You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tb...@apache.org on 2006/12/12 16:24:14 UTC
svn commit: r486187 [25/49] - in /directory/trunks/triplesec: ./ admin-api/
admin-api/src/ admin-api/src/main/ admin-api/src/main/java/
admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/
admin-api/src/main/java/org/safehaus/triplesec/ a...
Added: directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java (added)
+++ directory/trunks/triplesec/store/src/test/java/org/safehaus/triplesec/store/interceptor/PolicyProtectionInterceptorITest.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,850 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.safehaus.triplesec.store.interceptor;
+
+
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SchemaViolationException;
+
+import junit.framework.Assert;
+
+import org.apache.directory.server.core.unit.AbstractAdminTestCase;
+import org.apache.directory.server.core.schema.bootstrap.SystemSchema;
+import org.apache.directory.server.core.schema.bootstrap.CoreSchema;
+import org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema;
+import org.apache.directory.server.core.configuration.Configuration;
+import org.apache.directory.server.core.configuration.MutablePartitionConfiguration;
+import org.apache.directory.server.core.configuration.MutableInterceptorConfiguration;
+import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
+import org.safehaus.triplesec.store.ProfileObjectFactory;
+import org.safehaus.triplesec.store.ProfileStateFactory;
+import org.safehaus.triplesec.store.schema.SafehausSchema;
+
+
+/**
+ * Test case for the PolicyProtectionInterceptor.
+ *
+ * @author Trustin Lee
+ * @version $Rev: 957 $, $Date: 2006-09-22 09:03:23 -0400 (Fri, 22 Sep 2006) $
+ */
+public class PolicyProtectionInterceptorITest extends AbstractAdminTestCase
+{
+ private DirContext ctx;
+
+
+ public void setUp() throws Exception
+ {
+ Set schemas = super.configuration.getBootstrapSchemas();
+ schemas.add( new CoreSchema() );
+ schemas.add( new SystemSchema() );
+ schemas.add( new Krb5kdcSchema() );
+ schemas.add( new SafehausSchema() );
+ super.configuration.setBootstrapSchemas( schemas );
+ super.configuration.setShutdownHookEnabled( false );
+ super.configuration.setAccessControlEnabled( true );
+
+ MutablePartitionConfiguration partitionCfg = new MutablePartitionConfiguration();
+ partitionCfg.setName( "example" );
+ partitionCfg.setSuffix( "dc=example,dc=com" );
+ Attributes ctxEntry = new BasicAttributes();
+ ctxEntry.put( "objectClass", "top" );
+ ctxEntry.put( "dc", "example" );
+ partitionCfg.setContextEntry( ctxEntry );
+ partitionCfg.setContextPartition( new JdbmPartition() );
+
+ Set partitions = super.configuration.getContextPartitionConfigurations();
+ partitions.add( partitionCfg );
+ super.configuration.setContextPartitionConfigurations( partitions );
+
+ List interceptors = super.configuration.getInterceptorConfigurations();
+ MutableInterceptorConfiguration interceptorCfg = new MutableInterceptorConfiguration();
+ interceptorCfg.setName( "protector" );
+ interceptorCfg.setInterceptor( new PolicyProtectionInterceptor() );
+ interceptors.add( interceptorCfg );
+ super.configuration.setInterceptorConfigurations( interceptors );
+
+ super.overrideEnvironment( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() );
+ super.overrideEnvironment( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() );
+ super.setLdifPath( "/interceptor.ldif", getClass() );
+ super.setUp();
+
+ Hashtable env = new Hashtable();
+ env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
+ env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_AUTHENTICATION, "simple" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
+ env.put( Configuration.JNDI_KEY, super.configuration );
+ env.put( Context.STATE_FACTORIES, ProfileStateFactory.class.getName() );
+ env.put( Context.OBJECT_FACTORIES, ProfileObjectFactory.class.getName() );
+
+ ctx = new InitialDirContext( env );
+ }
+
+
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+ }
+
+
+ public void testAdd() throws Exception
+ {
+ Attribute attr;
+
+ // Adding unrelated entries should be OK.
