Refactored embedded LDAP server tests to make use of new namespace configuration. Use Junit 4 annotations in preference to AbstractDependencyInjectionSpringContextTests so that it is possible to clear up the context after each class is run rather than at JVM shutdown (causes problems with running embedded apache DS).
This commit is contained in:
parent
77b6503e2e
commit
acb02246e0
|
@ -48,7 +48,7 @@ import javax.naming.directory.InitialDirContext;
|
||||||
* <tt>DirContext</tt> references.
|
* <tt>DirContext</tt> references.
|
||||||
* <p>
|
* <p>
|
||||||
* The directory location is configured using by setting the constructor argument
|
* The directory location is configured using by setting the constructor argument
|
||||||
* <tt>providerUrl</tt>. This should be in the form <tt>ldap://monkeymachine.co.uk:389/dc=acegisecurity,dc=org</tt>.
|
* <tt>providerUrl</tt>. This should be in the form <tt>ldap://monkeymachine.co.uk:389/dc=springframework,dc=org</tt>.
|
||||||
* The Sun JNDI provider also supports lists of space-separated URLs, each of which will be tried in turn until a
|
* The Sun JNDI provider also supports lists of space-separated URLs, each of which will be tried in turn until a
|
||||||
* connection is obtained.
|
* connection is obtained.
|
||||||
* </p>
|
* </p>
|
||||||
|
@ -226,8 +226,8 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the root DN of the configured provider URL. For example, if the URL is
|
* Returns the root DN of the configured provider URL. For example, if the URL is
|
||||||
* <tt>ldap://monkeymachine.co.uk:389/dc=acegisecurity,dc=org</tt> the value will be
|
* <tt>ldap://monkeymachine.co.uk:389/dc=springframework,dc=org</tt> the value will be
|
||||||
* <tt>dc=acegisecurity,dc=org</tt>.
|
* <tt>dc=springframework,dc=org</tt>.
|
||||||
*
|
*
|
||||||
* @return the root DN calculated from the path of the LDAP url.
|
* @return the root DN calculated from the path of the LDAP url.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -62,8 +62,8 @@ public final class LdapUtils {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Obtains the part of a DN relative to a supplied base context.
|
* Obtains the part of a DN relative to a supplied base context.
|
||||||
* <p>If the DN is "cn=bob,ou=people,dc=acegisecurity,dc=org" and the base context name is
|
* <p>If the DN is "cn=bob,ou=people,dc=springframework,dc=org" and the base context name is
|
||||||
* "ou=people,dc=acegisecurity,dc=org" it would return "cn=bob".
|
* "ou=people,dc=springframework,dc=org" it would return "cn=bob".
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @param fullDn the DN
|
* @param fullDn the DN
|
||||||
|
@ -144,7 +144,7 @@ public final class LdapUtils {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Works out the root DN for an LDAP URL.<p>For example, the URL
|
* Works out the root DN for an LDAP URL.<p>For example, the URL
|
||||||
* <tt>ldap://monkeymachine:11389/dc=acegisecurity,dc=org</tt> has the root DN "dc=acegisecurity,dc=org".</p>
|
* <tt>ldap://monkeymachine:11389/dc=springframework,dc=org</tt> has the root DN "dc=springframework,dc=org".</p>
|
||||||
*
|
*
|
||||||
* @param url the LDAP URL
|
* @param url the LDAP URL
|
||||||
*
|
*
|
||||||
|
@ -185,7 +185,7 @@ public final class LdapUtils {
|
||||||
// removed for 1.3 compatibility
|
// removed for 1.3 compatibility
|
||||||
/**
|
/**
|
||||||
* Parses the supplied LDAP URL.
|
* Parses the supplied LDAP URL.
|
||||||
* @param url the URL (e.g. <tt>ldap://monkeymachine:11389/dc=acegisecurity,dc=org</tt>).
|
* @param url the URL (e.g. <tt>ldap://monkeymachine:11389/dc=springframework,dc=org</tt>).
|
||||||
* @return the URI object created from the URL
|
* @return the URI object created from the URL
|
||||||
* @throws IllegalArgumentException if the URL is null, empty or the URI syntax is invalid.
|
* @throws IllegalArgumentException if the URL is null, empty or the URI syntax is invalid.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -73,8 +73,8 @@ import org.springframework.ldap.core.DirContextOperations;
|
||||||
* A simple configuration might be as follows:
|
* A simple configuration might be as follows:
|
||||||
* <pre>
|
* <pre>
|
||||||
* <bean id="initialDirContextFactory" class="org.springframework.security.providers.ldap.DefaultInitialDirContextFactory">
|
* <bean id="initialDirContextFactory" class="org.springframework.security.providers.ldap.DefaultInitialDirContextFactory">
|
||||||
* <constructor-arg value="ldap://monkeymachine:389/dc=acegisecurity,dc=org"/>
|
* <constructor-arg value="ldap://monkeymachine:389/dc=springframework,dc=org"/>
|
||||||
* <property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property>
|
* <property name="managerDn"><value>cn=manager,dc=springframework,dc=org</value></property>
|
||||||
* <property name="managerPassword"><value>password</value></property>
|
* <property name="managerPassword"><value>password</value></property>
|
||||||
* </bean>
|
* </bean>
|
||||||
*
|
*
|
||||||
|
@ -95,10 +95,10 @@ import org.springframework.ldap.core.DirContextOperations;
|
||||||
* </bean></pre>
|
* </bean></pre>
|
||||||
*
|
*
|
||||||
* <p>This would set up the provider to access an LDAP server with URL
|
* <p>This would set up the provider to access an LDAP server with URL
|
||||||
* <tt>ldap://monkeymachine:389/dc=acegisecurity,dc=org</tt>. Authentication will be performed by attempting to bind
|
* <tt>ldap://monkeymachine:389/dc=springframework,dc=org</tt>. Authentication will be performed by attempting to bind
|
||||||
* with the DN <tt>uid=<user-login-name>,ou=people,dc=acegisecurity,dc=org</tt>. After successful
|
* with the DN <tt>uid=<user-login-name>,ou=people,dc=springframework,dc=org</tt>. After successful
|
||||||
* authentication, roles will be assigned to the user by searching under the DN
|
* authentication, roles will be assigned to the user by searching under the DN
|
||||||
* <tt>ou=groups,dc=acegisecurity,dc=org</tt> with the default filter <tt>(member=<user's-DN>)</tt>. The role
|
* <tt>ou=groups,dc=springframework,dc=org</tt> with the default filter <tt>(member=<user's-DN>)</tt>. The role
|
||||||
* name will be taken from the "ou" attribute of each match.</p>
|
* name will be taken from the "ou" attribute of each match.</p>
|
||||||
* <p>
|
* <p>
|
||||||
* The authenticate method will reject empty passwords outright. LDAP servers may allow an anonymous
|
* The authenticate method will reject empty passwords outright. LDAP servers may allow an anonymous
