1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17 package org.apache.jetspeed.security;
18
19 import java.util.ArrayList;
20 import java.util.Iterator;
21 import java.util.List;
22
23 import junit.framework.Test;
24 import junit.framework.TestSuite;
25
26 import org.apache.jetspeed.security.impl.AuthenticationProviderImpl;
27 import org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl;
28 import org.apache.jetspeed.security.impl.GroupManagerImpl;
29 import org.apache.jetspeed.security.impl.LoginModuleProxyImpl;
30 import org.apache.jetspeed.security.impl.RoleManagerImpl;
31 import org.apache.jetspeed.security.impl.SecurityProviderImpl;
32 import org.apache.jetspeed.security.impl.UserManagerImpl;
33 import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
34
35 /***
36 * <p>
37 * Unit testing for {@link TestAuthenticationProviderProxy}.
38 * </p>
39 *
40 * TODO Needs an LDAP server configured for most of those tests to be valid.
41 * Commented until embedded ldap is supported.
42 *
43 * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
44 */
45 public class TestAuthenticationProviderProxy extends AbstractSecurityTestcase
46 {
47 int userCount = 0;
48 int usersAdded = 0;
49
50 /***
51 * @see junit.framework.TestCase#setUp()
52 */
53 protected void setUp() throws Exception
54 {
55 super.setUp();
56 destroyTestData();
57
58 // The LDAP user security handler.
59 // is supported.
60 // UserSecurityHandler ldapUsh = new LdapUserSecurityHandler();
61 // The LDAP credential handler.
62 // CredentialHandler ldapCh = new LdapCredentialHandler();
63
64 // Security Providers.
65 AuthenticationProvider defaultAtnProvider = new AuthenticationProviderImpl("DefaultAuthenticator",
66 "The default authenticator", "login.conf", ch, ush);
67 // AuthenticationProvider ldapAtnProvider = new
68 // AuthenticationProviderImpl("LdapAuthenticator", "The ldap
69 // authenticator", ldapCh, ldapUsh);
70
71 List atnProviders = new ArrayList();
72 atnProviders.add(defaultAtnProvider);
73 // atnProviders.add(ldapAtnProvider);
74 AuthenticationProviderProxy atnProviderProxy = new AuthenticationProviderProxyImpl(atnProviders,
75 "DefaultAuthenticator");
76
77 // Need to override the AbstractSecurityTestcase behavior.
78 securityProvider = new SecurityProviderImpl(atnProviderProxy, rsh, gsh, smh);
79 ums = new UserManagerImpl(securityProvider);
80 gms = new GroupManagerImpl(securityProvider);
81 rms = new RoleManagerImpl(securityProvider);
82
83 // Login module.
84 new LoginModuleProxyImpl(ums);
85 }
86
87 /***
88 * @see junit.framework.TestCase#tearDown()
89 */
90 public void tearDown() throws Exception
91 {
92 destroyTestData();
93 super.tearDown();
94 }
95
96 public static Test suite()
97 {
98 return new TestSuite(TestAuthenticationProviderProxy.class);
99 }
100
101 /***
102 * <p>
103 * Test user manager.
104 * </p>
105 */
106 public void testUserManager()
107 {
108 initTestData();
109
110 try
111 {
112 // Get user.
113 // From LDAP.
114 // ldap is supported.
115 // User user = ums.getUser("ldap1");
116 // assertNotNull(user);
117 // assertEquals("ldap1",
118 // SecurityHelper.getPrincipal(user.getSubject(),
119 // UserPrincipal.class).getName());
120
121 // From RDBMS.
122 User user = ums.getUser("anonuser1");
123 assertNotNull(user);
124 assertEquals("anonuser1", SecurityHelper.getPrincipal(user.getSubject(), UserPrincipal.class).getName());
125
126 // Authenticate.
127 // From Ldap.
128 // assertTrue(ums.authenticate("ldap2", "password"));
129 // assertFalse(ums.authenticate("ldap3", "pword"));
130
131 // From RDBMS.
132 assertTrue(ums.authenticate("anonuser2", "password"));
133 assertFalse(ums.authenticate("anonuser3", "pword"));
134
135 // Get all users. 5 rdbms users + 3 ldap users.
136 Iterator users = ums.getUsers("");
137 int count = 0;
138 while (users.hasNext())
139 {
140 users.next();
141 count++;
142 }
143
144 // assertEquals(8, count);
145
146 assertEquals(userCount + usersAdded, count);
147 }
148 catch (SecurityException sex)
149 {
150 assertTrue("security exception caught: " + sex, false);
151 }
152
153 destroyTestData();
154 }
155
156 /***
157 * <p>
158 * Test role manager.
159 * </p>
160 */
161 /*
162 public void testRoleManager()
163 {
164 initTestData();
165
166 try
167 {
168 // Add user to role.
169 // Mapping only.
170 rms.addRoleToUser("ldap1", "testrole1.subrole1");
171 // Get role mapping.
172 Collection roles = rms.getRolesForUser("ldap1");
173 assertNotNull(roles);
174 // Given the hierarchy resolution. Should contain 2 roles.
175 assertEquals("should contain 2 roles", 2, roles.size());
176
177 // Is user in roles?
178 assertTrue(rms.isUserInRole("ldap1", "testrole1"));
179 assertTrue(rms.isUserInRole("ldap1", "testrole1.subrole1"));
180
181 // Remove role mapping.
182 rms.removeRoleFromUser("ldap1", "testrole1.subrole1");
183 // Get role mapping.
