1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security.spi.ldap;
18
19
20 import java.util.Set;
21
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.apache.jetspeed.security.GroupPrincipal;
25 import org.apache.jetspeed.security.RolePrincipal;
26 import org.apache.jetspeed.security.SecurityException;
27 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
28 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
29 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
30 import org.apache.jetspeed.security.spi.SecurityMappingHandler;
31
32 /***
33 * <p>
34 * Test the LDAP implementation for the {@link SecurityMappingHandler}.
35 * </p>
36 *
37 * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a href="dlestrat@apache.org">David Le Strat</a>
38 */
39 public class TestLdapSecurityMappingHandler extends AbstractLdapTest
40 {
41 /*** The logger. */
42 private static final Log logger = LogFactory.getLog(TestLdapSecurityMappingHandler.class);
43
44 /*** The group principal for gpUid1. */
45 private GroupPrincipal gp1;
46
47 /*** The group principal for gpUid2. */
48 private GroupPrincipal gp2;
49
50 /*** The role principal for gpUid1. */
51 private RolePrincipal ro1;
52
53 /*** The role principal for gpUid2. */
54 private RolePrincipal ro2;
55
56 /***
57 * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#setUp()
58 */
59 protected void setUp() throws Exception
60 {
61 super.setUp();
62 gp1 = new GroupPrincipalImpl(gpUid1);
63 gp2 = new GroupPrincipalImpl(gpUid2);
64 LdapDataHelper.seedGroupData(gpUid1);
65 LdapDataHelper.seedGroupData(gpUid2);
66
67 ro1 = new RolePrincipalImpl(roleUid1);
68 ro2 = new RolePrincipalImpl(roleUid2);
69 LdapDataHelper.seedRoleData(roleUid1);
70 LdapDataHelper.seedRoleData(roleUid2);
71
72 LdapDataHelper.seedUserData(uid1, password);
73 LdapDataHelper.seedUserData(uid2, password);
74 }
75
76 /***
77 * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#tearDown()
78 */
79 protected void tearDown() throws Exception
80 {
81 super.tearDown();
82 LdapDataHelper.removeGroupData(gpUid1);
83 LdapDataHelper.removeGroupData(gpUid2);
84 LdapDataHelper.removeUserData(uid1);
85 LdapDataHelper.removeUserData(uid2);
86 LdapDataHelper.removeRoleData(roleUid1);
87 LdapDataHelper.removeRoleData(roleUid2);
88 }
89
90 /***
91 * Adds 2 users to a group and checks their presence in the group
92 *
93 * @throws Exception
94 */
95 public void testGetUserPrincipalsInGroup() throws Exception
96 {
97 secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
98 secHandler.setUserPrincipalInGroup(uid2, gp1.getName());
99 String fullPathName = new GroupPrincipalImpl(gpUid1).getName();
100 logger.debug("Group full path name from testGetUserPrincipalsInGroup()[" + fullPathName + "]");
101 Set userPrincipals = secHandler.getUserPrincipalsInGroup(fullPathName);
102 assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
103 assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
104
105 assertEquals("The user should have been in two groups.", 2, userPrincipals.size());
106 }
107
108
109
110 /***
111 * Adds 1 user to 2 groups, and checks its presence in both groups
112 * @throws Exception
113 */
114 public void testSetUserPrincipalInGroup() throws Exception
115 {
116 secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
117 secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
118
119 assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size());
120
121 }
122
123
124 /***
125 * Adds 1 user to 2 groups, and checks its presence in both groups
126 * @throws Exception
127 */
128 public void testGetUserPrincipalInGroup() throws Exception
129 {
130 secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
131 secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
132 secHandler.setUserPrincipalInRole(uid1, ro1.getName());
133 assertEquals(2, secHandler.getGroupPrincipals(uid1).size());
134 }
135
136 /***
137 * @throws Exception
138 */
139 public void testRemoveUserPrincipalInGroup() throws Exception
140 {
141 secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
142 secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
143
144 assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size());
145
146 secHandler.removeUserPrincipalInGroup(uid1, gp2.getName());
147 assertEquals("The user should have been in one groups.", 1, secHandler.getGroupPrincipals(uid1).size());
148
149 secHandler.removeUserPrincipalInGroup(uid1, gp1.getName());
150 assertEquals("The user should have been in two groups.", 0, secHandler.getGroupPrincipals(uid1).size());
151 }
152
153 /***
154 * @throws Exception
155 */
156 public void testSetUserPrincipalInGroupForNonExistantUser() throws Exception
157 {
158 try
159 {
160 secHandler.setUserPrincipalInGroup(Integer.toString(rand.nextInt()), gpUid1);
161 fail("Trying to associate a group with a non-existant user should have thrown a SecurityException.");
162
163 }
164 catch (Exception e)
165 {
166 assertTrue("Trying to associate a group with a non-existant user should have thrown a SecurityException.",
167 e instanceof SecurityException);
168 }
169 }
170
171 /***
172 * @throws Exception
173 */
174 public void testSetUserPrincipalInGroupForNonExistantGroup() throws Exception
175 {
176 try
177 {
178 secHandler.setUserPrincipalInGroup(uid1, Integer.toString(rand.nextInt()));
179 fail("Trying to associate a user with a non-existant group should have thrown a SecurityException.");
180
181 }
182 catch (Exception e)
183 {
184 assertTrue("Trying to associate a user with a non-existant group should have thrown a SecurityException.",
185 e instanceof SecurityException);
186 }
187 }
188
189 /***
190 * Adds 2 users to a group and checks their presence in the group
191 *
192 * @throws Exception
193 */
194 public void testGetUserPrincipalsInRole() throws Exception
195 {
196 secHandler.setUserPrincipalInRole(uid1, ro1.getName());
197 secHandler.setUserPrincipalInRole(uid2, ro1.getName());
198
199 String fullPathName = new RolePrincipalImpl(roleUid1).getName();
200 logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
201 Set userPrincipals = secHandler.getUserPrincipalsInRole(fullPathName);
202 assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
203 assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
204 assertEquals("The user should have been in two roles.", 2, userPrincipals.size());
205 }
206
207 /***
208 * Adds 2 users to a group and checks their presence in the group
209 *
210 * @throws Exception
211 */
212 public void testGetRolePrincipalInGroup() throws Exception
213 {
214 secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
215 secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
216 secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
217
218
219 String fullPathName = new RolePrincipalImpl(roleUid1).getName();
220 logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
221 assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
222 assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
223 }
224
225 /***
226 * Adds 2 roles + 1 user to a group and checks their presence in the group.