|
||||||
|
|
|
@ -45,13 +45,13 @@ import javax.naming.directory.SearchControls;
|
||||||
* A typical group search scenario would be where each group/role is specified using the <tt>groupOfNames</tt>
|
* A typical group search scenario would be where each group/role is specified using the <tt>groupOfNames</tt>
|
||||||
* (or <tt>groupOfUniqueNames</tt>) LDAP objectClass and the user's DN is listed in the <tt>member</tt> (or
|
* (or <tt>groupOfUniqueNames</tt>) LDAP objectClass and the user's DN is listed in the <tt>member</tt> (or
|
||||||
* <tt>uniqueMember</tt>) attribute to indicate that they should be assigned that role. The following LDIF sample has
|
* <tt>uniqueMember</tt>) attribute to indicate that they should be assigned that role. The following LDIF sample has
|
||||||
* the groups stored under the DN <tt>ou=groups,dc=acegisecurity,dc=org</tt> and a group called "developers" with
|
* the groups stored under the DN <tt>ou=groups,dc=springframework,dc=org</tt> and a group called "developers" with
|
||||||
* "ben" and "marissa" as members:
|
* "ben" and "marissa" as members:
|
||||||
* <pre>
|
* <pre>
|
||||||
* dn: ou=groups,dc=acegisecurity,dc=orgobjectClass: top
|
* dn: ou=groups,dc=springframework,dc=orgobjectClass: top
|
||||||
* objectClass: organizationalUnitou: groupsdn: cn=developers,ou=groups,dc=acegisecurity,dc=org
|
* objectClass: organizationalUnitou: groupsdn: cn=developers,ou=groups,dc=springframework,dc=org
|
||||||
* objectClass: groupOfNamesobjectClass: topcn: developersdescription: Acegi Security Developers
|
* objectClass: groupOfNamesobjectClass: topcn: developersdescription: Acegi Security Developers
|
||||||
* member: uid=ben,ou=people,dc=acegisecurity,dc=orgmember: uid=marissa,ou=people,dc=acegisecurity,dc=orgou: developer
|
* member: uid=ben,ou=people,dc=springframework,dc=orgmember: uid=marissa,ou=people,dc=springframework,dc=orgou: developer
|
||||||
* </pre>
|
* </pre>
|
||||||
* </p>
|
* </p>
|
||||||
* <p/>
|
* <p/>
|
||||||
|
@ -75,7 +75,7 @@ import javax.naming.directory.SearchControls;
|
||||||
* <property name="convertToUpperCase"><value>true</value></property>
|
* <property name="convertToUpperCase"><value>true</value></property>
|
||||||
* </bean>
|
* </bean>
|
||||||
* </pre>
|
* </pre>
|
||||||
* A search for roles for user "uid=ben,ou=people,dc=acegisecurity,dc=org" would return the single granted authority
|
* A search for roles for user "uid=ben,ou=people,dc=springframework,dc=org" would return the single granted authority
|
||||||
* "ROLE_DEVELOPER".
|
* "ROLE_DEVELOPER".
|
||||||
* </p>
|
* </p>
|
||||||
* <p/>
|
* <p/>
|
||||||
|
|
|
@ -14,9 +14,23 @@
|
||||||
*/
|
*/
|
||||||
package org.springframework.security.ldap;
|
package org.springframework.security.ldap;
|
||||||
|
|
||||||
import org.springframework.test.AbstractDependencyInjectionSpringContextTests;
|
|
||||||
import org.springframework.ldap.core.ContextSource;
|
import org.springframework.ldap.core.ContextSource;
|
||||||
|
import org.springframework.ldap.core.DistinguishedName;
|
||||||
import org.springframework.core.io.ClassPathResource;
|
import org.springframework.core.io.ClassPathResource;
|
||||||
|
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||||
|
import org.junit.BeforeClass;
|
||||||
|
import org.junit.Before;
|
||||||
|
import org.junit.AfterClass;
|
||||||
|
import org.junit.After;
|
||||||
|
import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
|
||||||
|
|
||||||
|
import javax.naming.directory.DirContext;
|
||||||
|
import javax.naming.Name;
|
||||||
|
import javax.naming.NamingException;
|
||||||
|
import javax.naming.NamingEnumeration;
|
||||||
|
import javax.naming.Binding;
|
||||||
|
import javax.naming.ContextNotEmptyException;
|
||||||
|
import javax.naming.NameNotFoundException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Based on class borrowed from Spring Ldap project.
|
* Based on class borrowed from Spring Ldap project.
|
||||||
|
@ -24,42 +38,62 @@ import org.springframework.core.io.ClassPathResource;
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractLdapIntegrationTests extends AbstractDependencyInjectionSpringContextTests {
|
public abstract class AbstractLdapIntegrationTests {
|
||||||
private LdapServerManager ldapServerManager;
|
private static ClassPathXmlApplicationContext appContext;
|
||||||
private ContextSource contextSource;
|
private boolean dirty = false;
|
||||||
private DefaultInitialDirContextFactory initialDirContextFactory;
|
|
||||||
|
|
||||||
protected AbstractLdapIntegrationTests() {
|
protected AbstractLdapIntegrationTests() {
|
||||||
super.setAutowireMode(AUTOWIRE_BY_NAME);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected String[] getConfigLocations() {
|
@BeforeClass
|
||||||
return new String[] {"/org/springframework/security/ldap/ldapIntegrationTestContext.xml"};
|
public static void loadContext() {
|
||||||
|
appContext = new ClassPathXmlApplicationContext("/org/springframework/security/ldap/ldapIntegrationTestContext.xml");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@AfterClass
|
||||||
|
public static void closeContext() {
|
||||||
|
appContext.close();
|
||||||
|
}
|
||||||
|
|
||||||
protected void onSetUp() throws Exception {
|
@Before
|
||||||
super.onSetUp();
|
public void onSetUp() throws Exception {
|
||||||
|
}
|
||||||
|
|
||||||
ClassPathResource ldifs = new ClassPathResource("org/springframework/security/ldap/setup_data.ldif");
|
/** Reloads the server data file */
|
||||||
|
protected void setDirty() {
|
||||||
|
dirty = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@After
|
||||||
|
public final void reloadServerDataIfDirty() throws Exception {
|
||||||
|
// if (!dirty) {
|
||||||
|
// return;
|
||||||
|
// }
|
||||||
|
|
||||||
|
// closeContext();
|
||||||
|
// loadContext();
|
||||||
|
ClassPathResource ldifs = new ClassPathResource("test-server.ldif");
|
||||||
|
|
||||||
if (!ldifs.getFile().exists()) {
|
if (!ldifs.getFile().exists()) {
|
||||||
throw new IllegalStateException("Ldif file not found: " + ldifs.getFile().getAbsolutePath());
|
throw new IllegalStateException("Ldif file not found: " + ldifs.getFile().getAbsolutePath());
|
||||||
}
|
}
|
||||||
|
|
||||||
ldapServerManager.cleanAndSetup(ldifs.getFile().getAbsolutePath());
|
DirContext ctx = getContextSource().getReadWriteContext();
|
||||||
}
|
|
||||||
|
|
||||||
public void setLdapServerManager(LdapServerManager ldapServerManager) {
|
// First of all, make sure the database is empty.
