001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi.ldap;
018:
019: import java.util.Set;
020:
021: import org.apache.commons.logging.Log;
022: import org.apache.commons.logging.LogFactory;
023: import org.apache.jetspeed.security.GroupPrincipal;
024: import org.apache.jetspeed.security.RolePrincipal;
025: import org.apache.jetspeed.security.SecurityException;
026: import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
027: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
028: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
029: import org.apache.jetspeed.security.spi.SecurityMappingHandler;
030:
031: /**
032: * <p>
033: * Test the LDAP implementation for the {@link SecurityMappingHandler}.
034: * </p>
035: *
036: * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a href="dlestrat@apache.org">David Le Strat</a>
037: */
038: public class TestLdapSecurityMappingHandler extends AbstractLdapTest {
039: /** The logger. */
040: private static final Log logger = LogFactory
041: .getLog(TestLdapSecurityMappingHandler.class);
042:
043: /** The group principal for gpUid1. */
044: private GroupPrincipal gp1;
045:
046: /** The group principal for gpUid2. */
047: private GroupPrincipal gp2;
048:
049: /** The role principal for gpUid1. */
050: private RolePrincipal ro1;
051:
052: /** The role principal for gpUid2. */
053: private RolePrincipal ro2;
054:
055: /**
056: * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#setUp()
057: */
058: protected void setUp() throws Exception {
059: super .setUp();
060: gp1 = new GroupPrincipalImpl(gpUid1);
061: gp2 = new GroupPrincipalImpl(gpUid2);
062: LdapDataHelper.seedGroupData(gpUid1);
063: LdapDataHelper.seedGroupData(gpUid2);
064:
065: ro1 = new RolePrincipalImpl(roleUid1);
066: ro2 = new RolePrincipalImpl(roleUid2);
067: LdapDataHelper.seedRoleData(roleUid1);
068: LdapDataHelper.seedRoleData(roleUid2);
069:
070: LdapDataHelper.seedUserData(uid1, password);
071: LdapDataHelper.seedUserData(uid2, password);
072: }
073:
074: /**
075: * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#tearDown()
076: */
077: protected void tearDown() throws Exception {
078: super .tearDown();
079: LdapDataHelper.removeGroupData(gpUid1);
080: LdapDataHelper.removeGroupData(gpUid2);
081: LdapDataHelper.removeUserData(uid1);
082: LdapDataHelper.removeUserData(uid2);
083: LdapDataHelper.removeRoleData(roleUid1);
084: LdapDataHelper.removeRoleData(roleUid2);
085: }
086:
087: /**
088: * Adds 2 users to a group and checks their presence in the group
089: *
090: * @throws Exception
091: */
092: public void testGetUserPrincipalsInGroup() throws Exception {
093: secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
094: secHandler.setUserPrincipalInGroup(uid2, gp1.getName());
095: String fullPathName = new GroupPrincipalImpl(gpUid1).getName();
096: logger
097: .debug("Group full path name from testGetUserPrincipalsInGroup()["
098: + fullPathName + "]");
099: Set userPrincipals = secHandler
100: .getUserPrincipalsInGroup(fullPathName);
101: assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
102: assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
103:
104: assertEquals("The user should have been in two groups.", 2,
105: userPrincipals.size());
106: }
107:
108: /**
109: * Adds 1 user to 2 groups, and checks its presence in both groups
110: * @throws Exception
111: */
112: public void testSetUserPrincipalInGroup() throws Exception {
113: secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
114: secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
115:
116: assertEquals("The user should have been in two groups.", 2,
117: secHandler.getGroupPrincipals(uid1).size());
118:
119: }
120:
121: /**
122: * Adds 1 user to 2 groups, and checks its presence in both groups
123: * @throws Exception
124: */