+ ctx.bind( "ou=test,dc=example,dc=com", null, new BasicAttributes( "objectClass", "top" ) );
+
+ // Test adding permissions
+ Attributes perm = new BasicAttributes();
+ attr = new BasicAttribute( "objectClass" );
+ attr.add( "top" );
+ attr.add( "policyPermission" );
+ perm.put( attr );
+ perm.put( "permName", "permX" );
+
+ _testAdd( "permName=permX", "permName=mockPerm0", "ou=permissions", perm );
+
+ // Test adding roles
+ Attributes role = new BasicAttributes();
+ attr = new BasicAttribute( "objectClass" );
+ attr.add( "top" );
+ attr.add( "policyRole" );
+ role.put( attr );
+ role.put( "roleName", "roleX" );
+
+ _testAdd( "roleName=roleX", "roleName=mockRole0", "ou=roles", role );
+
+ // Test adding profiles
+ Attributes profile = new BasicAttributes();
+ attr = new BasicAttribute( "objectClass" );
+ attr.add( "top" );
+ attr.add( "policyProfile" );
+ profile.put( attr );
+ profile.put( "profileId", "profileX" );
+ profile.put( "user", "akarasulu" );
+
+ _testAdd( "profileId=profileX", "profileId=mockProfile0", "ou=profiles", profile );
+
+
+ // Test adding a role with non-existing permissions
+ role = new BasicAttributes();
+ attr = new BasicAttribute( "objectClass" );
+ attr.add( "top" );
+ attr.add( "policyRole" );
+ role.put( attr );
+ role.put( "roleName", "roleY" );
+ role.put( "grants", "unknownPerm" );
+ try
+ {
+ ctx.bind(
+ "roleName=roleY,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ null, role);
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test adding a profile with a non-existing role
+ profile = new BasicAttributes();
+ attr = new BasicAttribute( "objectClass" );
+ attr.add( "top" );
+ attr.add( "policyProfile" );
+ profile.put( attr );
+ profile.put( "profileId", "profileY" );
+ profile.put( "roles", "unknownRole" );
+
+ try
+ {
+ ctx.bind(
+ "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ null, profile);
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test adding a profile with non-existing permissions
+ profile = new BasicAttributes();
+ attr = new BasicAttribute( "objectClass" );
+ attr.add( "top" );
+ attr.add( "policyProfile" );
+ profile.put( attr );
+ profile.put( "uid", "profileY" );
+ profile.put( "grants", "unknownPerm" );
+
+ try
+ {
+ ctx.bind(
+ "profileId=profileY,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ null, profile);
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test adding non-existing permission to a role
+ try
+ {
+ ctx.modifyAttributes(
+ "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.ADD_ATTRIBUTE,
+ new BasicAttributes( "grants", "unknownPerm" ) );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test adding non-existing permission to a profile
+ try
+ {
+ ctx.modifyAttributes(
+ "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.ADD_ATTRIBUTE,
+ new BasicAttributes( "grants", "unknownPerm" ) );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test adding non-existing role to a profile
+ try
+ {
+ ctx.modifyAttributes(
+ "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.ADD_ATTRIBUTE,
+ new BasicAttributes( "roles", "unknownRole" ) );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+ }
+
+
+ private void _testAdd( String rn, String siblingRN, String parentRN, Attributes entry ) throws NamingException
+ {
+ try
+ {
+ ctx.bind( rn + ", dc=example,dc=com", null, entry );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ try
+ {
+ ctx.bind( rn + ", ou=applications, dc=example,dc=com", null, entry );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ try
+ {
+ ctx.bind( rn + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ Attributes wrongEntry = ( Attributes ) entry.clone();
+ wrongEntry.put( "objectClass", "top" ); // Remove other classes
+
+ try
+ {
+ ctx.bind( rn + ", " + siblingRN + ", " + parentRN
+ + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, wrongEntry );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ ctx.bind( rn + ", " + parentRN + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry );
+
+ try
+ {
+ ctx.bind( rn + ", " + siblingRN + ", " + parentRN
+ + ", appName=mockApplication, ou=applications, dc=example,dc=com", null, entry );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ }
+
+
+ public void testDelete() throws Exception