|
||||||
this.ldapServerManager = ldapServerManager;
|
Name startingPoint = new DistinguishedName("dc=springframework,dc=org");
|
||||||
|
|
||||||
|
try {
|
||||||
|
clearSubContexts(ctx, startingPoint);
|
||||||
|
LdifFileLoader loader = new LdifFileLoader(ctx, ldifs.getFile().getAbsolutePath());
|
||||||
|
loader.execute();
|
||||||
|
} finally {
|
||||||
|
ctx.close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public ContextSource getContextSource() {
|
public ContextSource getContextSource() {
|
||||||
return contextSource;
|
return (ContextSource) appContext.getBean("contextSource");
|
||||||
}
|
|
||||||
|
|
||||||
public void setContextSource(ContextSource contextSource) {
|
|
||||||
this.contextSource = contextSource;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -67,11 +101,36 @@ public abstract class AbstractLdapIntegrationTests extends AbstractDependencyInj
|
||||||
* the cleanAndSetup method so any mods during tests can mess it up.
|
* the cleanAndSetup method so any mods during tests can mess it up.
|
||||||
* TODO: Once the initialdircontextfactory stuff has been refactored, revisit this and remove this property.
|
* TODO: Once the initialdircontextfactory stuff has been refactored, revisit this and remove this property.
|
||||||
*/
|
*/
|
||||||
public DefaultInitialDirContextFactory getInitialDirContextFactory() {
|
protected DefaultInitialDirContextFactory getInitialDirContextFactory() {
|
||||||
return initialDirContextFactory;
|
return (DefaultInitialDirContextFactory) appContext.getBean("initialDirContextFactory");
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setInitialDirContextFactory(DefaultInitialDirContextFactory initialDirContextFactory) {
|
private void clearSubContexts(DirContext ctx, Name name) throws NamingException {
|
||||||
this.initialDirContextFactory = initialDirContextFactory;
|
|
||||||
|
NamingEnumeration enumeration = null;
|
||||||
|
try {
|
||||||
|
enumeration = ctx.listBindings(name);
|
||||||
|
while (enumeration.hasMore()) {
|
||||||
|
Binding element = (Binding) enumeration.next();
|
||||||
|
DistinguishedName childName = new DistinguishedName(element.getName());
|
||||||
|
childName.prepend((DistinguishedName) name);
|
||||||
|
|
||||||
|
try {
|
||||||
|
ctx.destroySubcontext(childName);
|
||||||
|
} catch (ContextNotEmptyException e) {
|
||||||
|
clearSubContexts(ctx, childName);
|
||||||
|
ctx.destroySubcontext(childName);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch(NameNotFoundException ignored) {
|
||||||
|
}
|
||||||
|
catch (NamingException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
} finally {
|
||||||
|
try {
|
||||||
|
enumeration.close();
|
||||||
|
} catch (Exception ignored) {
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2005-2007 the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.springframework.security.ldap;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.util.Hashtable;
|
|
||||||
|
|
||||||
import javax.naming.Context;
|
|
||||||
|
|
||||||
import org.apache.directory.server.configuration.MutableServerStartupConfiguration;
|
|
||||||
import org.apache.directory.server.jndi.ServerContextFactory;
|
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Helper class to simplify Spring configuration of ApacheDS.
|
|
||||||
*
|
|
||||||
* @author Mattias Arthursson
|
|
||||||
* @author Luke Taylor (borrowed from Spring Ldap project).
|
|
||||||
*/
|
|
||||||
public class ConfigEnvHelper implements InitializingBean {
|
|
||||||
private final MutableServerStartupConfiguration configuration;
|
|
||||||
|
|
||||||
private final Hashtable initialEnv;
|
|
||||||
|
|
||||||
public ConfigEnvHelper(Hashtable initialEnv,
|
|
||||||
MutableServerStartupConfiguration configuration) {
|
|
||||||
|
|
||||||
this.initialEnv = initialEnv;
|
|
||||||
this.configuration = configuration;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Hashtable getEnv() {
|
|
||||||
return initialEnv;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
|
||||||
// Attempt to use the maven target directory for the apache ds store. Property is passed
|
|
||||||
// through surefire plugin setup in pom.xml.
|
|
||||||
|
|
||||||
String apacheWorkDir = System.getProperty("apacheDSWorkDir");
|
|
||||||
|
|
||||||
if (apacheWorkDir == null) {
|
|
||||||
apacheWorkDir = System.getProperty("java.io.tmpdir") + File.separator + "apacheds-spring-security";
|
|
||||||
}
|
|
||||||
|
|
||||||
File workingDir = new File(apacheWorkDir);
|
|
||||||
|
|
||||||
initialEnv.put(Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName());
|
|
||||||
configuration.setWorkingDirectory(workingDir);
|
|
||||||
initialEnv.putAll(configuration.toJndiEnvironment());
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -24,6 +24,8 @@ import java.util.Hashtable;
|
||||||
import javax.naming.Context;
|
import javax.naming.Context;
|
||||||
import javax.naming.directory.DirContext;
|
import javax.naming.directory.DirContext;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests {@link org.springframework.security.ldap.DefaultInitialDirContextFactory}.
|
* Tests {@link org.springframework.security.ldap.DefaultInitialDirContextFactory}.
|
||||||
|
@ -44,6 +46,7 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
idf.setMessageSource(new AcegiMessageSource());
|
idf.setMessageSource(new AcegiMessageSource());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testAnonymousBindSucceeds() throws Exception {
|
public void testAnonymousBindSucceeds() throws Exception {
|
||||||
DirContext ctx = idf.newInitialDirContext();
|
DirContext ctx = idf.newInitialDirContext();
|
||||||
// Connection pooling should be set by default for anon users.
|
// Connection pooling should be set by default for anon users.