125: public void testGetUserPrincipalInGroup() throws Exception {
126: secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
127: secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
128: secHandler.setUserPrincipalInRole(uid1, ro1.getName());
129: assertEquals(2, secHandler.getGroupPrincipals(uid1).size());
130: }
131:
132: /**
133: * @throws Exception
134: */
135: public void testRemoveUserPrincipalInGroup() throws Exception {
136: secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
137: secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
138:
139: assertEquals("The user should have been in two groups.", 2,
140: secHandler.getGroupPrincipals(uid1).size());
141:
142: secHandler.removeUserPrincipalInGroup(uid1, gp2.getName());
143: assertEquals("The user should have been in one groups.", 1,
144: secHandler.getGroupPrincipals(uid1).size());
145:
146: secHandler.removeUserPrincipalInGroup(uid1, gp1.getName());
147: assertEquals("The user should have been in two groups.", 0,
148: secHandler.getGroupPrincipals(uid1).size());
149: }
150:
151: /**
152: * @throws Exception
153: */
154: public void testSetUserPrincipalInGroupForNonExistantUser()
155: throws Exception {
156: try {
157: secHandler.setUserPrincipalInGroup(Integer.toString(rand
158: .nextInt()), gpUid1);
159: fail("Trying to associate a group with a non-existant user should have thrown a SecurityException.");
160:
161: } catch (Exception e) {
162: assertTrue(
163: "Trying to associate a group with a non-existant user should have thrown a SecurityException.",
164: e instanceof SecurityException);
165: }
166: }
167:
168: /**
169: * @throws Exception
170: */
171: public void testSetUserPrincipalInGroupForNonExistantGroup()
172: throws Exception {
173: try {
174: secHandler.setUserPrincipalInGroup(uid1, Integer
175: .toString(rand.nextInt()));
176: fail("Trying to associate a user with a non-existant group should have thrown a SecurityException.");
177:
178: } catch (Exception e) {
179: assertTrue(
180: "Trying to associate a user with a non-existant group should have thrown a SecurityException.",
181: e instanceof SecurityException);
182: }
183: }
184:
185: /**
186: * Adds 2 users to a group and checks their presence in the group
187: *
188: * @throws Exception
189: */
190: public void testGetUserPrincipalsInRole() throws Exception {
191: secHandler.setUserPrincipalInRole(uid1, ro1.getName());
192: secHandler.setUserPrincipalInRole(uid2, ro1.getName());
193:
194: String fullPathName = new RolePrincipalImpl(roleUid1).getName();
195: logger
196: .debug("Role full path name from testGetUserPrincipalsInRole()["
197: + fullPathName + "]");
198: Set userPrincipals = secHandler
199: .getUserPrincipalsInRole(fullPathName);
200: assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
201: assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
202: assertEquals("The user should have been in two roles.", 2,
203: userPrincipals.size());
204: }
205:
206: /**
207: * Adds 2 users to a group and checks their presence in the group
208: *
209: * @throws Exception
210: */
211: public void testGetRolePrincipalInGroup() throws Exception {
212: secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
213: secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
214: secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
215:
216: String fullPathName = new RolePrincipalImpl(roleUid1).getName();
217: logger
218: .debug("Role full path name from testGetUserPrincipalsInRole()["
219: + fullPathName + "]");
220: assertEquals("The group should have 2 roles.", 2, secHandler
221: .getRolePrincipalsInGroup(gpUid1).size());
222: assertEquals("The group should have 1 role.", 1, secHandler
223: .getRolePrincipalsInGroup(gpUid2).size());
224: }
225:
226: /**
227: * Adds 2 roles + 1 user to a group and checks their presence in the group.
