You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2010/03/17 15:41:35 UTC
svn commit: r924314 [1/3] - in /directory/apacheds/trunk/core-integ: ./
src/main/java/org/apache/directory/server/core/integ/
src/test/java/org/apache/directory/server/core/authz/
src/test/java/org/apache/directory/server/core/suites/
Author: kayyagari
Date: Wed Mar 17 14:41:34 2010
New Revision: 924314
URL: http://svn.apache.org/viewvc?rev=924314&view=rev
Log:
o added dependency on client-api
o fixed a JNDI issue in IntegrationUtils and added some convenient methods to get LdapConnection for the associated LdapServer
o migrated all the classes under the authz package to use client-api
o added LDAP server and DS annotations in AuthzISuite
Modified:
directory/apacheds/trunk/core-integ/pom.xml
directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/suites/AuthzISuite.java
Modified: directory/apacheds/trunk/core-integ/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/pom.xml?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/pom.xml (original)
+++ directory/apacheds/trunk/core-integ/pom.xml Wed Mar 17 14:41:34 2010
@@ -60,6 +60,14 @@
<artifactId>commons-io</artifactId>
<version>${commons.io.version}</version>
</dependency>
+
+ <!-- the below dependency creates a circular dependency issue, should be changed to 0.1.0 after the client-api
+ is released and all the tests will eventually be moved to server-integ after removing jndi -->
+ <dependency>
+ <groupId>org.apache.directory.client.ldap</groupId>
+ <artifactId>ldap-client-api</artifactId>
+ <version>0.1-SNAPSHOT</version>
+ </dependency>
</dependencies>
<profiles>
Modified: directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java (original)
+++ directory/apacheds/trunk/core-integ/src/main/java/org/apache/directory/server/core/integ/IntegrationUtils.java Wed Mar 17 14:41:34 2010
@@ -21,17 +21,19 @@ package org.apache.directory.server.core
import java.io.File;
import java.io.IOException;
+import java.util.ArrayList;
import java.util.List;
-import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.LdapName;
import org.apache.commons.io.FileUtils;
+import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DirectoryService;
@@ -39,10 +41,12 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.entry.DefaultServerEntry;
import org.apache.directory.server.core.jndi.ServerLdapContext;
import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.client.DefaultClientAttribute;
+import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.ldif.ChangeType;
import org.apache.directory.shared.ldap.ldif.LdifEntry;
import org.apache.directory.shared.ldap.ldif.LdifReader;
@@ -64,6 +68,7 @@ public class IntegrationUtils
/** The class logger */
private static final Logger LOG = LoggerFactory.getLogger( IntegrationUtils.class );
+ private static final List<LdapConnection> openConnections = new ArrayList<LdapConnection>();
/**
* Deletes the working directory.
@@ -129,7 +134,7 @@ public class IntegrationUtils
}
- public static LdifEntry getUserAddLdif() throws InvalidNameException, NamingException
+ public static LdifEntry getUserAddLdif() throws LdapException
{
return getUserAddLdif( "uid=akarasulu,ou=users,ou=system", "test".getBytes(), "Alex Karasulu", "Karasulu" );
}
@@ -153,7 +158,7 @@ public class IntegrationUtils
}
CoreSession session = service.getSession( principal );
- LdapContext ctx = new ServerLdapContext( service, session, new DN( dn ) );
+ LdapContext ctx = new ServerLdapContext( service, session, new LdapName( dn ) );
return ctx;
}
@@ -259,7 +264,7 @@ public class IntegrationUtils
public static LdifEntry getUserAddLdif( String dnstr, byte[] password, String cn, String sn )
- throws InvalidNameException, NamingException
+ throws LdapException
{
DN dn = new DN( dnstr );
LdifEntry ldif = new LdifEntry();
@@ -351,4 +356,62 @@ public class IntegrationUtils
return ( schema != null ) && schema.isEnabled();
}
+
+
+ /**
+ * gets a LdapConnection bound using the default admin DN uid=admin,ou=system and password "secret"
+ */
+ public static LdapConnection getAdminConnection( LdapServer ldapServer ) throws Exception
+ {
+ return getConnectionAs( ldapServer, ServerDNConstants.ADMIN_SYSTEM_DN, "secret" );
+ }
+
+
+ public static LdapConnection getConnectionAs( LdapServer ldapServer, String dn, String password ) throws Exception
+ {
+ return getConnectionAs( "localhost", ldapServer.getPort(), dn, password );
+ }
+
+
+ public static LdapConnection getConnectionAs( LdapServer ldapServer, DN dn, String password ) throws Exception
+ {
+ return getConnectionAs( "localhost", ldapServer.getPort(), dn.getName(), password );
+ }
+
+
+ public static LdapConnection getConnectionAs( String host, int port, String dn, String password ) throws Exception
+ {
+ LdapConnection connection = new LdapConnection( host, port );
+ connection.bind( dn, password );
+ openConnections.add( connection );
+ return connection;
+ }
+
+
+ public static void closeConections()
+ {
+
+ for( LdapConnection con : openConnections )
+ {
+ if( con == null )
+ {
+ continue;
+ }
+
+ try
+ {
+ if( con.isConnected() )
+ {
+ con.close();
+ }
+ }
+ catch( Exception e )
+ {
+ // shouldn't happen, but print the stacktrace so that less pain during development to find the cause
+ e.printStackTrace();
+ }
+ }
+
+ openConnections.clear();
+ }
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -23,21 +23,19 @@ package org.apache.directory.server.core
import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAsAdmin;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.exception.LdapException;
+import org.apache.directory.ldap.client.api.message.AddResponse;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
import org.junit.Before;
import org.junit.Test;
@@ -57,7 +55,7 @@ public class AddAuthorizationIT extends
@Before
public void setService()
{
- AutzIntegUtils.service = service;
+ AutzIntegUtils.ldapServer = ldapServer;
}
@@ -73,29 +71,32 @@ public class AddAuthorizationIT extends
* @param password the password of this user
* @param entryRdn the relative DN, relative to ou=system where entry creation is tested
* @return true if the entry can be created by the user at the specified location, false otherwise
- * @throws NamingException if there are problems conducting the test
+ * @throws Exception if there are problems conducting the test
*/
public boolean checkCanAddEntryAs( String uid, String password, String entryRdn ) throws Exception
{
- Attributes testEntry = new BasicAttributes( "ou", "testou", true );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- testEntry.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "organizationalUnit" );
-
try
{
DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
- DirContext userContext = getContextAs( userName, password );
- userContext.createSubcontext( entryRdn, testEntry );
-
- // delete the newly created context as the admin user
- DirContext adminContext = getContextAsAdmin();
- adminContext.destroySubcontext( entryRdn );
+ LdapConnection connection = getConnectionAs( userName, password );
+ Entry entry = new DefaultClientEntry( new DN( "ou=testou,ou=system" ) );
+ entry.add( SchemaConstants.OU_AT, "testou" );
+ entry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+
+ AddResponse resp = connection.add( entry );
+
+ if( resp.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
+ {
+ return false;
+ }
+
+ connection.delete( entry.getDn() );
+ connection.close();
+
return true;
}
- catch ( LdapNoPermissionException e )
+ catch ( LdapException e )
{
return false;
}
@@ -105,7 +106,7 @@ public class AddAuthorizationIT extends
/**
* Checks to make sure group membership based userClass works for add operations.