+ {
+ // Test deleting non-policy entries
+ ctx.unbind( "uid=akarasulu, ou=Users, dc=example,dc=com" );
+
+ // Test deleting permissions not in use
+ ctx.unbind( "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+
+ // Test deleting roles not in use
+ ctx.unbind( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+
+ // Test deleting permissions in use
+ try
+ {
+ ctx.unbind( "permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test deleting roles in use
+ try
+ {
+ ctx.unbind( "roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test deleting profiles (should be deleted without any confirmation)
+ ctx.unbind( "profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ }
+
+
+ public void testModify1() throws Exception
+ {
+ // Test modifications on non-policy entry
+ ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", DirContext.ADD_ATTRIBUTE,
+ new BasicAttributes( "telephonenumber", "+1 904 982 6888" ) );
+ ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", DirContext.REMOVE_ATTRIBUTE,
+ new BasicAttributes( "telephonenumber", "+1 904 982 6888" ) );
+
+ // Test modifications on permissions
+
+ // test attribute is not a valid schema defined attribute
+
+ // ctx.modifyAttributes(
+ // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttributes( "test", "test" ) );
+ // ctx.modifyAttributes(
+ // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "test", "test" ) );
+ // try
+ // {
+ // ctx.modifyAttributes(
+ // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "objectclass", "policyPermission" ) );
+ // Assert.fail();
+ // }
+ // catch( SchemaViolationException e )
+ // {
+ // // OK
+ // }
+ ctx.modifyAttributes(
+ "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+ ctx.modifyAttributes(
+ "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+
+ // Test modifications on roles
+ // ctx.modifyAttributes(
+ // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttributes( "test", "test" ) );
+ // ctx.modifyAttributes(
+ // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "test", "test" ) );
+ // try
+ // {
+ // ctx.modifyAttributes(
+ // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "objectclass", "policyRole" ) );
+ // Assert.fail();
+ // }
+ // catch( SchemaViolationException e )
+ // {
+ // // OK
+ // }
+ ctx.modifyAttributes( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.ADD_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+ ctx.modifyAttributes( "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "objectclass", "inetOrgPerson" ) );
+
+ // Test modifications on profiles
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttributes( "test", "test" ) );
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "test", "test" ) );
+ // try
+ // {
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "objectclass", "policyProfile" ) );
+ // Assert.fail();
+ // }
+ // catch( SchemaViolationException e )
+ // {
+ // // OK
+ // }
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttributes( "objectclass", "test" ) );
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttributes( "objectclass", "test" ) );
+ }
+
+
+ public void testModify2() throws Exception
+ {
+ // Test modifications on non-policy entry
+ ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com",
+ new ModificationItem[]
+ { new ModificationItem( DirContext.ADD_ATTRIBUTE, new BasicAttribute( "telephonenumber",
+ "+1 904 982 6888" ) ) } );
+ ctx.modifyAttributes( "uid=akarasulu, ou=Users, dc=example,dc=com", new ModificationItem[]
+ { new ModificationItem( DirContext.REMOVE_ATTRIBUTE, new BasicAttribute( "telephonenumber",
+ "+1 904 982 6888" ) ) } );
+
+ // Test modifications on permissions
+ // ctx.modifyAttributes(
+ // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttribute( "test", "test" ) )
+ // } );
+ // ctx.modifyAttributes(
+ // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttribute( "test", "test" ) )
+ // } );
+ // try
+ // {
+ // ctx.modifyAttributes(
+ // "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttribute( "objectclass", "policyPermission" ) )
+ // } );
+ // Assert.fail();
+ // }
+ // catch( SchemaViolationException e )
+ // {
+ // // OK
+ // }
+ /* This test doesn't work thanks to ApacheDS bug.