|
||||||
|
@ -52,9 +55,10 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
ctx.close();
|
ctx.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testBaseDnIsParsedFromCorrectlyFromUrl() {
|
public void testBaseDnIsParsedFromCorrectlyFromUrl() {
|
||||||
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/dc=acegisecurity,dc=org");
|
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/dc=springframework,dc=org");
|
||||||
assertEquals("dc=acegisecurity,dc=org", idf.getRootDn());
|
assertEquals("dc=springframework,dc=org", idf.getRootDn());
|
||||||
|
|
||||||
// Check with an empty root
|
// Check with an empty root
|
||||||
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
|
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
|
||||||
|
@ -65,8 +69,9 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
assertEquals("", idf.getRootDn());
|
assertEquals("", idf.getRootDn());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testBindAsManagerFailsIfNoPasswordSet() throws Exception {
|
public void testBindAsManagerFailsIfNoPasswordSet() throws Exception {
|
||||||
idf.setManagerDn("uid=bob,ou=people,dc=acegisecurity,dc=org");
|
idf.setManagerDn("uid=bob,ou=people,dc=springframework,dc=org");
|
||||||
|
|
||||||
DirContext ctx = null;
|
DirContext ctx = null;
|
||||||
|
|
||||||
|
@ -81,9 +86,10 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
LdapUtils.closeContext(ctx);
|
LdapUtils.closeContext(ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testBindAsManagerSucceeds() throws Exception {
|
public void testBindAsManagerSucceeds() throws Exception {
|
||||||
idf.setManagerPassword("bobspassword");
|
idf.setManagerPassword("bobspassword");
|
||||||
idf.setManagerDn("uid=bob,ou=people,dc=acegisecurity,dc=org");
|
idf.setManagerDn("uid=bob,ou=people,dc=springframework,dc=org");
|
||||||
|
|
||||||
DirContext ctx = idf.newInitialDirContext();
|
DirContext ctx = idf.newInitialDirContext();
|
||||||
// Can't rely on this property being there with embedded server
|
// Can't rely on this property being there with embedded server
|
||||||
|
@ -91,14 +97,16 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
ctx.close();
|
ctx.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testConnectionAsSpecificUserSucceeds() throws Exception {
|
public void testConnectionAsSpecificUserSucceeds() throws Exception {
|
||||||
DirContext ctx = idf.newInitialDirContext("uid=Bob,ou=people,dc=acegisecurity,dc=org", "bobspassword");
|
DirContext ctx = idf.newInitialDirContext("uid=Bob,ou=people,dc=springframework,dc=org", "bobspassword");
|
||||||
// We don't want pooling for specific users.
|
// We don't want pooling for specific users.
|
||||||
// assertNull(ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
|
// assertNull(ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
|
||||||
// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
||||||
ctx.close();
|
ctx.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testConnectionFailure() throws Exception {
|
public void testConnectionFailure() throws Exception {
|
||||||
// Use the wrong port
|
// Use the wrong port
|
||||||
idf = new DefaultInitialDirContextFactory("ldap://localhost:60389");
|
idf = new DefaultInitialDirContextFactory("ldap://localhost:60389");
|
||||||
|
@ -115,6 +123,7 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
} catch (UncategorizedLdapException expected) {}
|
} catch (UncategorizedLdapException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testEnvironment() {
|
public void testEnvironment() {
|
||||||
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
|
idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
|
||||||
|
|
||||||
|
@ -144,9 +153,9 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
assertEquals("extravarvalue", env.get("extravar"));
|
assertEquals("extravarvalue", env.get("extravar"));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testInvalidPasswordCausesBadCredentialsException()
|
@Test
|
||||||
throws Exception {
|
public void testInvalidPasswordCausesBadCredentialsException() throws Exception {
|
||||||
idf.setManagerDn("uid=bob,ou=people,dc=acegisecurity,dc=org");
|
idf.setManagerDn("uid=bob,ou=people,dc=springframework,dc=org");
|
||||||
idf.setManagerPassword("wrongpassword");
|
idf.setManagerPassword("wrongpassword");
|
||||||
|
|
||||||
DirContext ctx = null;
|
DirContext ctx = null;
|
||||||
|
@ -159,28 +168,31 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
LdapUtils.closeContext(ctx);
|
LdapUtils.closeContext(ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testMultipleProviderUrlsAreAccepted() {
|
public void testMultipleProviderUrlsAreAccepted() {
|
||||||
idf = new DefaultInitialDirContextFactory("ldaps://security.org/dc=acegisecurity,dc=org "
|
idf = new DefaultInitialDirContextFactory("ldaps://security.org/dc=springframework,dc=org "
|
||||||
+ "ldap://monkeymachine.co.uk/dc=acegisecurity,dc=org");
|
+ "ldap://monkeymachine.co.uk/dc=springframework,dc=org");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testMultipleProviderUrlsWithDifferentRootsAreRejected() {
|
public void testMultipleProviderUrlsWithDifferentRootsAreRejected() {
|
||||||
try {
|
try {
|
||||||
idf = new DefaultInitialDirContextFactory("ldap://security.org/dc=acegisecurity,dc=org "
|
idf = new DefaultInitialDirContextFactory("ldap://security.org/dc=springframework,dc=org "
|
||||||
+ "ldap://monkeymachine.co.uk/dc=someotherplace,dc=org");
|
+ "ldap://monkeymachine.co.uk/dc=someotherplace,dc=org");
|
||||||
fail("Different root DNs should cause an exception");
|
fail("Different root DNs should cause an exception");
|
||||||
} catch (IllegalArgumentException expected) {}
|
} catch (IllegalArgumentException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testSecureLdapUrlIsSupported() {
|
public void testSecureLdapUrlIsSupported() {
|
||||||
idf = new DefaultInitialDirContextFactory("ldaps://localhost/dc=acegisecurity,dc=org");
|
idf = new DefaultInitialDirContextFactory("ldaps://localhost/dc=springframework,dc=org");
|
||||||
assertEquals("dc=acegisecurity,dc=org", idf.getRootDn());
|
assertEquals("dc=springframework,dc=org", idf.getRootDn());
|
||||||
}
|
}
|
||||||
|
|
||||||
// public void testNonLdapUrlIsRejected() throws Exception {
|
// public void testNonLdapUrlIsRejected() throws Exception {
|
||||||
// DefaultInitialDirContextFactory idf = new DefaultInitialDirContextFactory();
|
// DefaultInitialDirContextFactory idf = new DefaultInitialDirContextFactory();
|
||||||
//
|
//
|
||||||
// idf.setUrl("http://security.org/dc=acegisecurity,dc=org");
|
// idf.setUrl("http://security.org/dc=springframework,dc=org");
|
||||||
// idf.setInitialContextFactory(CoreContextFactory.class.getName());
|
// idf.setInitialContextFactory(CoreContextFactory.class.getName());
|
||||||
//
|
//
|
||||||
// try {
|
// try {
|
||||||
|
@ -189,8 +201,9 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
|
||||||
// } catch(IllegalArgumentException expected) {
|
// } catch(IllegalArgumentException expected) {
|
||||||
// }
|
// }
|
||||||
// }
|
// }
|
||||||
|
@Test
|
||||||
public void testServiceLocationUrlIsSupported() {
|
public void testServiceLocationUrlIsSupported() {
|
||||||
idf = new DefaultInitialDirContextFactory("ldap:///dc=acegisecurity,dc=org");
|
idf = new DefaultInitialDirContextFactory("ldap:///dc=springframework,dc=org");
|
||||||
assertEquals("dc=acegisecurity,dc=org", idf.getRootDn());
|
assertEquals("dc=springframework,dc=org", idf.getRootDn());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,144 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2005-2007 the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.springframework.security.ldap;
|
|
||||||
|
|
||||||
import java.util.Properties;
|
|
||||||
|
|
||||||
import javax.naming.Binding;
|
|
||||||
import javax.naming.Context;
|
|
||||||
import javax.naming.ContextNotEmptyException;
|
|
||||||
import javax.naming.InitialContext;
|
|
||||||
import javax.naming.Name;
|
|
||||||
import javax.naming.NamingEnumeration;
|
|
||||||
import javax.naming.NamingException;
|
|
||||||
import javax.naming.NameNotFoundException;
|
|
||||||
import javax.naming.directory.DirContext;
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.apache.directory.server.core.configuration.ShutdownConfiguration;
|
|
||||||
import org.apache.directory.server.jndi.ServerContextFactory;
|
|
||||||
import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
|
|
||||||
|
|
||||||
import org.springframework.beans.factory.DisposableBean;
|
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
|
||||||
import org.springframework.ldap.core.ContextSource;
|
|
||||||
import org.springframework.ldap.core.DistinguishedName;
|
|
||||||
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
|
|
||||||
import org.springframework.core.io.Resource;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Utility class to initialize the apache directory server for use in the integration tests.