*
- * @throws NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantAddAdministrators() throws Exception
@@ -139,7 +140,7 @@ public class AddAuthorizationIT extends
/**
* Checks to make sure name based userClass works for add operations.
*
- * @throws NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantAddByName() throws Exception
@@ -165,7 +166,7 @@ public class AddAuthorizationIT extends
/**
* Checks to make sure subtree based userClass works for add operations.
*
- * @throws NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantAddBySubtree() throws Exception
@@ -191,7 +192,7 @@ public class AddAuthorizationIT extends
/**
* Checks to make sure <b>allUsers</b> userClass works for add operations.
*
- * @throws NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantAddAllUsers() throws Exception
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AdministratorsGroupIT.java Wed Mar 17 14:41:34 2010
@@ -22,19 +22,18 @@ package org.apache.directory.server.core
import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import javax.naming.Name;
-import javax.naming.NamingException;
-import javax.naming.NoPermissionException;
-import javax.naming.directory.DirContext;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.name.DN;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -54,21 +53,27 @@ public class AdministratorsGroupIT exten
@Before
public void setService()
{
- AutzIntegUtils.service = service;
+ AutzIntegUtils.ldapServer = ldapServer;
}
- boolean canReadAdministrators( DirContext ctx ) throws NamingException
+ @After
+ public void closeConnections()
{
- try
- {
- ctx.getAttributes( "cn=Administrators,ou=groups" );
- return true;
- }
- catch ( NoPermissionException e )
+ IntegrationUtils.closeConections();
+ }
+
+
+ boolean canReadAdministrators( LdapConnection connection ) throws Exception
+ {
+ SearchResultEntry res = ( SearchResultEntry ) connection.lookup( "cn=Administrators,ou=groups,ou=system" );
+
+ if( res == null )
{
return false;
}
+
+ return true;
}
@@ -85,28 +90,20 @@ public class AdministratorsGroupIT exten
@CreateDS ( enableAccessControl=true, name="testNonAdminReadAccessToGroups-method" )
public void testNonAdminReadAccessToGroups() throws Exception
{
- // this is required cause the new service is at method level
- AutzIntegUtils.service = service;
-
- Name billydDn = createUser( "billyd", "s3kr3t" );
-
+ DN billydDn = createUser( "billyd", "s3kr3t" );
+
// this should fail with a no permission exception because we
// are not allowed to browse ou=system without an ACI
- try
- {
- getContextAs( billydDn, "s3kr3t" );
- fail( "Should not get here since we cannot browse ou=system" );
- }
- catch( NoPermissionException e )
- {
- }
+ LdapConnection connection = getConnectionAs( billydDn, "s3kr3t" );
+ assertTrue( connection.isAuthenticated() );
+ assertFalse( canReadAdministrators( connection ) );
// add billyd to administrators and try again
addUserToGroup( "billyd", "Administrators" );
// billyd should now be able to read ou=system and the admin group
- DirContext ctx = getContextAs( billydDn, "s3kr3t" );
- assertTrue( canReadAdministrators( ctx ) );
+ connection = getConnectionAs( billydDn, "s3kr3t" );
+ assertTrue( canReadAdministrators( connection ) );
}
@@ -118,23 +115,20 @@ public class AdministratorsGroupIT exten
* @throws Exception on failure
*/
@Test
- @CreateDS ( name="testNonAdminReadAccessToGroups-method" )
+ @CreateDS ( name="testDefaultNonAdminReadAccessToGroups-method" )
public void testDefaultNonAdminReadAccessToGroups() throws Exception
{
- // this is required cause the new service is at method level
- AutzIntegUtils.service = service;
-
- Name billydDn = createUser( "billyd", "s3kr3t" );
+ DN billydDn = createUser( "billyd", "s3kr3t" );
assertFalse( service.isAccessControlEnabled() );
- DirContext ctx = getContextAs( billydDn, "s3kr3t" );
+ LdapConnection connection = getConnectionAs( billydDn, "s3kr3t" );
// billyd should not be able to read the admin group
- assertFalse( canReadAdministrators( ctx ) );
+ assertFalse( canReadAdministrators( connection ) );
// add billyd to administrators and try again
addUserToGroup( "billyd", "Administrators" );
// billyd should now be able to read the admin group
- assertTrue( canReadAdministrators( ctx ) );
+ assertTrue( canReadAdministrators( connection ) );
}
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsAdminIT.java Wed Mar 17 14:41:34 2010
@@ -20,28 +20,33 @@
package org.apache.directory.server.core.authz;
-import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
import java.util.HashSet;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.LdapContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.DeleteResponse;
+import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
+import org.apache.directory.ldap.client.api.message.ModifyRequest;
+import org.apache.directory.ldap.client.api.message.SearchResponse;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.cursor.Cursor;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.filter.SearchScope;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.name.RDN;
import org.apache.directory.shared.ldap.util.ArrayUtils;
import org.apache.directory.shared.ldap.util.StringTools;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -53,97 +58,98 @@ import org.junit.runner.RunWith;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$
*/
-@RunWith ( FrameworkRunner.class )
+@RunWith(FrameworkRunner.class)
public class AuthorizationServiceAsAdminIT extends AbstractLdapTestUnit