+ ctx.modifyAttributes(
+ "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ new ModificationItem[] {
+ new ModificationItem(
+ DirContext.ADD_ATTRIBUTE,
+ new BasicAttribute( "objectclass", "unknown" ) )
+ } );
+ ctx.modifyAttributes(
+ "permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example",
+ new ModificationItem[] {
+ new ModificationItem(
+ DirContext.REMOVE_ATTRIBUTE,
+ new BasicAttribute( "objectclass", "unknown" ) )
+ } );
+ */
+
+ // Test modifications on roles
+ // ctx.modifyAttributes(
+ // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttribute( "test", "test" ) )
+ // } );
+ // ctx.modifyAttributes(
+ // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttribute( "test", "test" ) )
+ // } );
+ // try
+ // {
+ // ctx.modifyAttributes(
+ // "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttribute( "objectclass", "policyRole" ) )
+ // } );
+ // Assert.fail();
+ // }
+ // catch( SchemaViolationException e )
+ // {
+ // // OK
+ // }
+ /* This test doesn't work thanks to ApacheDS bug.
+ ctx.modifyAttributes(
+ "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ new ModificationItem[] {
+ new ModificationItem(
+ DirContext.ADD_ATTRIBUTE,
+ new BasicAttribute( "objectclass", "test" ) )
+ } );
+ ctx.modifyAttributes(
+ "roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example",
+ new ModificationItem[] {
+ new ModificationItem(
+ DirContext.REMOVE_ATTRIBUTE,
+ new BasicAttribute( "objectclass", "test" ) )
+ } );
+ */
+
+ // Test modifications on profiles
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.ADD_ATTRIBUTE,
+ // new BasicAttribute( "test", "test" ) )
+ // } );
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttribute( "test", "test" ) )
+ // } );
+ // try
+ // {
+ // ctx.modifyAttributes(
+ // "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ // new ModificationItem[] {
+ // new ModificationItem(
+ // DirContext.REMOVE_ATTRIBUTE,
+ // new BasicAttribute( "objectclass", "policyProfile" ) )
+ // } );
+ // Assert.fail();
+ // }
+ // catch( SchemaViolationException e )
+ // {
+ // // OK
+ // }
+ /* This test doesn't work thanks to ApacheDS bug.
+ ctx.modifyAttributes(
+ "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ new ModificationItem[] {
+ new ModificationItem(
+ DirContext.ADD_ATTRIBUTE,
+ new BasicAttribute( "objectclass", "test" ) )
+ } );
+ ctx.modifyAttributes(
+ "uid=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example",
+ new ModificationItem[] {
+ new ModificationItem(
+ DirContext.REMOVE_ATTRIBUTE,
+ new BasicAttribute( "objectclass", "test" ) )
+ } );
+ */
+ }
+
+
+ public void testModifyRn() throws Exception
+ {
+ ctx.rename( "uid=akarasulu, ou=Users, dc=example,dc=com", "uid=akarasuluX, ou=Users, dc=example,dc=com" );
+
+ // Test renaming group entries
+ try
+ {
+ ctx.rename( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "ou=profilesX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ ctx.rename( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "ou=rolesX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "ou=permissionsX,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test renaming entries not in use
+ ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "permName=mockPermX, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "roleName=mockRoleX, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "profileId=mockProfileX, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+
+ // Test renaming entries in use
+ try
+ {
+ ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "permName=mockPermY, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "roleName=mockRoleY, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ }
+
+
+ public void testMove1() throws Exception
+ {
+ ctx.rename( "uid=akarasulu, ou=Users, dc=example,dc=com", "uid=akarasulu, dc=example,dc=com" );
+
+ // Test renaming group entries
+ try
+ {
+ ctx.rename( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "ou=profiles,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ ctx.rename( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "ou=roles,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ ctx.rename( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "ou=permissions,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test renaming entries not in use
+ ctx.rename( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "permName=mockPerm8, ou=applications,dc=example,dc=com" );