|
|
||||||
*
|
|
||||||
* @author Mattias Arthursson
|
|
||||||
* @author Luke Taylor (borrowed from Spring Ldap project).
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class LdapServerManager implements DisposableBean, InitializingBean {
|
|
||||||
private static Log log = LogFactory.getLog(LdapServerManager.class);
|
|
||||||
|
|
||||||
private ContextSource contextSource;
|
|
||||||
private Resource ldifFile;
|
|
||||||
|
|
||||||
public void setContextSource(ContextSource contextSource) {
|
|
||||||
this.contextSource = contextSource;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void destroy() throws Exception {
|
|
||||||
Properties env = new Properties();
|
|
||||||
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
|
|
||||||
ServerContextFactory.class.getName());
|
|
||||||
env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
|
|
||||||
env.setProperty(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
|
|
||||||
env.setProperty(Context.SECURITY_CREDENTIALS, "secret");
|
|
||||||
|
|
||||||
ShutdownConfiguration configuration = new ShutdownConfiguration();
|
|
||||||
env.putAll(configuration.toJndiEnvironment());
|
|
||||||
|
|
||||||
new InitialContext(env);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
|
||||||
if (ldifFile != null) {
|
|
||||||
cleanAndSetup(ldifFile.getFile().getAbsolutePath());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setLdifFile(Resource ldifFile) {
|
|
||||||
this.ldifFile = ldifFile;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void cleanAndSetup(String ldifFile) throws Exception {
|
|
||||||
DirContext ctx = contextSource.getReadWriteContext();
|
|
||||||
|
|
||||||
// First of all, make sure the database is empty.
|
|
||||||
Name startingPoint = null;
|
|
||||||
|
|
||||||
// Different test cases have different base paths. This means that the
|
|
||||||
// starting point will be different.
|
|
||||||
if (ctx.getEnvironment().get(
|
|
||||||
DefaultDirObjectFactory.JNDI_ENV_BASE_PATH_KEY) != null) {
|
|
||||||
startingPoint = DistinguishedName.EMPTY_PATH;
|
|
||||||
} else {
|
|
||||||
startingPoint = new DistinguishedName("dc=acegisecurity,dc=org");
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
log.info("Cleaning all present data.");
|
|
||||||
clearSubContexts(ctx, startingPoint);
|
|
||||||
// Load the ldif to the recently started server
|
|
||||||
log.info("Loading setup data");
|
|
||||||
LdifFileLoader loader = new LdifFileLoader(ctx, ldifFile);
|
|
||||||
loader.execute();
|
|
||||||
} finally {
|
|
||||||
ctx.close();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void clearSubContexts(DirContext ctx, Name name) throws NamingException {
|
|
||||||
|
|
||||||
NamingEnumeration enumeration = null;
|
|
||||||
try {
|
|
||||||
enumeration = ctx.listBindings(name);
|
|
||||||
while (enumeration.hasMore()) {
|
|
||||||
Binding element = (Binding) enumeration.next();
|
|
||||||
DistinguishedName childName = new DistinguishedName(element.getName());
|
|
||||||
childName.prepend((DistinguishedName) name);
|
|
||||||
|
|
||||||
try {
|
|
||||||
ctx.destroySubcontext(childName);
|
|
||||||
} catch (ContextNotEmptyException e) {
|
|
||||||
clearSubContexts(ctx, childName);
|
|
||||||
ctx.destroySubcontext(childName);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch(NameNotFoundException ignored) {
|
|
||||||
}
|
|
||||||
catch (NamingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
} finally {
|
|
||||||
try {
|
|
||||||
enumeration.close();
|
|
||||||
} catch (Exception e) {
|
|
||||||
// Never mind this
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -45,9 +45,9 @@ public class LdapUtilsTests extends MockObjectTestCase {
|
||||||
throws Exception {
|
throws Exception {
|
||||||
Mock mockCtx = mock(DirContext.class);
|
Mock mockCtx = mock(DirContext.class);
|
||||||
|
|
||||||
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=acegisecurity,dc=org"));
|
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=springframework,dc=org"));
|
||||||
|
|
||||||
assertEquals("", LdapUtils.getRelativeName("dc=acegisecurity,dc=org", (Context) mockCtx.proxy()));
|
assertEquals("", LdapUtils.getRelativeName("dc=springframework,dc=org", (Context) mockCtx.proxy()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testGetRelativeNameReturnsFullDnWithEmptyBaseName()
|
public void testGetRelativeNameReturnsFullDnWithEmptyBaseName()
|
||||||
|
@ -56,8 +56,8 @@ public class LdapUtilsTests extends MockObjectTestCase {
|
||||||
|
|
||||||
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue(""));
|
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue(""));
|
||||||
|
|
||||||
assertEquals("cn=jane,dc=acegisecurity,dc=org",
|
assertEquals("cn=jane,dc=springframework,dc=org",
|
||||||
LdapUtils.getRelativeName("cn=jane,dc=acegisecurity,dc=org", (Context) mockCtx.proxy()));
|
LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", (Context) mockCtx.proxy()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testGetRelativeNameWorksWithArbitrarySpaces()
|
public void testGetRelativeNameWorksWithArbitrarySpaces()
|
||||||
|
@ -74,12 +74,12 @@ public class LdapUtilsTests extends MockObjectTestCase {
|
||||||
assertEquals("", LdapUtils.parseRootDnFromUrl("ldap://monkeymachine"));
|
assertEquals("", LdapUtils.parseRootDnFromUrl("ldap://monkeymachine"));
|
||||||
assertEquals("", LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/"));
|
assertEquals("", LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/"));
|
||||||
assertEquals("", LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/"));
|
assertEquals("", LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/"));
|
||||||
assertEquals("dc=acegisecurity,dc=org",
|
assertEquals("dc=springframework,dc=org",
|
||||||
LdapUtils.parseRootDnFromUrl("ldaps://monkeymachine.co.uk/dc=acegisecurity,dc=org"));
|
LdapUtils.parseRootDnFromUrl("ldaps://monkeymachine.co.uk/dc=springframework,dc=org"));
|
||||||
assertEquals("dc=acegisecurity,dc=org", LdapUtils.parseRootDnFromUrl("ldap:///dc=acegisecurity,dc=org"));
|
assertEquals("dc=springframework,dc=org", LdapUtils.parseRootDnFromUrl("ldap:///dc=springframework,dc=org"));