{
+ @Before
+ public void setService()
+ {
+ AutzIntegUtils.ldapServer = ldapServer;
+ }
+
+
/**
* Makes sure the admin cannot delete the admin account.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testNoDeleteOnAdminByAdmin() throws Exception
{
- try
- {
- getSystemContext( service ).destroySubcontext( "uid=admin" );
- fail( "admin should not be able to delete his account" );
- }
- catch ( LdapNoPermissionException e )
- {
- assertNotNull( e );
- }
+ DeleteResponse delResp = getAdminConnection().delete( "uid=admin,ou=system" );
+ assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, delResp.getLdapResult().getResultCode() );
}
/**
* Makes sure the admin cannot rename the admin account.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testNoRdnChangesOnAdminByAdmin() throws Exception
{
- try
- {
- getSystemContext( service ).rename( "uid=admin", "uid=alex" );
- fail( "admin should not be able to rename his account" );
- }
- catch ( LdapNoPermissionException e )
- {
- assertNotNull( e );
- }
+ ModifyDnResponse resp = getAdminConnection().rename( new DN( "uid=admin,ou=system" ), new RDN( "uid=alex" ) );
+ assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, resp.getLdapResult().getResultCode() );
}
/**
- * Makes sure the admin cannot rename the admin account.
+ * Makes sure the admin can update the admin account password.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testModifyOnAdminByAdmin() throws Exception
{
- LdapContext sysRoot = getSystemContext( service );
- Attributes attributes = new BasicAttributes( true );
- attributes.put( "userPassword", "replaced" );
- sysRoot.modifyAttributes( "uid=admin", DirContext.REPLACE_ATTRIBUTE, attributes );
- Attributes newAttrs = sysRoot.getAttributes( "uid=admin" );
- assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( "replaced" ), newAttrs.get( "userPassword" ).get() ) );
+ LdapConnection connection = getAdminConnection();
+ DN adminDN = new DN( "uid=admin,ou=system" );
+ ModifyRequest req = new ModifyRequest( adminDN );
+ String newPwd = "replaced";
+ req.replace( SchemaConstants.USER_PASSWORD_AT, newPwd );
+ connection.modify( req );
+ connection.close();
+
+ connection = getConnectionAs( adminDN, newPwd );
+ Entry entry = ( ( SearchResultEntry ) connection.lookup( adminDN.getName() ) ).getEntry();
+ assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( newPwd ), entry.get( "userPassword" ).get()
+ .getBytes() ) );
}
/**
* Makes sure the admin can see all entries we know of on a subtree search.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testSearchSubtreeByAdmin() throws Exception
{
- LdapContext sysRoot = getSystemContext( service );
- SearchControls controls = new SearchControls();
- controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+ LdapConnection connection = getAdminConnection();
+
HashSet<String> set = new HashSet<String>();
- NamingEnumeration<SearchResult> list = sysRoot.search( "", "(objectClass=*)", controls );
- while ( list.hasMore() )
+ Cursor<SearchResponse> cursor = connection.search( "ou=system", "(objectClass=*)", SearchScope.SUBTREE, "*" );
+
+ while ( cursor.next() )
{
- SearchResult result = list.next();
- set.add( result.getName() );
+ Entry result = ( ( SearchResultEntry ) cursor.get() ).getEntry();
+ set.add( result.getDn().getName() );
}
+ cursor.close();
+
assertEquals( 10, set.size() );
assertTrue( set.contains( "ou=system" ) );
- assertTrue( set.contains( "ou=configuration,ou=system" ) );
- assertTrue( set.contains( "ou=interceptors,ou=configuration,ou=system" ) );
- assertTrue( set.contains( "ou=partitions,ou=configuration,ou=system" ) );
- assertTrue( set.contains( "ou=services,ou=configuration,ou=system" ) );
- assertTrue( set.contains( "ou=groups,ou=system" ) );
- assertTrue( set.contains( "cn=Administrators,ou=groups,ou=system" ) );
- assertTrue( set.contains( "ou=users,ou=system" ) );
- assertTrue( set.contains( "prefNodeName=sysPrefRoot,ou=system" ) );
- assertTrue( set.contains( "uid=admin,ou=system" ) );
+ assertTrue( set.contains( "ou=configuration,ou=system" ) );
+ assertTrue( set.contains( "ou=interceptors,ou=configuration,ou=system" ) );
+ assertTrue( set.contains( "ou=partitions,ou=configuration,ou=system" ) );
+ assertTrue( set.contains( "ou=services,ou=configuration,ou=system" ) );
+ assertTrue( set.contains( "ou=groups,ou=system" ) );
+ assertTrue( set.contains( "cn=Administrators,ou=groups,ou=system" ) );
+ assertTrue( set.contains( "ou=users,ou=system" ) );
+ assertTrue( set.contains( "prefNodeName=sysPrefRoot,ou=system" ) );
+ assertTrue( set.contains( "uid=admin,ou=system" ) );
}
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthorizationServiceAsNonAdminIT.java Wed Mar 17 14:41:34 2010
@@ -29,8 +29,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import javax.naming.NamingException;
-
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.core.entry.DefaultServerEntry;
@@ -69,7 +67,7 @@ public class AuthorizationServiceAsNonAd
/**
* Makes sure a non-admin user cannot delete the admin account.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testNoDeleteOnAdminByNonAdmin() throws Exception
@@ -94,7 +92,7 @@ public class AuthorizationServiceAsNonAd
/**
* Makes sure a non-admin user cannot rename the admin account.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testNoRdnChangesOnAdminByNonAdmin() throws Exception
@@ -122,7 +120,7 @@ public class AuthorizationServiceAsNonAd
/**
* Makes sure the a non-admin user cannot rename the admin account.