+ ctx.rename( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "roleName=mockRole0, ou=applications,dc=example,dc=com" );
+ ctx.rename( "profileId=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "profileId=mockProfile0, ou=applications,dc=example,dc=com" );
+
+ // Test renaming entries in use
+ try
+ {
+ ctx.rename( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "permName=mockPerm9, appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ ctx.rename( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com",
+ "roleName=mockRole1, appName=mockApplication,ou=applications,dc=example,dc=com" );
+ Assert.fail();
+ }
+ catch ( SchemaViolationException e )
+ {
+ // OK
+ }
+ }
+
+
+ /* This doesn't work thanks to ApacheDS problem
+ public void testMove2() throws Exception
+ {
+ InvocationStack.getInstance().push(
+ new Invocation(ctx, "move")
+ );
+
+ InterceptorChain chain = ContextFactoryService.getInstance().getConfiguration().getInterceptorChain();
+
+ chain.move(
+ new LdapName( "uid=akarasulu, ou=Users, dc=example,dc=com" ),
+ new LdapName( "dc=example,dc=com" ),
+ "uid=akarasuluX", true );
+
+ // Test renaming group entries
+ try
+ {
+ chain.move(
+ new LdapName( "ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "ou=applications,dc=example,dc=com" ),
+ "ou=profilesX", true );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ chain.move(
+ new LdapName( "ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "ou=applications,dc=example,dc=com" ),
+ "ou=rolesX", true );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ chain.move(
+ new LdapName( "ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "ou=applications,dc=example,dc=com" ),
+ "ou=permissionsX", true );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+
+ // Test renaming entries not in use
+ chain.move(
+ new LdapName( "permName=mockPerm8, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "ou=applications,dc=example,dc=com" ),
+ "permName=mockPermX", true );
+ chain.move(
+ new LdapName( "roleName=mockRole0, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "ou=applications,dc=example,dc=com" ),
+ "roleName=mockRoleX", true );
+ chain.move(
+ new LdapName( "uid=mockProfile0, ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "ou=applications,dc=example,dc=com" ),
+ "uid=mockProfileX", true );
+
+ // Test renaming entries in use
+ try
+ {
+ chain.move(
+ new LdapName( "permName=mockPerm9, ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ "permName=mockPermY", true);
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+ try
+ {
+ chain.move(
+ new LdapName( "roleName=mockRole1, ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ new LdapName( "appName=mockApplication,ou=applications,dc=example,dc=com" ),
+ "roleName=mockRoleY", true );
+ Assert.fail();
+ }
+ catch( SchemaViolationException e )
+ {
+ // OK
+ }
+ }
+ */
+
+ public static void main( String[] args )
+ {
+ junit.textui.TestRunner.run( PolicyProtectionInterceptorITest.class );
+ }
+
+}
Added: directory/trunks/triplesec/store/src/test/resources/interceptor.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/interceptor.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/resources/interceptor.ldif (added)
+++ directory/trunks/triplesec/store/src/test/resources/interceptor.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,393 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+#
+# EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+# http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+#
+
+#
+# This ACI allows brouse access to the root suffix and one level below that to anyone.
+# At this level there is nothing critical exposed. Everything that matters is one or
+# more levels below this.
+#
+
+dn: cn=browseRootAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { maximum 1 }
+prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } }
+
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+#
+# This ACI allows users to modify a limited set of attributes in their own user
+# entry as well as read, compare those attributes. The user's entry must be
+# browseable and the DN must be returnable.
+#
+
+dn: cn=allowSelfModificationsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+#
+# This ACI allows users to access a limited set of attributes in their own user
+# entry as well as compare those attributes. The user's entry must be browseable
+# and the DN must be returnable.
