1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security.spi.ldap;
18  
19  
20  import java.util.Set;
21  
22  import org.apache.commons.logging.Log;
23  import org.apache.commons.logging.LogFactory;
24  import org.apache.jetspeed.security.GroupPrincipal;
25  import org.apache.jetspeed.security.RolePrincipal;
26  import org.apache.jetspeed.security.SecurityException;
27  import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
28  import org.apache.jetspeed.security.impl.RolePrincipalImpl;
29  import org.apache.jetspeed.security.impl.UserPrincipalImpl;
30  import org.apache.jetspeed.security.spi.SecurityMappingHandler;
31  
32  /***
33   * <p>
34   * Test the LDAP implementation for the {@link SecurityMappingHandler}.
35   * </p>
36   * 
37   * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a href="dlestrat@apache.org">David Le Strat</a>  
38   */
39  public class TestLdapSecurityMappingHandler extends AbstractLdapTest
40  {
41      /*** The logger. */
42      private static final Log logger = LogFactory.getLog(TestLdapSecurityMappingHandler.class);
43  
44      /*** The group principal for gpUid1. */
45      private GroupPrincipal gp1;
46      
47      /*** The group principal for gpUid2. */
48      private GroupPrincipal gp2;
49      
50      /*** The role principal for gpUid1. */
51      private RolePrincipal ro1;
52      
53      /*** The role principal for gpUid2. */
54      private RolePrincipal ro2;    
55  
56      /***
57       * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#setUp()
58       */
59      protected void setUp() throws Exception
60      {
61          super.setUp();
62          gp1 = new GroupPrincipalImpl(gpUid1);
63          gp2 = new GroupPrincipalImpl(gpUid2);
64          LdapDataHelper.seedGroupData(gpUid1);
65          LdapDataHelper.seedGroupData(gpUid2);
66          
67          ro1 = new RolePrincipalImpl(roleUid1);
68          ro2 = new RolePrincipalImpl(roleUid2);        
69          LdapDataHelper.seedRoleData(roleUid1);
70          LdapDataHelper.seedRoleData(roleUid2);
71                  
72          LdapDataHelper.seedUserData(uid1, password);
73          LdapDataHelper.seedUserData(uid2, password);
74      }
75  
76      /***
77       * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#tearDown()
78       */
79      protected void tearDown() throws Exception
80      {
81          super.tearDown();
82          LdapDataHelper.removeGroupData(gpUid1);
83          LdapDataHelper.removeGroupData(gpUid2);
84          LdapDataHelper.removeUserData(uid1);
85          LdapDataHelper.removeUserData(uid2);
86          LdapDataHelper.removeRoleData(roleUid1);
87          LdapDataHelper.removeRoleData(roleUid2);
88      }
89  
90      /***
91       * Adds 2 users to a group and checks their presence in the group
92       * 
93       * @throws Exception
94       */
95      public void testGetUserPrincipalsInGroup() throws Exception
96      {
97          secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
98          secHandler.setUserPrincipalInGroup(uid2, gp1.getName());
99          String fullPathName = new GroupPrincipalImpl(gpUid1).getName();
100         logger.debug("Group full path name from testGetUserPrincipalsInGroup()[" + fullPathName + "]");
101         Set userPrincipals = secHandler.getUserPrincipalsInGroup(fullPathName);
102         assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
103         assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
104         
105         assertEquals("The user should have been in two groups.", 2, userPrincipals.size());
106     }
107     
108 
109 
110     /***
111      * Adds 1 user to 2 groups, and checks its presence in both groups
112      * @throws Exception
113      */
114     public void testSetUserPrincipalInGroup() throws Exception
115     {
116         secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
117         secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
118 
119         assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size());
120         
121     }
122     
123 
124     /***
125      * Adds 1 user to 2 groups, and checks its presence in both groups
126      * @throws Exception
127      */
128     public void testGetUserPrincipalInGroup() throws Exception
129     {
130         secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
131         secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
132         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
133         assertEquals(2, secHandler.getGroupPrincipals(uid1).size());
134     }    
135 
136     /***
137      * @throws Exception
138      */
139     public void testRemoveUserPrincipalInGroup() throws Exception
140     {
141         secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
142         secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
143 
144         assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size());
145 
146         secHandler.removeUserPrincipalInGroup(uid1, gp2.getName());
147         assertEquals("The user should have been in one groups.", 1, secHandler.getGroupPrincipals(uid1).size());
148 
149         secHandler.removeUserPrincipalInGroup(uid1, gp1.getName());
150         assertEquals("The user should have been in two groups.", 0, secHandler.getGroupPrincipals(uid1).size());
151     }
152 
153     /***
154      * @throws Exception
155      */
156     public void testSetUserPrincipalInGroupForNonExistantUser() throws Exception
157     {
158         try
159         {
160             secHandler.setUserPrincipalInGroup(Integer.toString(rand.nextInt()), gpUid1);
161             fail("Trying to associate a group with a non-existant user should have thrown a SecurityException.");
162 
163         }
164         catch (Exception e)
165         {
166             assertTrue("Trying to associate a group with a non-existant user should have thrown a SecurityException.",
167                     e instanceof SecurityException);
168         }
169     }
170 
171     /***
172      * @throws Exception
173      */
174     public void testSetUserPrincipalInGroupForNonExistantGroup() throws Exception
175     {
176         try
177         {
178             secHandler.setUserPrincipalInGroup(uid1, Integer.toString(rand.nextInt()));
179             fail("Trying to associate a user with a non-existant group should have thrown a SecurityException.");
180 
181         }
182         catch (Exception e)
183         {
184             assertTrue("Trying to associate a user with a non-existant group should have thrown a SecurityException.",
185                     e instanceof SecurityException);
186         }
187     }
188     
189     /***
190      * Adds 2 users to a group and checks their presence in the group
191      * 
192      * @throws Exception
193      */
194     public void testGetUserPrincipalsInRole() throws Exception
195     {
196         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
197         secHandler.setUserPrincipalInRole(uid2, ro1.getName());
198 
199         String fullPathName = new RolePrincipalImpl(roleUid1).getName();
200         logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
201         Set userPrincipals = secHandler.getUserPrincipalsInRole(fullPathName);
202         assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
203         assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
204         assertEquals("The user should have been in two roles.", 2, userPrincipals.size());
205     }
206     
207     /***
208      * Adds 2 users to a group and checks their presence in the group
209      * 
210      * @throws Exception
211      */
212     public void testGetRolePrincipalInGroup() throws Exception
213     {
214         secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
215         secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
216         secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
217         
218 
219         String fullPathName = new RolePrincipalImpl(roleUid1).getName();
220         logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
221         assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
222         assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
223     }
224     
225     /***
226      * Adds 2 roles + 1 user to a group and checks their presence in the group.