*
- * @throws NamingException on error
+ * @throws Exception on error
*/
@Test
public void testModifyOnAdminByNonAdmin() throws Exception
@@ -164,7 +162,7 @@ public class AuthorizationServiceAsNonAd
/**
* Makes sure non-admin cannot search under ou=system.
*
- * @throws NamingException if there are problems
+ * @throws Exception if there are problems
*/
@Test
public void testNoSearchByNonAdmin() throws Exception
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java Wed Mar 17 14:41:34 2010
@@ -22,15 +22,19 @@ package org.apache.directory.server.core
import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.junit.Assert.fail;
-import junit.framework.Assert;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.entry.Entry;
import org.apache.directory.shared.ldap.name.DN;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -48,14 +52,15 @@ public class AuthzAuthnIT extends Abstra
@Before
public void setService()
{
- AutzIntegUtils.service = service;
+ AutzIntegUtils.ldapServer = ldapServer;
+ AutzIntegUtils.service = service;
}
/**
* Checks to make sure a user can authenticate with RootDSE as the
* provider URL without need of any access control permissions.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testAuthnWithRootDSE() throws Exception
@@ -63,15 +68,11 @@ public class AuthzAuthnIT extends Abstra
createUser( "billyd", "billyd" );
DN userName = new DN( "uid=billyd,ou=users,ou=system" );
- try
- {
- // Authenticate to RootDSE
- getContextAs( userName, "billyd", "" );
- }
- catch ( LdapNoPermissionException e )
- {
- fail( "Authentication should not have failed." );
- }
+ // Authenticate to RootDSE
+ LdapConnection connection = getConnectionAs( userName, "billyd" );
+ Entry entry = ( ( SearchResultEntry ) connection.lookup( "" ) ).getEntry();
+ assertNotNull( entry );
+ assertEquals( 0, entry.getDn().size() );
}
@@ -79,7 +80,7 @@ public class AuthzAuthnIT extends Abstra
* Checks to make sure a user cannot authenticate with a naming context
* as the provider URL if it does not have appropriate Browse permissions.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testAuthnFailsWithSystemPartition() throws Exception
@@ -87,16 +88,9 @@ public class AuthzAuthnIT extends Abstra
createUser( "billyd", "billyd" );
DN userName = new DN( "uid=billyd,ou=users,ou=system" );
- try
- {
- // Authenticate to "ou=system"
- getContextAs( userName, "billyd", "ou=system" );
- fail( "Authentication should have failed." );
- }
- catch ( LdapNoPermissionException e )
- {
- Assert.assertNotNull( e );
- }
+ LdapConnection connection = getConnectionAs( userName, "billyd" );
+ SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( "ou=system" );
+ assertNull( entry );
}
@@ -104,8 +98,9 @@ public class AuthzAuthnIT extends Abstra
* Checks to make sure a user can authenticate with a naming context
* as the provider URL if it has appropriate Browse permissions.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
+ @Ignore( "This test is not failing but I want to make sure that this test case is equivalent to its prior JNDI based impl, so ignoring this to get attention" )
@Test
public void testAuthnPassesWithSystemPartition() throws Exception
{
@@ -127,14 +122,9 @@ public class AuthzAuthnIT extends Abstra
+ "grantsAndDenials { grantBrowse } } } } }" );
DN userName = new DN( "uid=billyd,ou=users,ou=system" );
- try
- {
- // Authenticate to "ou=system"
- getContextAs( userName, "billyd", "ou=system" );
- }
- catch ( LdapNoPermissionException e )
- {
- fail( "Authentication should not have failed." );
- }
+
+ LdapConnection connection = getConnectionAs( userName, "billyd" );
+ SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( "ou=system" );
+ assertNull( entry );
}
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java Wed Mar 17 14:41:34 2010
@@ -25,19 +25,24 @@ import static org.apache.directory.serve
import java.util.Hashtable;
import javax.naming.Name;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.LdapContext;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.AddResponse;
+import org.apache.directory.ldap.client.api.message.ModifyRequest;
+import org.apache.directory.ldap.client.api.message.SearchResultEntry;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.integ.IntegrationUtils;
import org.apache.directory.server.core.subtree.SubentryInterceptor;
+import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
@@ -52,15 +57,45 @@ public class AutzIntegUtils
{
public static DirectoryService service;
+ public static LdapServer ldapServer;
+
+
// -----------------------------------------------------------------------
// Utility methods used by subclasses
// -----------------------------------------------------------------------
/**
+ * gets a LdapConnection bound using the default admin DN uid=admin,ou=system and password "secret"
+ */
+ public static LdapConnection getAdminConnection() throws Exception
+ {
+ return IntegrationUtils.getAdminConnection( ldapServer );
+ }
+
+
+ public static LdapConnection getConnectionAs( String dn, String password ) throws Exception
+ {
+ return IntegrationUtils.getConnectionAs( ldapServer, dn, password );
+ }
+
+
+ public static LdapConnection getConnectionAs( DN dn, String password ) throws Exception
+ {
+ return IntegrationUtils.getConnectionAs( ldapServer, dn.getName(), password );
+ }
+
+
+ public static LdapConnection getConnectionAs( String host, int port, String dn, String password ) throws Exception
+ {
+ return IntegrationUtils.getConnectionAs( host, port, dn, password );
+ }
+
+
+ /**
* Gets a context at ou=system as the admin user.