227 *
228 * @throws Exception
229 */
230 public void testGetRolePrincipalInGroupWithUsersInIt() throws Exception
231 {
232 secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
233 secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
234 secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
235 secHandler.setUserPrincipalInGroup(uid1,gpUid1);
236
237
238 String fullPathName = new RolePrincipalImpl(roleUid1).getName();
239 logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
240 assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
241 assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
242 }
243
244
245 /***
246 * Adds 2 users to a group and checks their presence in the group
247 *
248 * @throws Exception
249 */
250 public void testGetRolePrincipalInGroup2() throws Exception
251 {
252 secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
253 secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
254 secHandler.setUserPrincipalInRole(uid1, ro1.getName());
255 secHandler.setUserPrincipalInRole(uid1, ro2.getName());
256 String fullPathName = new RolePrincipalImpl(gpUid1).getName();
257 logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
258 assertEquals("The group should have contained 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid1)
259 .size());
260 assertEquals("The group should have contained 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid1)
261 .size());
262
263 }
264
265 /***
266 * Adds 1 user to 2 roles, and checks its presence in both roles
267 * @throws Exception
268 */
269 public void testSetUserPrincipalInRole() throws Exception
270 {
271 secHandler.setUserPrincipalInRole(uid1, ro1.getName());
272 secHandler.setUserPrincipalInRole(uid1, ro2.getName());
273 Set rolePrinciples = secHandler.getRolePrincipals(uid1);
274 assertEquals("The user should have been in two roles.", 2, rolePrinciples.size());
275 assertTrue(rolePrinciples.contains(ro1));
276 assertTrue(rolePrinciples.contains(ro2));
277
278 }
279
280 /***
281 * Adds 1 user to 2 roles & 1 group, and checks its presence in both roles
282 * @throws Exception
283 */
284 public void testSetUserPrincipalInRole2() throws Exception
285 {
286 secHandler.setUserPrincipalInRole(uid1, ro1.getName());
287 secHandler.setUserPrincipalInRole(uid1, ro2.getName());
288 secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
289 Set rolePrinciples = secHandler.getRolePrincipals(uid1);
290 assertEquals("The user should have been in two roles.", 2, rolePrinciples.size());
291 assertTrue(rolePrinciples.contains(ro1));
292 assertTrue(rolePrinciples.contains(ro2));
293
294 }
295
296 /***
297 * @throws Exception
298 */
299 public void testRemoveUserPrincipalInRole() throws Exception
300 {
301 secHandler.setUserPrincipalInRole(uid1, ro1.getName());
302 secHandler.setUserPrincipalInRole(uid1, ro2.getName());
303 assertEquals("The user should have been in two roles.", 2, secHandler.getRolePrincipals(uid1).size());
304
305 secHandler.removeUserPrincipalInRole(uid1, ro1.getName());
306 assertEquals("The user should have been in one roles.", 1, secHandler.getRolePrincipals(uid1).size());
307
308 secHandler.removeUserPrincipalInRole(uid1, ro2.getName());
309 assertEquals("The user should have been in zero roles.", 0, secHandler.getRolePrincipals(uid1).size());
310 }
311
312
313 /***
314 * @throws Exception
315 */
316 public void testRemoveRolePrincipalInGroup() throws Exception
317 {
318 secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
319 secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
320 assertEquals("The role should have been in two groups.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
321
322 secHandler.removeRolePrincipalInGroup(gpUid1,ro1.getName());
323 assertEquals("The role should have been in one group.", 1, secHandler.getRolePrincipalsInGroup(gpUid1).size());
324
325 secHandler.removeRolePrincipalInGroup(gpUid1, ro2.getName());
326 assertEquals("The role should have been in 0 roles.", 0, secHandler.getRolePrincipalsInGroup(gpUid1).size());
327 }
328
329
330 /***
331 * @throws Exception
332 */
333 public void testSetUserPrincipalInRoleForNonExistantUser() throws Exception
334 {
335 try
336 {
337 secHandler.setUserPrincipalInRole(Integer.toString(rand.nextInt()), roleUid1);
338 fail("Trying to associate a role with a non-existant user should have thrown a SecurityException.");
339
340 }
341 catch (Exception e)
342 {
343 assertTrue("Trying to associate a role with a non-existant user should have thrown a SecurityException.",
344 e instanceof SecurityException);
345 }
346 }
347
348 /***
349 * @throws Exception
350 */
351 public void testSetUserPrincipalInRoleForNonExistantRole() throws Exception
352 {
353 try
354 {
355 secHandler.setUserPrincipalInRole(uid1, Integer.toString(rand.nextInt()));
356 fail("Trying to associate a user with a non-existant role should have thrown a SecurityException.");
357
358 }
359 catch (Exception e)
360 {
361 assertTrue("Trying to associate a user with a non-existant role should have thrown a SecurityException.",
362 e instanceof SecurityException);
363 }
364 }
365 }