+#
+
+dn: cn=allowSelfAccessAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+dn: uid=akarasulu, ou=Users, dc=example, dc=com
+cn: Alex Karasulu
+sn: Karasulu
+givenname: Alex
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: extensibleObject
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Jacksonville
+uid: akarasulu
+krb5PrincipalName: akarasulu@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: akarasulu@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 666
+apacheSamType: 7
+safehausUid: akarasulu
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: maxwell
+
+dn: uid=lockedout, ou=Users, dc=example, dc=com
+cn: Risky
+sn: Lockedout
+givenname: Unlucky
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: DummyCity
+uid: lockedout
+krb5PrincipalName: lockedout@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: lockedout@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 699
+safehausUid: lockedout
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 101347012
+safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r
+safehausFailuresInEpoch: 20
+safehausResynchCount: -1
+safehausInfo: unlucky account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: asdfasdf
+
+dn: uid=erodriguez, ou=Users, dc=example, dc=com
+cn: Enrique Rodriguez
+sn: Rodriguez
+givenname: Enrique
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Boston
+uid: erodriguez
+krb5PrincipalName: erodriguez@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+safehausUid: erodriguez
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: noices
+
+dn: uid=krbtgt, ou=Users, dc=example, dc=com
+cn: Kerberos Server
+sn: Server
+givenname: Kerberos
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: kahuna
+
+dn: uid=hostssh, ou=Users, dc=example, dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/www.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: uid=hostssh2, ou=Users, dc=example, dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalunit
+ou: applications
+
+dn: appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyApplication
+appName: mockApplication
+userPassword:: dGVzdGluZw==
+
+dn: ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: permissions
+
+dn: permName=mockPerm0,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm0
+
+dn: permName=mockPerm1,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm1
+
+dn: permName=mockPerm2,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm2
+
+dn: permName=mockPerm3,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm3
+
+dn: permName=mockPerm4,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm4
+
+dn: permName=mockPerm5,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm5
+
+dn: permName=mockPerm6,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm6
+
+dn: permName=mockPerm7,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm7
+
+dn: permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm8
+
+dn: permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm9
+
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
+dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: policyRole
+objectClass: top
+roleName: mockRole0
+
+dn: roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm0
+roleName: mockRole1
+
+dn: roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm1
+roleName: mockRole2
+
+dn: roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm3
+grants: mockPerm2
+roleName: mockRole3
+
+dn: roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm9
+grants: mockPerm7
+grants: mockPerm6
+grants: mockPerm5
+grants: mockPerm4
+roleName: mockRole4
+
+dn: ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: profiles
+
+dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+profileId: mockProfile0
+user: akarasulu
+
+dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+user: akarasulu
+profileId: mockProfile1
+roles: mockRole2
+roles: mockRole1
+
+dn: profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+profileId: mockProfile2
+grants: mockPerm0
+user: akarasulu
+roles: mockRole2
+
+dn: profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+grants: mockPerm7
+grants: mockPerm0
+profileId: mockProfile3
+user: akarasulu
+roles: mockRole3
+
+dn: uid=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example, dc=com
+objectClass: top
+objectClass: policyProfile
+denials: mockPerm7
+grants: mockPerm0
+roles: mockRole4
+roles: mockRole3
+user: akarasulu
+profileId: mockProfile4
+
Added: directory/trunks/triplesec/store/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/log4j.properties?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/resources/log4j.properties (added)
+++ directory/trunks/triplesec/store/src/test/resources/log4j.properties Tue Dec 12 07:23:31 2006
@@ -0,0 +1,6 @@
+log4j.rootCategory=ERROR, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
+
Added: directory/trunks/triplesec/store/src/test/resources/safehaus.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/store/src/test/resources/safehaus.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/store/src/test/resources/safehaus.ldif (added)
+++ directory/trunks/triplesec/store/src/test/resources/safehaus.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,203 @@
+# -------------------------------------------------------------------