*
* @return the admin context at ou=system
- * @throws NamingException if there are problems creating the context
+ * @throws Exception if there are problems creating the context
*/
public static DirContext getContextAsAdmin() throws Exception
{
@@ -75,7 +110,7 @@ public class AutzIntegUtils
*
* @param dn the DN of the context to get
* @return the context for the DN as the admin user
- * @throws NamingException if is a problem initializing or getting the context
+ * @throws Exception if is a problem initializing or getting the context
*/
@SuppressWarnings("unchecked")
public static DirContext getContextAsAdmin( String dn ) throws Exception
@@ -99,20 +134,19 @@ public class AutzIntegUtils
* @param cn the common name of the group used as the RDN attribute
* @param firstMemberDn the DN of the first member of this group
* @return the distinguished name of the group entry
- * @throws NamingException if there are problems creating the new group like
+ * @throws Exception if there are problems creating the new group like
* it exists already
*/
- public static Name createGroup( String cn, String firstMemberDn ) throws Exception
+ public static DN createGroup( String cn, String firstMemberDn ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes group = new BasicAttributes( "cn", cn, true );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- group.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "groupOfUniqueNames" );
- group.put( "uniqueMember", firstMemberDn );
- adminCtx.createSubcontext( "cn=" + cn + ",ou=groups", group );
- return new DN( "cn=" + cn + ",ou=groups,ou=system" );
+ DN groupDN = new DN( "cn=" + cn + ",ou=groups,ou=system" );
+ Entry entry = new DefaultClientEntry( groupDN );
+ entry.add( SchemaConstants.OBJECT_CLASS_AT, "groupOfUniqueNames" );
+ entry.add( SchemaConstants.UNIQUE_MEMBER_AT, firstMemberDn );
+ entry.add( SchemaConstants.CN_AT, cn );
+
+ getAdminConnection().add( entry );
+ return groupDN;
}
@@ -120,13 +154,12 @@ public class AutzIntegUtils
* Deletes a user with a specific UID under ou=users,ou=system.
*
* @param uid the RDN value for the user to delete
- * @throws NamingException if there are problems removing the user
+ * @throws Exception if there are problems removing the user
* i.e. user does not exist
*/
public static void deleteUser( String uid ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- adminCtx.destroySubcontext( "uid=" + uid + ",ou=users" );
+ getAdminConnection().delete( "uid=" + uid + ",ou=users,ou=system" );
}
@@ -138,23 +171,22 @@ public class AutzIntegUtils
* @param uid the value of the RDN attriubte (uid), the sn and cn attributes
* @param password the password to use to create the user
* @return the dn of the newly created user entry
- * @throws NamingException if there are problems creating the user entry
+ * @throws Exception if there are problems creating the user entry
*/
- public static Name createUser( String uid, String password ) throws Exception
+ public static DN createUser( String uid, String password ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes user = new BasicAttributes( "uid", uid, true );
- user.put( "userPassword", password );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- user.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "person" );
- objectClass.add( "organizationalPerson" );
- objectClass.add( "inetOrgPerson" );
- user.put( "sn", uid );
- user.put( "cn", uid );
- adminCtx.createSubcontext( "uid=" + uid + ",ou=users", user );
- return new DN( "uid=" + uid + ",ou=users,ou=system" );
+ LdapConnection connection = getAdminConnection();
+
+ Entry entry = new DefaultClientEntry( new DN( "uid=" + uid + ",ou=users,ou=system" ) );
+ entry.add( SchemaConstants.UID_AT, uid );
+ entry.add( SchemaConstants.OBJECT_CLASS_AT, "person", "organizationalPerson", "inetOrgPerson" );
+ entry.add( SchemaConstants.SN_AT, uid );
+ entry.add( SchemaConstants.CN_AT, uid );
+ entry.add( SchemaConstants.USER_PASSWORD_AT, password );
+
+ connection.add( entry );
+
+ return entry.getDn();
}
@@ -165,21 +197,21 @@ public class AutzIntegUtils
*
* @param groupName the name of the cgroup to create
* @return the DN of the group as a Name object
- * @throws NamingException if the group cannot be created
+ * @throws Exception if the group cannot be created
*/
- public static Name createGroup( String groupName ) throws Exception
+ public static DN createGroup( String groupName ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes group = new BasicAttributes( true );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- group.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "groupOfUniqueNames" );
+ DN groupDN = new DN( "cn=" + groupName + ",ou=groups,ou=system" );
+ Entry entry = new DefaultClientEntry( groupDN );
+ entry.add( SchemaConstants.OBJECT_CLASS_AT, "groupOfUniqueNames" );
// TODO might be ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
- group.put( "uniqueMember", "uid=admin, ou=system" );
- adminCtx.createSubcontext( "cn=" + groupName + ",ou=groups", group );
- return new DN( "cn=" + groupName + ",ou=groups,ou=system" );
+ entry.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=admin, ou=system" );
+ entry.add( SchemaConstants.CN_AT, groupName );
+
+ getAdminConnection().add( entry );
+
+ return groupDN;
}
@@ -189,13 +221,16 @@ public class AutzIntegUtils
*
* @param userUid the uid of the user to add to the group
* @param groupCn the cn of the group to add the user to
- * @throws NamingException if the group does not exist
+ * @throws Exception if the group does not exist
*/
public static void addUserToGroup( String userUid, String groupCn ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes changes = new BasicAttributes( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system", true );
- adminCtx.modifyAttributes( "cn=" + groupCn + ",ou=groups", DirContext.ADD_ATTRIBUTE, changes );
+ LdapConnection connection = getAdminConnection();
+
+ ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
+ modReq.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system" );
+
+ connection.modify( modReq ).getLdapResult().getResultCode();
}
@@ -204,13 +239,13 @@ public class AutzIntegUtils
*
* @param userUid the RDN attribute value of the user to remove from the group