184 roles = rms.getRolesForUser("ldap1");
185 assertNotNull(roles);
186 assertEquals("should not contain any role", 0, roles.size());
187
188 // The mapping entry should be gone.
189 assertNull(securityAccess.getInternalUserPrincipal("ldap1", true));
190
191 // Is user in roles?
192 assertFalse(rms.isUserInRole("ldap1", "testrole1"));
193 assertFalse(rms.isUserInRole("ldap1", "testrole1.subrole1"));
194 }
195 catch (SecurityException sex)
196 {
197 assertTrue("security exception caught: " + sex, false);
198 }
199
200 destroyTestData();
201 }
202 */
203
204 /***
205 * <p>
206 * Test group manager.
207 * </p>
208 */
209 /*
210 public void testGroupManager()
211 {
212 initTestData();
213
214 try
215 {
216 // Add user to group.
217 // Mapping only.
218 gms.addUserToGroup("ldap1", "testgroup1.subgroup1");
219 // Get group mapping.
220 Collection groups = gms.getGroupsForUser("ldap1");
221 assertNotNull(groups);
222 // Given the hierarchy resolution. Should contain 2 groups.
223 assertEquals("should contain 2 groups", 2, groups.size());
224
225 // Is user in groups?
226 assertTrue(gms.isUserInGroup("ldap1", "testgroup1"));
227 assertTrue(gms.isUserInGroup("ldap1", "testgroup1.subgroup1"));
228
229 // Remove group mapping.
230 gms.removeUserFromGroup("ldap1", "testgroup1.subgroup1");
231 // Get group mapping.
232 groups = gms.getGroupsForUser("ldap1");
233 assertNotNull(groups);
234 assertEquals("should not contain any group", 0, groups.size());
235
236 // The mapping entry should be gone.
237 assertNull(securityAccess.getInternalUserPrincipal("ldap1", true));
238
239 // Is user in groups?
240 assertFalse(gms.isUserInGroup("ldap1", "testgroup1"));
241 assertFalse(gms.isUserInGroup("ldap1", "testgroup1.subgroup1"));
242 }
243 catch (SecurityException sex)
244 {
245 assertTrue("security exception caught: " + sex, false);
246 }
247
248 destroyTestData();
249 }
250 */
251
252 /***
253 * <p>
254 * Init test data.
255 * </p>
256 */
257 private void initTestData()
258 {
259 final String[] users = new String[] { "anonuser1", "anonuser2", "anonuser3", "anonuser4", "anonuser5", };
260 final String[] roles = new String[] { "testrole1", "testrole1.subrole1", "testrole1.subrole1.subrole2",
261 "testrole2", "testrole2.subrole1" };
262 final String[] groups = new String[] { "testgroup1", "testgroup1.subgroup1", "testgroup1.subgroup1.subgroup2",
263 "testgroup2", "testgroup2.subgroup1" };
264
265
266 //before we adding users make sure we know how mnay we have
267 try
268 {
269 Iterator it = ums.getUsers("");
270 userCount = 0;
271 while (it.hasNext())
272 {
273 it.next();
274 userCount++;
275 }
276 }
277 catch (Exception e)
278 {
279
280 }
281
282 usersAdded = 0;
283 for (int i = 0; i < users.length; i++)
284 {
285 try
286 {
287 ums.addUser(users[i], "password");
288 usersAdded++;
289 }
290 catch (SecurityException e)
291 {
292 System.err.println(e.toString());
293 }
294 }
295
296 for (int i = 0; i < roles.length; i++)
297 {
298 try
299 {
300 rms.addRole(roles[i]);
301 }
302 catch (SecurityException e)
303 {
304 System.err.println(e.toString());
305 }
306 }
307
308 for (int i = 0; i < groups.length; i++)
309 {
310 try
311 {
312 gms.addGroup(groups[i]);
313 }
314 catch (SecurityException e)
315 {
316 System.err.println(e.toString());
317 }
318 }
319 }
320
321 /***
322 * <p>
323 * Destroy test data.
324 * </p>
325 */
326 private void destroyTestData()
327 {
328 try
329 {
330 Iterator userIter = ums.getUsers("");
331 User user;
332 String userName;
333 while (userIter.hasNext())
334 {
335 user = (User) userIter.next();
336 userName = SecurityHelper.getPrincipal(user.getSubject(), UserPrincipal.class).getName();
337 if (!userName.equals(ums.getAnonymousUser()))
338 {
339 ums.removeUser(userName);
340 }
341 }
342 }
343 catch (SecurityException e)
344 {
345 System.err.println(e.toString());
346 }
347
348 final String[] roles = new String[] { "testrole1", "testrole1.subrole1", "testrole1.subrole1.subrole2",
349 "testrole2", "testrole2.subrole1" };
350 final String[] groups = new String[] { "testgroup1", "testgroup1.subgroup1", "testgroup1.subgroup1.subgroup2",
351 "testgroup2", "testgroup2.subgroup1" };
352
353 for (int i = 0; i < roles.length; i++)
354 {
355 try
356 {
357 rms.removeRole(roles[i]);
358 }
359 catch (SecurityException e)
360 {
361 System.err.println(e.toString());
362 }
363 }
364
365 for (int i = 0; i < groups.length; i++)
366 {
367 try
368 {
369 gms.removeGroup(groups[i]);
370 }
371 catch (SecurityException e)
372 {
373 System.err.println(e.toString());
374 }
375 }
376 }
377 }