|
||||||
assertEquals("dc=acegisecurity,dc=org",
|
assertEquals("dc=springframework,dc=org",
|
||||||
LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/dc=acegisecurity,dc=org"));
|
LdapUtils.parseRootDnFromUrl("ldap://monkeymachine/dc=springframework,dc=org"));
|
||||||
assertEquals("dc=acegisecurity,dc=org/ou=blah",
|
assertEquals("dc=springframework,dc=org/ou=blah",
|
||||||
LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/dc=acegisecurity,dc=org/ou=blah"));
|
LdapUtils.parseRootDnFromUrl("ldap://monkeymachine.co.uk/dc=springframework,dc=org/ou=blah"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,13 +17,14 @@ package org.springframework.security.ldap;
|
||||||
|
|
||||||
import org.springframework.ldap.UncategorizedLdapException;
|
import org.springframework.ldap.UncategorizedLdapException;
|
||||||
import org.springframework.ldap.core.ContextExecutor;
|
import org.springframework.ldap.core.ContextExecutor;
|
||||||
|
import org.junit.Test;
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import javax.naming.NamingException;
|
import javax.naming.NamingException;
|
||||||
import javax.naming.directory.DirContext;
|
import javax.naming.directory.DirContext;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
|
@ -35,35 +36,43 @@ public class SpringSecurityLdapTemplateTests extends AbstractLdapIntegrationTest
|
||||||
|
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
protected void onSetUp() throws Exception {
|
public void onSetUp() throws Exception {
|
||||||
super.onSetUp();
|
super.onSetUp();
|
||||||
|
|
||||||
template = new SpringSecurityLdapTemplate(getContextSource());
|
template = new SpringSecurityLdapTemplate(getContextSource());
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testCompareOfCorrectByteValueSucceeds() {
|
@Test
|
||||||
assertTrue(template.compare("uid=bob,ou=people,dc=acegisecurity,dc=org", "userPassword", LdapUtils.getUtf8Bytes("bobspassword")));
|
|
||||||
}
|
|
||||||
|
|
||||||
public void testCompareOfCorrectValueSucceeds() {
|
public void testCompareOfCorrectValueSucceeds() {
|
||||||
assertTrue(template.compare("uid=bob,ou=people,dc=acegisecurity,dc=org", "uid", "bob"));
|
assertTrue(template.compare("uid=bob,ou=people,dc=springframework,dc=org", "uid", "bob"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testCompareOfCorrectByteValueSucceeds() {
|
||||||
|
assertTrue(template.compare("uid=bob,ou=people,dc=springframework,dc=org", "userPassword", LdapUtils.getUtf8Bytes("bobspassword")));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testCompareOfWrongByteValueFails() {
|
public void testCompareOfWrongByteValueFails() {
|
||||||
assertFalse(template.compare("uid=bob,ou=people,dc=acegisecurity,dc=org", "userPassword", LdapUtils.getUtf8Bytes("wrongvalue")));
|
assertFalse(template.compare("uid=bob,ou=people,dc=springframework,dc=org", "userPassword", LdapUtils.getUtf8Bytes("wrongvalue")));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testCompareOfWrongValueFails() {
|
public void testCompareOfWrongValueFails() {
|
||||||
assertFalse(template.compare("uid=bob,ou=people,dc=acegisecurity,dc=org", "uid", "wrongvalue"));
|
assertFalse(template.compare("uid=bob,ou=people,dc=springframework,dc=org", "uid", "wrongvalue"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testNameExistsForInValidNameFails() {
|
public void testNameExistsForInValidNameFails() {
|
||||||
assertFalse(template.nameExists("ou=doesntexist,dc=acegisecurity,dc=org"));
|
assertFalse(template.nameExists("ou=doesntexist,dc=springframework,dc=org"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testNameExistsForValidNameSucceeds() {
|
public void testNameExistsForValidNameSucceeds() {
|
||||||
assertTrue(template.nameExists("ou=groups,dc=acegisecurity,dc=org"));
|
assertTrue(template.nameExists("ou=groups,dc=springframework,dc=org"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testNamingExceptionIsTranslatedCorrectly() {
|
public void testNamingExceptionIsTranslatedCorrectly() {
|
||||||
try {
|
try {
|
||||||
template.executeReadOnly(new ContextExecutor() {
|
template.executeReadOnly(new ContextExecutor() {
|
||||||
|
@ -75,8 +84,9 @@ public class SpringSecurityLdapTemplateTests extends AbstractLdapIntegrationTest
|
||||||
} catch (UncategorizedLdapException expected) {}
|
} catch (UncategorizedLdapException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testRoleSearchReturnsCorrectNumberOfRoles() {
|
public void testRoleSearchReturnsCorrectNumberOfRoles() {
|
||||||
String param = "uid=ben,ou=people,dc=acegisecurity,dc=org";
|
String param = "uid=ben,ou=people,dc=springframework,dc=org";
|
||||||
|
|
||||||
Set values = template.searchForSingleAttributeValues("ou=groups", "(member={0})", new String[] {param}, "ou");
|
Set values = template.searchForSingleAttributeValues("ou=groups", "(member={0})", new String[] {param}, "ou");
|
||||||
|
|
||||||
|
@ -86,8 +96,9 @@ public class SpringSecurityLdapTemplateTests extends AbstractLdapIntegrationTest
|
||||||
assertTrue(values.contains("submanager"));
|
assertTrue(values.contains("submanager"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testRoleSearchForMissingAttributeFailsGracefully() {
|
public void testRoleSearchForMissingAttributeFailsGracefully() {
|
||||||
String param = "uid=ben,ou=people,dc=acegisecurity,dc=org";
|
String param = "uid=ben,ou=people,dc=springframework,dc=org";
|
||||||
|
|
||||||
Set values = template.searchForSingleAttributeValues("ou=groups", "(member={0})", new String[] {param}, "mail");
|
Set values = template.searchForSingleAttributeValues("ou=groups", "(member={0})", new String[] {param}, "mail");
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,9 @@ import org.springframework.security.userdetails.UsernameNotFoundException;
|
||||||
|
|
||||||
import org.springframework.dao.IncorrectResultSizeDataAccessException;
|
import org.springframework.dao.IncorrectResultSizeDataAccessException;
|
||||||
import org.springframework.ldap.core.DirContextOperations;
|
import org.springframework.ldap.core.DirContextOperations;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests for FilterBasedLdapUserSearch.