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+# EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+# http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+# -------------------------------------------------------------------
+#
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+dn: uid=akarasulu, ou=Users, dc=example,dc=com
+cn: Alex Karasulu
+sn: Karasulu
+givenname: Alex
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: extensibleObject
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Jacksonville
+uid: akarasulu
+krb5PrincipalName: akarasulu@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: akarasulu@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 666
+apacheSamType: 7
+safehausUid: akarasulu
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy:sms
+userpassword: maxwell
+
+dn: uid=lockedout, ou=Users, dc=example,dc=com
+cn: Risky
+sn: Lockedout
+givenname: Unlucky
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: DummyCity
+uid: lockedout
+krb5PrincipalName: lockedout@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: lockedout@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 699
+safehausUid: lockedout
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 101347012
+safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r
+safehausFailuresInEpoch: 20
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausNotifyBy:sms
+safehausInfo: unlucky account
+userpassword: asdfasdf
+
+dn: uid=erodriguez, ou=Users, dc=example,dc=com
+cn: Enrique Rodriguez
+sn: Rodriguez
+givenname: Enrique
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Boston
+uid: erodriguez
+krb5PrincipalName: erodriguez@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+safehausUid: erodriguez
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausNotifyBy:sms
+safehausInfo: test account
+userpassword: noices
+
+dn: uid=krbtgt, ou=Users, dc=example,dc=com
+cn: Kerberos Server
+sn: Server
+givenname: Kerberos
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: kahuna
+
+dn: uid=hostssh, ou=Users, dc=example,dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/www.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: uid=hostssh2, ou=Users, dc=example,dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
Added: directory/trunks/triplesec/swing-admin/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/swing-admin/pom.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/swing-admin/pom.xml (added)
+++ directory/trunks/triplesec/swing-admin/pom.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.safehaus.triplesec</groupId>
+ <artifactId>build</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>triplesec-swing-admin</artifactId>
+ <name>Triplesec Admin App (Swing Based)</name>
+ <description>
+ A Swing based administration application for Triplesec server.
+ </description>
+ <packaging>jar</packaging>
+ <dependencies>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-main</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-integration</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-admin-api</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-guardian-ldap</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>nlog4j</artifactId>
+ <version>1.2.25</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-ldap</artifactId>
+ <version>0.9.5.3-SNAPSHOT</version>
+ </dependency>
+
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>2.0.2</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.activation</groupId>
+ <artifactId>activation</artifactId>
+ <version>1.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>1.4</version>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <archive>
+ <manifestFile>src/main/manifest/MANIFEST.MF</manifestFile>
+ <manifest>
+ <mainClass>org.safehaus.triplesec.admin.swing.AdminFrame</mainClass>
+ </manifest>
+ </archive>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <profiles>
+ <profile>
+ <id>default</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>settingsFile</name>
+ <value>${basedir}/target/settingsFile</value>
+ </property>
+ </systemProperties>
+ <excludes>
+ <!-- Do not run this test since it never exists -->
+ <exclude>**/LaunchAdminFrame.java</exclude>
+ <!-- Avoid normal integration tests -->
+ <exclude>**/*ITest.java</exclude>
+ <exclude>**/*IntegrationTest.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>integration</id>
+ <activation>
+ <property><name>integration</name></property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>settingsFile</name>
+ <value>${basedir}/target/settingsFile</value>
+ </property>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ </systemProperties>
+ <excludes>
+ <!-- Do not run this test since it never exists -->
+ <exclude>**/LaunchAdminFrame.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>ui</id>
+ <activation>
+ <property><name>ui</name></property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <forkMode>pertest</forkMode>
+ <argLine>
+ -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
+ </argLine>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ <property>
+ <name>serverConfigurationPath</name>
+ <value>${basedir}/target/serverHome</value>
+ </property>
+ </systemProperties>
+ <includes>
+ <include>**/LaunchAdminFrame.java</include>
+ </includes>
+ <excludes>
+ <exclude>**/*Test.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+</project>