* @param groupCn the RDN attribute value of the group to have user removed from
- * @throws NamingException if there are problems accessing the group
+ * @throws Exception if there are problems accessing the group
*/
public static void removeUserFromGroup( String userUid, String groupCn ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes changes = new BasicAttributes( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system", true );
- adminCtx.modifyAttributes( "cn=" + groupCn + ",ou=groups", DirContext.REMOVE_ATTRIBUTE, changes );
+ ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
+ modReq.remove( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system" );
+ getAdminConnection().modify( modReq );
}
@@ -220,7 +255,7 @@ public class AutzIntegUtils
* @param user the DN of the user to get the context as
* @param password the password of the user
* @return the context as the user
- * @throws NamingException if the user does not exist or authx fails
+ * @throws Exception if the user does not exist or authx fails
*/
public static DirContext getContextAs( Name user, String password ) throws Exception
{
@@ -235,7 +270,7 @@ public class AutzIntegUtils
* @param password the password of the user
* @param dn the distinguished name of the entry to get the context for
* @return the context representing the entry at the dn as a specific user
- * @throws NamingException if the does not exist or authx fails
+ * @throws Exception if the does not exist or authx fails
*/
@SuppressWarnings("unchecked")
public static DirContext getContextAs( Name user, String password, String dn ) throws Exception
@@ -254,8 +289,7 @@ public class AutzIntegUtils
public static void deleteAccessControlSubentry( String cn ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- adminCtx.destroySubcontext( "cn=" + cn );
+ getAdminConnection().delete( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN );
}
@@ -265,11 +299,11 @@ public class AutzIntegUtils
*
* @param cn the common name and rdn for the subentry
* @param aciItem the prescriptive ACI attribute value
- * @throws NamingException if there is a problem creating the subentry
+ * @throws Exception if there is a problem creating the subentry
*/
- public static void createAccessControlSubentry( String cn, String aciItem ) throws Exception
+ public static ResultCodeEnum createAccessControlSubentry( String cn, String aciItem ) throws Exception
{
- createAccessControlSubentry( cn, "{}", aciItem );
+ return createAccessControlSubentry( cn, "{}", aciItem );
}
@@ -280,32 +314,35 @@ public class AutzIntegUtils
* @param cn the common name and rdn for the subentry
* @param subtree the subtreeSpecification for the subentry
* @param aciItem the prescriptive ACI attribute value
- * @throws NamingException if there is a problem creating the subentry
+ * @throws Exception if there is a problem creating the subentry
*/
- public static void createAccessControlSubentry( String cn, String subtree, String aciItem ) throws Exception
+ public static ResultCodeEnum createAccessControlSubentry( String cn, String subtree, String aciItem )
+ throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
+ LdapConnection connection = getAdminConnection();
+
+ Entry systemEntry = ( ( SearchResultEntry ) connection.lookup( ServerDNConstants.SYSTEM_DN, "+", "*" ) )
+ .getEntry();
// modify ou=system to be an AP for an A/C AA if it is not already
- Attributes ap = adminCtx.getAttributes( "", new String[]
- { "administrativeRole" } );
- Attribute administrativeRole = ap.get( "administrativeRole" );
+ EntryAttribute administrativeRole = systemEntry.get( "administrativeRole" );
if ( administrativeRole == null || !administrativeRole.contains( SubentryInterceptor.AC_AREA ) )
{
- Attributes changes = new BasicAttributes( "administrativeRole", SubentryInterceptor.AC_AREA, true );
- adminCtx.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, changes );
+ ModifyRequest modReq = new ModifyRequest( systemEntry.getDn() );
+ modReq.add( "administrativeRole", SubentryInterceptor.AC_AREA );
+ connection.modify( modReq );
}
// now add the A/C subentry below ou=system
- Attributes subentry = new BasicAttributes( "cn", cn, true );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- subentry.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( SchemaConstants.SUBENTRY_OC );
- objectClass.add( "accessControlSubentry" );
- subentry.put( "subtreeSpecification", subtree );
- subentry.put( "prescriptiveACI", aciItem );
- adminCtx.createSubcontext( "cn=" + cn, subentry );
+ Entry subEntry = new DefaultClientEntry( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+ subEntry.add( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC,
+ SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC );
+ subEntry.add( SchemaConstants.SUBTREE_SPECIFICATION_AT, subtree );
+ subEntry.add( SchemaConstants.PRESCRIPTIVE_ACI_AT, aciItem );
+
+ AddResponse addResp = connection.add( subEntry );
+
+ return addResp.getLdapResult().getResultCode();
}
@@ -313,17 +350,17 @@ public class AutzIntegUtils
* Adds and entryACI attribute to an entry specified by a relative name
* with respect to ou=system
*
- * @param rdn a name relative to ou=system
+ * @param dn a name relative to ou=system
* @param aciItem the entryACI attribute value
- * @throws NamingException if there is a problem adding the attribute
+ * @throws Exception if there is a problem adding the attribute
*/
- public static void addEntryACI( Name rdn, String aciItem ) throws Exception
+ public static void addEntryACI( DN dn, String aciItem ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
-
// modify the entry relative to ou=system to include the aciItem
- Attributes changes = new BasicAttributes( "entryACI", aciItem, true );
- adminCtx.modifyAttributes( rdn, DirContext.ADD_ATTRIBUTE, changes );
+ ModifyRequest modReq = new ModifyRequest( dn );
+ modReq.add( "entryACI", aciItem );
+
+ getAdminConnection().modify( modReq );
}
@@ -331,15 +368,14 @@ public class AutzIntegUtils
* Adds and subentryACI attribute to ou=system
*
* @param aciItem the subentryACI attribute value
- * @throws NamingException if there is a problem adding the attribute
+ * @throws Exception if there is a problem adding the attribute