|
* Tests for FilterBasedLdapUserSearch.
|
||||||
|
@ -42,6 +44,7 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||||
dirCtxFactory = (DefaultInitialDirContextFactory) getContextSource();
|
dirCtxFactory = (DefaultInitialDirContextFactory) getContextSource();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testBasicSearch() {
|
public void testBasicSearch() {
|
||||||
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", dirCtxFactory);
|
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", dirCtxFactory);
|
||||||
locator.setSearchSubtree(false);
|
locator.setSearchSubtree(false);
|
||||||
|
@ -52,10 +55,11 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||||
assertEquals("bob", bob.getStringAttribute("uid"));
|
assertEquals("bob", bob.getStringAttribute("uid"));
|
||||||
|
|
||||||
// name is wrong with embedded apacheDS
|
// name is wrong with embedded apacheDS
|
||||||
// assertEquals("uid=bob,ou=people,dc=acegisecurity,dc=org", bob.getDn());
|
// assertEquals("uid=bob,ou=people,dc=springframework,dc=org", bob.getDn());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Try some funny business with filters.
|
// Try some funny business with filters.
|
||||||
|
@Test
|
||||||
public void testExtraFilterPartToExcludeBob() throws Exception {
|
public void testExtraFilterPartToExcludeBob() throws Exception {
|
||||||
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
|
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people",
|
||||||
"(&(cn=*)(!(|(uid={0})(uid=marissa))))", dirCtxFactory);
|
"(&(cn=*)(!(|(uid={0})(uid=marissa))))", dirCtxFactory);
|
||||||
|
@ -67,6 +71,7 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||||
// assertEquals("uid=ben,ou=people,"+ROOT_DN, ben.getDn());
|
// assertEquals("uid=ben,ou=people,"+ROOT_DN, ben.getDn());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testFailsOnMultipleMatches() {
|
public void testFailsOnMultipleMatches() {
|
||||||
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(cn=*)", dirCtxFactory);
|
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(cn=*)", dirCtxFactory);
|
||||||
|
|
||||||
|
@ -76,6 +81,7 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||||
} catch (IncorrectResultSizeDataAccessException expected) {}
|
} catch (IncorrectResultSizeDataAccessException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testSearchForInvalidUserFails() {
|
public void testSearchForInvalidUserFails() {
|
||||||
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", dirCtxFactory);
|
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", dirCtxFactory);
|
||||||
|
|
||||||
|
@ -85,6 +91,7 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||||
} catch (UsernameNotFoundException expected) {}
|
} catch (UsernameNotFoundException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testSubTreeSearchSucceeds() {
|
public void testSubTreeSearchSucceeds() {
|
||||||
// Don't set the searchBase, so search from the root.
|
// Don't set the searchBase, so search from the root.
|
||||||
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("", "(cn={0})", dirCtxFactory);
|
FilterBasedLdapUserSearch locator = new FilterBasedLdapUserSearch("", "(cn={0})", dirCtxFactory);
|
||||||
|
@ -93,7 +100,7 @@ public class FilterBasedLdapUserSearchTests extends AbstractLdapIntegrationTests
|
||||||
DirContextOperations ben = locator.searchForUser("Ben Alex");
|
DirContextOperations ben = locator.searchForUser("Ben Alex");
|
||||||
assertEquals("ben", ben.getStringAttribute("uid"));
|
assertEquals("ben", ben.getStringAttribute("uid"));
|
||||||
|
|
||||||
// assertEquals("uid=ben,ou=people,dc=acegisecurity,dc=org", ben.getDn());
|
// assertEquals("uid=ben,ou=people,dc=springframework,dc=org", ben.getDn());
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Add test with non-uid username
|
// TODO: Add test with non-uid username
|
||||||
|
|
|
@ -140,12 +140,12 @@ public class LdapAuthenticationProviderTests extends TestCase {
|
||||||
|
|
||||||
|
|
||||||
if (username.equals("ben") && password.equals("benspassword")) {
|
if (username.equals("ben") && password.equals("benspassword")) {
|
||||||
ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=acegisecurity,dc=org"));
|
ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org"));
|
||||||
ctx.setAttributeValue("userPassword","{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
|
ctx.setAttributeValue("userPassword","{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
|
||||||
|
|
||||||
return ctx;
|
return ctx;
|
||||||
} else if (username.equals("jen") && password.equals("")) {
|
} else if (username.equals("jen") && password.equals("")) {
|
||||||
ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=acegisecurity,dc=org"));
|
ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org"));
|
||||||
|
|
||||||
return ctx;
|
return ctx;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,8 @@ import org.springframework.ldap.core.DirContextAdapter;
|
||||||
import org.springframework.ldap.core.DistinguishedName;
|
import org.springframework.ldap.core.DistinguishedName;
|
||||||
import org.springframework.ldap.core.DirContextOperations;
|
import org.springframework.ldap.core.DirContextOperations;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests for {@link BindAuthenticator}.
|
* Tests for {@link BindAuthenticator}.