228: *
229: * @throws Exception
230: */
231: public void testGetRolePrincipalInGroupWithUsersInIt()
232: throws Exception {
233: secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
234: secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
235: secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
236: secHandler.setUserPrincipalInGroup(uid1, gpUid1);
237:
238: String fullPathName = new RolePrincipalImpl(roleUid1).getName();
239: logger
240: .debug("Role full path name from testGetUserPrincipalsInRole()["
241: + fullPathName + "]");
242: assertEquals("The group should have 2 roles.", 2, secHandler
243: .getRolePrincipalsInGroup(gpUid1).size());
244: assertEquals("The group should have 1 role.", 1, secHandler
245: .getRolePrincipalsInGroup(gpUid2).size());
246: }
247:
248: /**
249: * Adds 2 users to a group and checks their presence in the group
250: *
251: * @throws Exception
252: */
253: public void testGetRolePrincipalInGroup2() throws Exception {
254: secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
255: secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
256: secHandler.setUserPrincipalInRole(uid1, ro1.getName());
257: secHandler.setUserPrincipalInRole(uid1, ro2.getName());
258: String fullPathName = new RolePrincipalImpl(gpUid1).getName();
259: logger
260: .debug("Role full path name from testGetUserPrincipalsInRole()["
261: + fullPathName + "]");
262: assertEquals("The group should have contained 1 role.", 1,
263: secHandler.getRolePrincipalsInGroup(gpUid1).size());
264: assertEquals("The group should have contained 1 role.", 1,
265: secHandler.getRolePrincipalsInGroup(gpUid1).size());
266:
267: }
268:
269: /**
270: * Adds 1 user to 2 roles, and checks its presence in both roles
271: * @throws Exception
272: */
273: public void testSetUserPrincipalInRole() throws Exception {
274: secHandler.setUserPrincipalInRole(uid1, ro1.getName());
275: secHandler.setUserPrincipalInRole(uid1, ro2.getName());
276: Set rolePrinciples = secHandler.getRolePrincipals(uid1);
277: assertEquals("The user should have been in two roles.", 2,
278: rolePrinciples.size());
279: assertTrue(rolePrinciples.contains(ro1));
280: assertTrue(rolePrinciples.contains(ro2));
281:
282: }
283:
284: /**
285: * Adds 1 user to 2 roles & 1 group, and checks its presence in both roles
286: * @throws Exception
287: */
288: public void testSetUserPrincipalInRole2() throws Exception {
289: secHandler.setUserPrincipalInRole(uid1, ro1.getName());
290: secHandler.setUserPrincipalInRole(uid1, ro2.getName());
291: secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
292: Set rolePrinciples = secHandler.getRolePrincipals(uid1);
293: assertEquals("The user should have been in two roles.", 2,
294: rolePrinciples.size());
295: assertTrue(rolePrinciples.contains(ro1));
296: assertTrue(rolePrinciples.contains(ro2));
297:
298: }
299:
300: /**
301: * @throws Exception
302: */
303: public void testRemoveUserPrincipalInRole() throws Exception {
304: secHandler.setUserPrincipalInRole(uid1, ro1.getName());
305: secHandler.setUserPrincipalInRole(uid1, ro2.getName());
306: assertEquals("The user should have been in two roles.", 2,
307: secHandler.getRolePrincipals(uid1).size());
308:
309: secHandler.removeUserPrincipalInRole(uid1, ro1.getName());
310: assertEquals("The user should have been in one roles.", 1,
311: secHandler.getRolePrincipals(uid1).size());
312:
313: secHandler.removeUserPrincipalInRole(uid1, ro2.getName());
314: assertEquals("The user should have been in zero roles.", 0,
315: secHandler.getRolePrincipals(uid1).size());
316: }
317:
318: /**
319: * @throws Exception
320: */
321: public void testRemoveRolePrincipalInGroup() throws Exception {
322: secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
323: secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
324: assertEquals("The role should have been in two groups.", 2,
325: secHandler.getRolePrincipalsInGroup(gpUid1).size());
326:
327: secHandler.removeRolePrincipalInGroup(gpUid1, ro1.getName());
328: assertEquals("The role should have been in one group.", 1,
329: secHandler.getRolePrincipalsInGroup(gpUid1).size());
330:
331: secHandler.removeRolePrincipalInGroup(gpUid1, ro2.getName());
332: assertEquals("The role should have been in 0 roles.", 0,
333: secHandler.getRolePrincipalsInGroup(gpUid1).size());
334: }
335:
336: /**
337: * @throws Exception
338: */
339: public void testSetUserPrincipalInRoleForNonExistantUser()
340: throws Exception {
341: try {
342: secHandler.setUserPrincipalInRole(Integer.toString(rand
343: .nextInt()), roleUid1);
344: fail("Trying to associate a role with a non-existant user should have thrown a SecurityException.");
345:
346: } catch (Exception e) {
347: assertTrue(
348: "Trying to associate a role with a non-existant user should have thrown a SecurityException.",
349: e instanceof SecurityException);
350: }
351: }
352:
353: /**
354: * @throws Exception
355: */
356: public void testSetUserPrincipalInRoleForNonExistantRole()
357: throws Exception {
358: try {
359: secHandler.setUserPrincipalInRole(uid1, Integer
360: .toString(rand.nextInt()));
361: fail("Trying to associate a user with a non-existant role should have thrown a SecurityException.");
362:
363: } catch (Exception e) {
364: assertTrue(
365: "Trying to associate a user with a non-existant role should have thrown a SecurityException.",
366: e instanceof SecurityException);
367: }
368: }
369: }
|