*/
public static void addSubentryACI( String aciItem ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
-
// modify the entry relative to ou=system to include the aciItem
- Attributes changes = new BasicAttributes( "subentryACI", aciItem, true );
- adminCtx.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, changes );
+ ModifyRequest modReq = new ModifyRequest( new DN( "ou=system" ) );
+ modReq.add( "subentryACI", aciItem );
+ getAdminConnection().modify( modReq );
}
@@ -349,20 +385,20 @@ public class AutzIntegUtils
*
* @param cn the common name of the aci subentry
* @param aciItem the new value for the ACI item
- * @throws NamingException if the modify fails
+ * @throws Exception if the modify fails
*/
public static void changePresciptiveACI( String cn, String aciItem ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes changes = new BasicAttributes( "prescriptiveACI", aciItem, true );
- adminCtx.modifyAttributes( "cn=" + cn, DirContext.REPLACE_ATTRIBUTE, changes );
+ ModifyRequest req = new ModifyRequest( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+ req.replace( "prescriptiveACI", aciItem );
+ getAdminConnection().modify( req );
}
public static void addPrescriptiveACI( String cn, String aciItem ) throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes changes = new BasicAttributes( "prescriptiveACI", aciItem, true );
- adminCtx.modifyAttributes( "cn=" + cn, DirContext.ADD_ATTRIBUTE, changes );
+ ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+ modReq.add( "prescriptiveACI", aciItem );
+ getAdminConnection().modify( modReq );
}
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -23,21 +23,20 @@ package org.apache.directory.server.core
import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAsAdmin;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.CompareResponse;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.jndi.ServerLdapContext;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
import org.junit.Before;
import org.junit.Test;
@@ -57,7 +56,7 @@ public class CompareAuthorizationIT exte
@Before
public void setService()
{
- AutzIntegUtils.service = service;
+ AutzIntegUtils.ldapServer = ldapServer;
}
@@ -78,51 +77,48 @@ public class CompareAuthorizationIT exte
* @return true if the entry's telephoneNumber can be compared by the user at the
* specified location, false otherwise. A false compare result still returns
* true.
- * @throws javax.naming.NamingException if there are problems conducting the test
+ * @throws Exception if there are problems conducting the test
*/
public boolean checkCanCompareTelephoneNumberAs( String uid, String password, String entryRdn, String number )
throws Exception
{
- // create the entry with the telephoneNumber attribute to compare
- Attributes testEntry = new BasicAttributes( "ou", "testou", true );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- testEntry.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "organizationalUnit" );
- testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
-
- DirContext adminContext = getContextAsAdmin();
- try
- {
- // create the entry as admin
- DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
- adminContext.createSubcontext( entryRdn, testEntry );
-
- // compare the telephone numbers
- DirContext userContext = getContextAs( userName, password );
- ServerLdapContext ctx = ( ServerLdapContext ) userContext.lookup( "" );
- ctx.compare( new DN( entryRdn + ",ou=system" ), "telephoneNumber", number );
-
- // don't return compare result which can be false but true since op was permitted
- return true;
- }
- catch ( LdapNoPermissionException e )
- {
- return false;
- }
- finally
+ DN entryDN = new DN( entryRdn + ",ou=system" );
+ boolean result = true;
+
+ // create the entry with the telephoneNumber attribute to compare
+ Entry testEntry = new DefaultClientEntry( entryDN );
+ testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+ testEntry.add( SchemaConstants.OU_AT, "testou" );
+ testEntry.add( "telephoneNumber", "867-5309" ); // jenny don't change your number
+
+ LdapConnection adminConnection = getAdminConnection();
+
+ // create the entry as admin
+ adminConnection.add( testEntry );
+
+ DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
+ // compare the telephone numbers
+ LdapConnection userConnection = getConnectionAs( userName, password );
+ CompareResponse resp = userConnection.compare( entryDN, "telephoneNumber", number );
+
+ // don't set based on compare result success/failure but based on whether the op was permitted or not
+ if( resp.getLdapResult().getResultCode() == ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS )
{
- // let's clean up
- adminContext.destroySubcontext( entryRdn );
+ result = false;
}
+
+ // let's clean up
+ adminConnection.delete( entryRdn );
+
+ return result;
}
/**
* Checks to make sure group membership based userClass works for compare operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantCompareAdministrators() throws Exception
@@ -169,7 +165,7 @@ public class CompareAuthorizationIT exte
/**
* Checks to make sure name based userClass works for compare operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantCompareByName() throws Exception
@@ -216,7 +212,7 @@ public class CompareAuthorizationIT exte
/**
* Checks to make sure subtree based userClass works for compare operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantCompareBySubtree() throws Exception
@@ -242,7 +238,7 @@ public class CompareAuthorizationIT exte
/**
* Checks to make sure <b>allUsers</b> userClass works for compare operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantCompareAllUsers() throws Exception
@@ -268,21 +264,20 @@ public class CompareAuthorizationIT exte
@Test
public void testPasswordCompare() throws Exception
{
- DirContext adminCtx = getContextAsAdmin();
- Attributes user = new BasicAttributes( "uid", "bob", true );
- user.put( "userPassword", "bobspassword" );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- user.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "person" );
- objectClass.add( "organizationalPerson" );
- objectClass.add( "inetOrgPerson" );
- user.put( "sn", "bob" );
- user.put( "cn", "bob" );
- adminCtx.createSubcontext( "uid=bob,ou=users", user );
