001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.providers.ldap;
017:
018: import junit.framework.TestCase;
019:
020: import org.acegisecurity.BadCredentialsException;
021: import org.acegisecurity.GrantedAuthority;
022: import org.acegisecurity.GrantedAuthorityImpl;
023:
024: import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
025:
026: import org.acegisecurity.userdetails.UserDetails;
027: import org.acegisecurity.userdetails.ldap.LdapUserDetails;
028: import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
029:
030: import java.util.ArrayList;
031:
032: import javax.naming.directory.Attributes;
033: import javax.naming.directory.BasicAttributes;
034:
035: /**
036: * Tests {@link LdapAuthenticationProvider}.
037: *
038: * @author Luke Taylor
039: * @version $Id: LdapAuthenticationProviderTests.java 1583 2006-07-16 20:17:20Z luke_t $
040: */
041: public class LdapAuthenticationProviderTests extends TestCase {
042: //~ Constructors ===================================================================================================
043:
044: public LdapAuthenticationProviderTests(String string) {
045: super (string);
046: }
047:
048: public LdapAuthenticationProviderTests() {
049: super ();
050: }
051:
052: //~ Methods ========================================================================================================
053:
054: public void testDifferentCacheValueCausesException() {
055: LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
056: new MockAuthenticator(), new MockAuthoritiesPopulator());
057: UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
058: "bob", "bobspassword");
059:
060: // User is authenticated here
061: UserDetails user = ldapProvider
062: .retrieveUser("bob", authRequest);
063: // Assume the user details object is cached...
064:
065: // And a subsequent authentication request comes in on the cached data
066: authRequest = new UsernamePasswordAuthenticationToken("bob",
067: "wrongpassword");
068:
069: try {
070: ldapProvider.additionalAuthenticationChecks(user,
071: authRequest);
072: fail("Expected BadCredentialsException should have failed with wrong password");
073: } catch (BadCredentialsException expected) {
074: }
075: }
076:
077: public void testEmptyOrNullUserNameThrowsException() {
078: LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
079: new MockAuthenticator(), new MockAuthoritiesPopulator());
080:
081: try {
082: ldapProvider.retrieveUser("",
083: new UsernamePasswordAuthenticationToken("bob",
084: "bobspassword"));
085: fail("Expected BadCredentialsException for empty username");
086: } catch (BadCredentialsException expected) {
087: }
088:
089: try {
090: ldapProvider.retrieveUser(null,
091: new UsernamePasswordAuthenticationToken("bob",
092: "bobspassword"));
093: fail("Expected BadCredentialsException for null username");
094: } catch (BadCredentialsException expected) {
095: }
096: }
097:
098: public void testEmptyPasswordIsRejected() {
099: LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
100: new MockAuthenticator(), new MockAuthoritiesPopulator());
101: try {
102: ldapProvider.retrieveUser("jen",
103: new UsernamePasswordAuthenticationToken("jen", ""));
104: fail("Expected BadCredentialsException for empty password");
105: } catch (BadCredentialsException expected) {
106: }
107: }
108:
109: public void testNormalUsage() {
110: LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(
111: new MockAuthenticator(), new MockAuthoritiesPopulator());
112:
113: assertNotNull(ldapProvider.getAuthoritiesPopulator());
114:
115: UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
116: "bob", "bobspassword");
117: UserDetails user = ldapProvider
118: .retrieveUser("bob", authRequest);
119: assertEquals(2, user.getAuthorities().length);
120: assertEquals("bobspassword", user.getPassword());
121: assertEquals("bob", user.getUsername());
122:
123: ArrayList authorities = new ArrayList();
124: authorities.add(user.getAuthorities()[0].getAuthority());
125: authorities.add(user.getAuthorities()[1].getAuthority());
126:
127: assertTrue(authorities.contains("ROLE_FROM_ENTRY"));
128: assertTrue(authorities.contains("ROLE_FROM_POPULATOR"));
129:
130: ldapProvider.additionalAuthenticationChecks(user, authRequest);
131: }
132:
133: //~ Inner Classes ==================================================================================================
134:
135: class MockAuthenticator implements LdapAuthenticator {
136: Attributes userAttributes = new BasicAttributes("cn", "bob");
137:
138: public LdapUserDetails authenticate(String username,
139: String password) {
140: LdapUserDetailsImpl.Essence userEssence = new LdapUserDetailsImpl.Essence();
141: userEssence.setPassword("{SHA}anencodedpassword");
142: userEssence.setAttributes(userAttributes);
143:
144: if (username.equals("bob")
145: && password.equals("bobspassword")) {
146: userEssence
147: .setDn("cn=bob,ou=people,dc=acegisecurity,dc=org");
148: userEssence.addAuthority(new GrantedAuthorityImpl(
149: "ROLE_FROM_ENTRY"));
150:
151: return userEssence.createUserDetails();
152: } else if (username.equals("jen") && password.equals("")) {
153: userEssence
154: .setDn("cn=jen,ou=people,dc=acegisecurity,dc=org");
155: userEssence.addAuthority(new GrantedAuthorityImpl(
156: "ROLE_FROM_ENTRY"));
157:
158: return userEssence.createUserDetails();
159: }
160:
161: throw new BadCredentialsException("Authentication failed.");
162: }
163: }
164:
165: // This test kills apacheDS in embedded mode because the search returns an invalid DN
166: // public void testIntegration() throws Exception {
167: // BindAuthenticator authenticator = new BindAuthenticator(getInitialCtxFactory());
168: // //PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator();
169: // //authenticator.setUserDnPatterns("cn={0},ou=people");
170: //
171: // FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch("ou=people", "(cn={0})", getInitialCtxFactory());
172: //
173: // authenticator.setUserSearch(userSearch);
174: // authenticator.afterPropertiesSet();
175: //
176: // DefaultLdapAuthoritiesPopulator populator;
177: // populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(), "ou=groups");
178: // populator.setRolePrefix("ROLE_");
179: //
180: // LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(authenticator, populator);
181: //
182: // Authentication auth = ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("Ben Alex","benspassword"));
183: // assertEquals(2, auth.getAuthorities().length);
184: // }
185: class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator {
186: public GrantedAuthority[] getGrantedAuthorities(
187: LdapUserDetails userDetailsll) {
188: return new GrantedAuthority[] { new GrantedAuthorityImpl(
189: "ROLE_FROM_POPULATOR") };
190: }
191: }
192: }
|