We should not be connected
+ fail();
+ }
+ catch ( LdapAuthenticationException lae )
+ {
+ assertEquals( "Cannot authenticate user uid=unknown,ou=system", lae.getMessage() );
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+
+
+ /**
+ * covers the anonymous authentication : we should be able to read the rootDSE, but that's it
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindNoUserNoPassword()
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+
+ // Bind on the rootDSE
+ env.put( Context.PROVIDER_URL, "" );
+
+ // Authenticate as admin and password "secret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "");
+ env.put(Context.SECURITY_CREDENTIALS, "");
+
+ DirContext ctx = null;
+
+ // Create the initial context
+ try
+ {
+ ctx = new InitialDirContext(env);
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+
+ // We should be anonymous here.
+ // Check that we can read the rootDSE
+ try
+ {
+ NamingEnumeration<SearchResult> list = search( ctx, "", "(ObjectClass=*)", SearchControls.OBJECT_SCOPE );
+
+ assertNotNull( list );
+
+ while ( list.hasMore() )
+ {
+ SearchResult result = list.next();
+ assertNotNull( result );
+ }
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+
+ // Check that we cannot read another entry being anonymous
+ try
+ {
+ NamingEnumeration<SearchResult> list = search( ctx, "uid=admin, ou=system", "(ObjectClass=*)", SearchControls.OBJECT_SCOPE );
+
+ assertNotNull( list );
+ assertFalse( list.hasMore() );
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+
+ try
+ {
+ ctx.close();
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+
+
+ /**
+ * covers the Unauthenticated case : we should get a UnwillingToPerform error.
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindUserNoPassword()
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+
+ // Bind on the rootDSE
+ env.put( Context.PROVIDER_URL, "" );
+
+ // Authenticate as admin and password "secret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
+ env.put(Context.SECURITY_CREDENTIALS, "");
+
+ // Create the initial context
+ try
+ {
+ new InitialDirContext(env);
+ }
+ catch ( LdapAuthenticationException lae )
+ {
+ assertEquals( "Cannot authenticate user uid=admin,ou=system", lae.getMessage() );
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+
+
+ /**
+ * not allowed by the server. We should get a invalidCredentials error.
+ *
+ * @throws Exception on error
+ */
+ @Test
+ public void testSimpleBindNoUserPassword() throws Exception
+ {
+ // We will bind using JNDI
+ // Set up the environment for creating the initial context
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+ env.put( DirectoryService.JNDI_KEY, service );
+ env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
+
+ // Bind on the rootDSE
+ env.put( Context.PROVIDER_URL, "" );
+
+ // Authenticate as admin and password "secret"
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, "");
+ env.put(Context.SECURITY_CREDENTIALS, "secret");
+
+ // Create the initial context
+ try
+ {
+ new InitialDirContext(env);
+ }
+ catch ( LdapNameNotFoundException lnnfe )
+ {
+ assertTrue( true );
+ }
+ catch ( NamingException ne )
+ {
+ fail();
+ }
+ }
+}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Sun Jul 20 08:11:36 2008
@@ -20,10 +20,6 @@
package org.apache.directory.server.core.authn;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -484,6 +480,8 @@
LOG.info( "Cannot bind to the server " );
}
- throw new LdapAuthenticationException();
+ LdapDN dn = opContext.getDn();
+ String upDn = ( dn == null ? "" : dn.getUpName() );
+ throw new LdapAuthenticationException( "Cannot authenticate user " + upDn );
}
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Sun Jul 20 08:11:36 2008
@@ -568,14 +568,17 @@
if ( userEntry == null )
{
+ LdapDN dn = opContext.getDn();
+ String upDn = ( dn == null ? "" : dn.getUpName() );
+
throw new LdapAuthenticationException( "Failed to lookup user for authentication: "
- + opContext.getDn() );
+ + upDn );
}
}
catch ( Exception cause )
{
LOG.error( "Authentication error : " + cause.getMessage() );
- LdapAuthenticationException e = new LdapAuthenticationException();
+ LdapAuthenticationException e = new LdapAuthenticationException( cause.getMessage() );
e.setRootCause( e );
throw e;
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java Sun Jul 20 08:11:36 2008
@@ -98,19 +98,39 @@
}
+ /**
+ * @return The authentication level. One of :
+ * <li>ANONYMOUS</li>
+ * <li>SIMPLE</li>
+ * <li>STRONG (sasl)</li>
+ * <li>INVALID</li>
+ */
public AuthenticationLevel getAuthenticationLevel()
{
- if ( saslMechanism == null && dn.isEmpty() )
+ if ( ( saslMechanism == null ) )
{
- return AuthenticationLevel.NONE;
+ if ( dn.isEmpty() )
+ {
+ if ( StringTools.isEmpty( credentials ) )
+ {
+ // Dn and Credentials are empty, this is an anonymous authent
+ return AuthenticationLevel.NONE;
+ }
+ else
+ {
+ // If we have a password but no DN, this is invalid
+ return AuthenticationLevel.INVALID;
+ }
+ }
+ else
+ {
+ return AuthenticationLevel.SIMPLE;
+ }
}
-
- if ( saslMechanism != null )
+ else
{
return AuthenticationLevel.STRONG;
}
-
- return AuthenticationLevel.SIMPLE;
}
Modified: directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java?rev=678280&r1=678279&r2=678280&view=diff
==============================================================================
--- directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java (original)
+++ directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/AuthenticationLevel.java Sun Jul 20 08:11:36 2008
@@ -28,6 +28,11 @@
*/
public enum AuthenticationLevel
{
+ /**
+ * Invalid authentication type
+ */
+ INVALID(-1, "invalid" ),
+
/**
* No authentication (anonymous access)
*/