001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.providers.ldap.authenticator;
017:
018: import org.acegisecurity.BadCredentialsException;
019:
020: import org.acegisecurity.ldap.AbstractLdapServerTestCase;
021:
022: import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
023:
024: import org.acegisecurity.userdetails.UsernameNotFoundException;
025: import org.acegisecurity.userdetails.ldap.LdapUserDetails;
026: import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
027: import org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper;
028:
029: /**
030: * Tests for {@link PasswordComparisonAuthenticator}.
031: *
032: * @author Luke Taylor
033: * @version $Id: PasswordComparisonAuthenticatorTests.java 1496 2006-05-23 13:38:33Z benalex $
034: */
035: public class PasswordComparisonAuthenticatorTests extends
036: AbstractLdapServerTestCase {
037: //~ Instance fields ================================================================================================
038:
039: private PasswordComparisonAuthenticator authenticator;
040:
041: //~ Methods ========================================================================================================
042:
043: public void onSetUp() {
044: getInitialCtxFactory().setManagerDn(MANAGER_USER);
045: getInitialCtxFactory().setManagerPassword(MANAGER_PASSWORD);
046: authenticator = new PasswordComparisonAuthenticator(
047: getInitialCtxFactory());
048: authenticator
049: .setUserDnPatterns(new String[] { "uid={0},ou=people" });
050: }
051:
052: public void tearDown() {
053: // com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
054: }
055:
056: public void testAllAttributesAreRetrivedByDefault() {
057: LdapUserDetails user = authenticator.authenticate("Bob",
058: "bobspassword");
059: //System.out.println(user.getAttributes().toString());
060: assertEquals("User should have 5 attributes", 5, user
061: .getAttributes().size());
062: }
063:
064: public void testFailedSearchGivesUserNotFoundException()
065: throws Exception {
066: authenticator = new PasswordComparisonAuthenticator(
067: getInitialCtxFactory());
068: assertTrue("User DN matches shouldn't be available",
069: authenticator.getUserDns("Bob").isEmpty());
070: authenticator.setUserSearch(new MockUserSearch(null));
071: authenticator.afterPropertiesSet();
072:
073: try {
074: authenticator.authenticate("Joe", "password");
075: fail("Expected exception on failed user search");
076: } catch (UsernameNotFoundException expected) {
077: }
078: }
079:
080: public void testLocalComparisonSucceedsWithShaEncodedPassword() {
081: // Ben's password is SHA encoded
082: authenticator.authenticate("ben", "benspassword");
083: }
084:
085: public void testLocalPasswordComparisonFailsWithWrongPassword() {
086: try {
087: authenticator.authenticate("Bob", "wrongpassword");
088: fail("Authentication should fail with wrong password.");
089: } catch (BadCredentialsException expected) {
090: }
091: }
092:
093: /*
094: public void testLdapPasswordCompareFailsWithWrongPassword() {
095: // Don't retrieve the password
096: authenticator.setUserAttributes(new String[] {"cn", "sn"});
097: try {
098: authenticator.authenticate("Bob", "wrongpassword");
099: fail("Authentication should fail with wrong password.");
100: } catch(BadCredentialsException expected) {
101: }
102: }
103: */
104: public void testLocalPasswordComparisonSucceedsWithCorrectPassword() {
105: LdapUserDetails user = authenticator.authenticate("Bob",
106: "bobspassword");
107: // check username is retrieved.
108: assertEquals("Bob", user.getUsername());
109: assertEquals("bobspassword", user.getPassword());
110: }
111:
112: public void testMultipleDnPatternsWorkOk() {
113: authenticator.setUserDnPatterns(new String[] {
114: "uid={0},ou=nonexistent", "uid={0},ou=people" });
115: authenticator.authenticate("Bob", "bobspassword");
116: }
117:
118: public void testOnlySpecifiedAttributesAreRetrieved()
119: throws Exception {
120: authenticator
121: .setUserAttributes(new String[] { "userPassword" });
122: authenticator
123: .setPasswordEncoder(new PlaintextPasswordEncoder());
124:
125: LdapUserDetails user = authenticator.authenticate("Bob",
126: "bobspassword");
127: assertEquals(
128: "Should have retrieved 1 attribute (userPassword)", 1,
129: user.getAttributes().size());
130:
131: // assertEquals("Bob Hamilton", user.getAttributes().get("cn").get());
132: // assertEquals("bob", user.getAttributes().get("uid").get());
133: }
134:
135: /*
136: public void testLdapCompareSucceedsWithCorrectPassword() {
137: // Don't retrieve the password
138: authenticator.setUserAttributes(new String[] {"cn"});
139: // Bob has a plaintext password.
140: authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
141: authenticator.authenticate("bob", "bobspassword");
142: }
143: public void testLdapCompareSucceedsWithShaEncodedPassword() {
144: authenticator = new PasswordComparisonAuthenticator();
145: authenticator.setInitialDirContextFactory(dirCtxFactory);
146: authenticator.setUserDnPatterns("uid={0},ou=people");
147: // Don't retrieve the password
148: authenticator.setUserAttributes(new String[] {"cn"});
149: authenticator.authenticate("ben", "benspassword");
150: }
151: */
152: public void testPasswordEncoderCantBeNull() {
153: try {
154: authenticator.setPasswordEncoder(null);
155: fail("Password encoder can't be null");
156: } catch (IllegalArgumentException expected) {
157: }
158: }
159:
160: public void testUseOfDifferentPasswordAttribute() {
161: LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
162: mapper.setPasswordAttributeName("uid");
163: authenticator.setPasswordAttributeName("uid");
164: authenticator.setUserDetailsMapper(mapper);
165:
166: LdapUserDetails bob = authenticator.authenticate("bob", "bob");
167: }
168:
169: /*
170: public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
171: authenticator.setUserAttributes(new String[] {"cn"});
172: authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
173: authenticator.setPasswordAttributeName("uid");
174: authenticator.authenticate("bob", "bob");
175: }
176: */
177: public void testWithUserSearch() {
178: authenticator = new PasswordComparisonAuthenticator(
179: getInitialCtxFactory());
180: assertTrue("User DN matches shouldn't be available",
181: authenticator.getUserDns("Bob").isEmpty());
182:
183: LdapUserDetailsImpl.Essence userEssence = new LdapUserDetailsImpl.Essence();
184: userEssence.setDn("uid=Bob,ou=people,dc=acegisecurity,dc=org");
185: userEssence.setPassword("bobspassword");
186:
187: authenticator.setUserSearch(new MockUserSearch(userEssence
188: .createUserDetails()));
189: authenticator.authenticate("ShouldntBeUsed", "bobspassword");
190: }
191: }
|