227      * 
228      * @throws Exception
229      */
230     public void testGetRolePrincipalInGroupWithUsersInIt() throws Exception
231     {
232         secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
233         secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
234         secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
235         secHandler.setUserPrincipalInGroup(uid1,gpUid1);
236         
237 
238         String fullPathName = new RolePrincipalImpl(roleUid1).getName();
239         logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
240         assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
241         assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
242     }     
243     
244     
245     /***
246      * Adds 2 users to a group and checks their presence in the group
247      * 
248      * @throws Exception
249      */
250     public void testGetRolePrincipalInGroup2() throws Exception
251     {
252         secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
253         secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
254         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
255         secHandler.setUserPrincipalInRole(uid1, ro2.getName());
256         String fullPathName = new RolePrincipalImpl(gpUid1).getName();
257         logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
258         assertEquals("The group should have contained 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid1)
259                 .size());
260         assertEquals("The group should have contained 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid1)
261                 .size());
262         
263     }     
264 
265     /***
266      * Adds 1 user to 2 roles, and checks its presence in both roles
267      * @throws Exception
268      */
269     public void testSetUserPrincipalInRole() throws Exception
270     {
271         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
272         secHandler.setUserPrincipalInRole(uid1, ro2.getName());
273         Set rolePrinciples = secHandler.getRolePrincipals(uid1);
274         assertEquals("The user should have been in two roles.", 2, rolePrinciples.size());
275         assertTrue(rolePrinciples.contains(ro1));
276         assertTrue(rolePrinciples.contains(ro2));
277         
278     }
279     
280     /***
281      * Adds 1 user to 2 roles & 1 group, and checks its presence in both roles
282      * @throws Exception
283      */
284     public void testSetUserPrincipalInRole2() throws Exception
285     {
286         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
287         secHandler.setUserPrincipalInRole(uid1, ro2.getName());
288         secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
289         Set rolePrinciples = secHandler.getRolePrincipals(uid1);
290         assertEquals("The user should have been in two roles.", 2, rolePrinciples.size());
291         assertTrue(rolePrinciples.contains(ro1));
292         assertTrue(rolePrinciples.contains(ro2));
293         
294     }    
295 
296     /***
297      * @throws Exception
298      */
299     public void testRemoveUserPrincipalInRole() throws Exception
300     {
301         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
302         secHandler.setUserPrincipalInRole(uid1, ro2.getName());
303         assertEquals("The user should have been in two roles.", 2, secHandler.getRolePrincipals(uid1).size());
304 
305         secHandler.removeUserPrincipalInRole(uid1, ro1.getName());
306         assertEquals("The user should have been in one roles.", 1, secHandler.getRolePrincipals(uid1).size());
307 
308         secHandler.removeUserPrincipalInRole(uid1, ro2.getName());
309         assertEquals("The user should have been in zero roles.", 0, secHandler.getRolePrincipals(uid1).size());
310     }
311     
312    
313     /***
314      * @throws Exception
315      */
316     public void testRemoveRolePrincipalInGroup() throws Exception
317     {
318         secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
319         secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
320         assertEquals("The role should have been in two groups.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
321 
322         secHandler.removeRolePrincipalInGroup(gpUid1,ro1.getName());
323         assertEquals("The role should have been in one group.", 1, secHandler.getRolePrincipalsInGroup(gpUid1).size());
324 
325         secHandler.removeRolePrincipalInGroup(gpUid1, ro2.getName());
326         assertEquals("The role should have been in 0 roles.", 0, secHandler.getRolePrincipalsInGroup(gpUid1).size());
327     }
328     
329 
330     /***
331      * @throws Exception
332      */
333     public void testSetUserPrincipalInRoleForNonExistantUser() throws Exception
334     {
335         try
336         {
337             secHandler.setUserPrincipalInRole(Integer.toString(rand.nextInt()), roleUid1);
338             fail("Trying to associate a role with a non-existant user should have thrown a SecurityException.");
339 
340         }
341         catch (Exception e)
342         {
343             assertTrue("Trying to associate a role with a non-existant user should have thrown a SecurityException.",
344                     e instanceof SecurityException);
345         }
346     }
347 
348     /***
349      * @throws Exception
350      */
351     public void testSetUserPrincipalInRoleForNonExistantRole() throws Exception
352     {
353         try
354         {
355             secHandler.setUserPrincipalInRole(uid1, Integer.toString(rand.nextInt()));
356             fail("Trying to associate a user with a non-existant role should have thrown a SecurityException.");
357 
358         }
359         catch (Exception e)
360         {
361             assertTrue("Trying to associate a user with a non-existant role should have thrown a SecurityException.",
362                     e instanceof SecurityException);
363         }
364     }    
365 }