+ LdapConnection adminCtx = getAdminConnection();
+
+ DN userDN = new DN( "uid=bob,ou=users,ou=system" );
+ Entry user = new DefaultClientEntry( userDN );
+ user.add( SchemaConstants.UID_AT, "bob" );
+ user.add( SchemaConstants.USER_PASSWORD_AT, "bobspassword" );
+ user.add( SchemaConstants.OBJECT_CLASS_AT, "person", "organizationalPerson", "inetOrgPerson" );
+ user.add( SchemaConstants.SN_AT, "bob" );
+ user.add( SchemaConstants.CN_AT, "bob" );
+
+ adminCtx.add( user );
- ServerLdapContext ctx = ( ServerLdapContext ) adminCtx.lookup( "" );
- assertTrue( ctx.compare( new DN( "uid=bob,ou=users,ou=system" ), "userPassword", "bobspassword" ) );
+ CompareResponse resp = adminCtx.compare( userDN, "userPassword", "bobspassword" );
+ assertEquals( ResultCodeEnum.COMPARE_TRUE, resp.getLdapResult().getResultCode() );
}
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -22,20 +22,19 @@ package org.apache.directory.server.core
import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
-import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAsAdmin;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getAdminConnection;
+import static org.apache.directory.server.core.authz.AutzIntegUtils.getConnectionAs;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.message.DeleteResponse;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.client.DefaultClientEntry;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.DN;
import org.junit.Before;
import org.junit.Test;
@@ -55,7 +54,7 @@ public class DeleteAuthorizationIT exten
@Before
public void setService()
{
- AutzIntegUtils.service = service;
+ AutzIntegUtils.ldapServer = ldapServer;
}
@@ -76,32 +75,35 @@ public class DeleteAuthorizationIT exten
* @param password the password of this user
* @param entryRdn the relative DN, relative to ou=system where entry creation then deletion is tested
* @return true if the entry can be created by the user at the specified location, false otherwise
- * @throws javax.naming.NamingException if there are problems conducting the test
+ * @throws Exception if there are problems conducting the test
*/
public boolean checkCanDeleteEntryAs( String uid, String password, String entryRdn ) throws Exception
{
- Attributes testEntry = new BasicAttributes( "ou", "testou", true );
- Attribute objectClass = new BasicAttribute( "objectClass" );
- testEntry.put( objectClass );
- objectClass.add( "top" );
- objectClass.add( "organizationalUnit" );
+ DN entryDN = new DN( entryRdn + ",ou=system" );
+
+ // create the entry with the telephoneNumber attribute to compare
+ Entry testEntry = new DefaultClientEntry( entryDN );
+ testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+ testEntry.add( SchemaConstants.OU_AT, "testou" );
+
+ LdapConnection adminConnection = getAdminConnection();
+
+ // create the entry as admin
+ adminConnection.add( testEntry );
+
+ DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
+
+ // delete the newly created context as the user
+ LdapConnection userConnection = getConnectionAs( userName, password );
+ DeleteResponse resp = userConnection.delete( entryDN );
- DirContext adminContext = getContextAsAdmin();
- try
+ if( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
{
- // create the entry as the admin
- DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
- adminContext.createSubcontext( entryRdn, testEntry );
-
- // delete the newly created context as the user
- DirContext userContext = getContextAs( userName, password );
- userContext.destroySubcontext( entryRdn );
-
return true;
}
- catch ( LdapNoPermissionException e )
+ else
{
- adminContext.destroySubcontext( entryRdn );
+ adminConnection.delete( entryDN );
return false;
}
}
@@ -110,7 +112,7 @@ public class DeleteAuthorizationIT exten
/**
* Checks to make sure group membership based userClass works for delete operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantDeleteAdministrators() throws Exception
@@ -143,7 +145,7 @@ public class DeleteAuthorizationIT exten
/**
* Checks to make sure name based userClass works for delete operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantDeleteByName() throws Exception
@@ -168,7 +170,7 @@ public class DeleteAuthorizationIT exten
/**
* Checks to make sure subtree based userClass works for delete operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantDeleteBySubtree() throws Exception
@@ -193,7 +195,7 @@ public class DeleteAuthorizationIT exten
/**
* Checks to make sure <b>allUsers</b> userClass works for delete operations.
*
- * @throws javax.naming.NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testGrantDeleteAllUsers() throws Exception
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java?rev=924314&r1=924313&r2=924314&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java Wed Mar 17 14:41:34 2010
@@ -22,13 +22,9 @@ package org.apache.directory.server.core
import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import javax.naming.NamingException;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.junit.Before;
import org.junit.Test;
@@ -48,7 +44,7 @@ public class GeneralAuthorizationIT exte
@Before
public void setService()
{
- AutzIntegUtils.service = service;
+ AutzIntegUtils.ldapServer = ldapServer;
}
@@ -56,23 +52,16 @@ public class GeneralAuthorizationIT exte
* Checks to make sure we cannot create a malformed ACI missing two
* last brackets.
*
- * @throws NamingException if the test encounters an error
+ * @throws Exception if the test encounters an error
*/
@Test
public void testFailureToAddBadACI() throws Exception
{
// add a subentry with malformed ACI
- try
- {
- createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
- + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantAdd, grantBrowse } } }" );
- fail( "should never get here due to failure to add bad ACIItem" );
- }
- catch( LdapInvalidAttributeValueException e )
- {
- assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, e.getResultCode() );
- }
+ ResultCodeEnum result = createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+ + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + "grantsAndDenials { grantAdd, grantBrowse } } }" );
+ assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, result );
}
}