|
||||||
|
@ -52,6 +54,7 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testAuthenticationWithCorrectPasswordSucceeds() {
|
public void testAuthenticationWithCorrectPasswordSucceeds() {
|
||||||
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
|
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
|
||||||
|
|
||||||
|
@ -59,6 +62,7 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||||
assertEquals("bob", user.getStringAttribute("uid"));
|
assertEquals("bob", user.getStringAttribute("uid"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testAuthenticationWithInvalidUserNameFails() {
|
public void testAuthenticationWithInvalidUserNameFails() {
|
||||||
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
|
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
|
||||||
|
|
||||||
|
@ -68,14 +72,16 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||||
} catch (BadCredentialsException expected) {}
|
} catch (BadCredentialsException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testAuthenticationWithUserSearch() throws Exception {
|
public void testAuthenticationWithUserSearch() throws Exception {
|
||||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=bob,ou=people,dc=acegisecurity,dc=org"));
|
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=bob,ou=people,dc=springframework,dc=org"));
|
||||||
|
|
||||||
authenticator.setUserSearch(new MockUserSearch(ctx));
|
authenticator.setUserSearch(new MockUserSearch(ctx));
|
||||||
authenticator.afterPropertiesSet();
|
authenticator.afterPropertiesSet();
|
||||||
authenticator.authenticate(bob);
|
authenticator.authenticate(bob);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testAuthenticationWithWrongPasswordFails() {
|
public void testAuthenticationWithWrongPasswordFails() {
|
||||||
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
|
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
|
||||||
|
|
||||||
|
@ -85,6 +91,7 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||||
} catch (BadCredentialsException expected) {}
|
} catch (BadCredentialsException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testUserDnPatternReturnsCorrectDn() {
|
public void testUserDnPatternReturnsCorrectDn() {
|
||||||
authenticator.setUserDnPatterns(new String[] {"cn={0},ou=people"});
|
authenticator.setUserDnPatterns(new String[] {"cn={0},ou=people"});
|
||||||
assertEquals("cn=Joe,ou=people," + ((InitialDirContextFactory)getContextSource()).getRootDn(), authenticator.getUserDns("Joe").get(0));
|
assertEquals("cn=Joe,ou=people," + ((InitialDirContextFactory)getContextSource()).getRootDn(), authenticator.getUserDns("Joe").get(0));
|
||||||
|
|
|
@ -41,12 +41,12 @@ public class PasswordComparisonAuthenticatorMockTests extends MockObjectTestCase
|
||||||
attrs.put(new BasicAttribute("uid", "bob"));
|
attrs.put(new BasicAttribute("uid", "bob"));
|
||||||
|
|
||||||
PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(new MockInitialDirContextFactory(
|
PasswordComparisonAuthenticator authenticator = new PasswordComparisonAuthenticator(new MockInitialDirContextFactory(
|
||||||
(DirContext) mockCtx.proxy(), "dc=acegisecurity,dc=org"));
|
(DirContext) mockCtx.proxy(), "dc=springframework,dc=org"));
|
||||||
|
|
||||||
authenticator.setUserDnPatterns(new String[] {"cn={0},ou=people"});
|
authenticator.setUserDnPatterns(new String[] {"cn={0},ou=people"});
|
||||||
|
|
||||||
// Get the mock to return an empty attribute set
|
// Get the mock to return an empty attribute set
|
||||||
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=acegisecurity,dc=org"));
|
mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=springframework,dc=org"));
|
||||||
mockCtx.expects(once()).method("lookup").with(eq("cn=Bob, ou=people")).will(returnValue(true));
|
mockCtx.expects(once()).method("lookup").with(eq("cn=Bob, ou=people")).will(returnValue(true));
|
||||||
mockCtx.expects(once()).method("getAttributes").with(eq("cn=Bob, ou=people"), NULL)
|
mockCtx.expects(once()).method("getAttributes").with(eq("cn=Bob, ou=people"), NULL)
|
||||||
.will(returnValue(attrs));
|
.will(returnValue(attrs));
|
||||||
|
|
|
@ -29,6 +29,8 @@ import org.springframework.ldap.core.DirContextAdapter;
|
||||||
import org.springframework.ldap.core.DistinguishedName;
|
import org.springframework.ldap.core.DistinguishedName;
|
||||||
import org.springframework.ldap.core.DirContextOperations;
|
import org.springframework.ldap.core.DirContextOperations;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests for {@link PasswordComparisonAuthenticator}.
|
* Tests for {@link PasswordComparisonAuthenticator}.
|
||||||
|
@ -53,17 +55,14 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
||||||
}
|
}
|
||||||
|
|
||||||
public void onTearDown() throws Exception {
|
@Test
|
||||||
super.onTearDown();
|
|
||||||
// com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void testAllAttributesAreRetrievedByDefault() {
|
public void testAllAttributesAreRetrievedByDefault() {
|
||||||
DirContextAdapter user = (DirContextAdapter) authenticator.authenticate(bob);
|
DirContextAdapter user = (DirContextAdapter) authenticator.authenticate(bob);
|
||||||
//System.out.println(user.getAttributes().toString());
|
//System.out.println(user.getAttributes().toString());
|
||||||
assertEquals("User should have 5 attributes", 5, user.getAttributes().size());
|
assertEquals("User should have 5 attributes", 5, user.getAttributes().size());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testFailedSearchGivesUserNotFoundException() throws Exception {
|
public void testFailedSearchGivesUserNotFoundException() throws Exception {
|
||||||
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
|
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
|
||||||
assertTrue("User DN matches shouldn't be available", authenticator.getUserDns("Bob").isEmpty());
|
assertTrue("User DN matches shouldn't be available", authenticator.getUserDns("Bob").isEmpty());
|
||||||
|
@ -76,11 +75,13 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
} catch (UsernameNotFoundException expected) {}
|
} catch (UsernameNotFoundException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLocalComparisonSucceedsWithShaEncodedPassword() {
|
public void testLocalComparisonSucceedsWithShaEncodedPassword() {
|
||||||
// Ben's password is SHA encoded
|
// Ben's password is SHA encoded
|
||||||
authenticator.authenticate(ben);
|
authenticator.authenticate(ben);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLocalPasswordComparisonFailsWithWrongPassword() {
|
public void testLocalPasswordComparisonFailsWithWrongPassword() {
|
||||||
try {
|
try {
|
||||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
|
authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
|
||||||
|
@ -88,7 +89,7 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
} catch (BadCredentialsException expected) {}
|
} catch (BadCredentialsException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLdapPasswordCompareFailsWithWrongPassword() {
|
public void testLdapPasswordCompareFailsWithWrongPassword() {
|
||||||
// Don't retrieve the password
|
// Don't retrieve the password
|
||||||
authenticator.setUserAttributes(new String[] {"uid", "cn", "sn"});
|
authenticator.setUserAttributes(new String[] {"uid", "cn", "sn"});
|
||||||
|
@ -99,6 +100,7 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLocalPasswordComparisonSucceedsWithCorrectPassword() {
|
public void testLocalPasswordComparisonSucceedsWithCorrectPassword() {
|
||||||
DirContextOperations user = authenticator.authenticate(bob);
|
DirContextOperations user = authenticator.authenticate(bob);
|
||||||
// check username is retrieved.
|
// check username is retrieved.
|
||||||
|
@ -107,11 +109,13 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
assertEquals("bobspassword", password);
|
assertEquals("bobspassword", password);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testMultipleDnPatternsWorkOk() {
|
public void testMultipleDnPatternsWorkOk() {
|
||||||
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=nonexistent", "uid={0},ou=people"});
|
authenticator.setUserDnPatterns(new String[] {"uid={0},ou=nonexistent", "uid={0},ou=people"});
|
||||||
authenticator.authenticate(bob);
|
authenticator.authenticate(bob);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testOnlySpecifiedAttributesAreRetrieved() throws Exception {
|
public void testOnlySpecifiedAttributesAreRetrieved() throws Exception {
|
||||||
authenticator.setUserAttributes(new String[] {"uid", "userPassword"});
|
authenticator.setUserAttributes(new String[] {"uid", "userPassword"});
|
||||||
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
|
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
|
||||||
|
@ -120,6 +124,7 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
assertEquals("Should have retrieved 2 attribute (uid, userPassword)", 2, user.getAttributes().size());
|
assertEquals("Should have retrieved 2 attribute (uid, userPassword)", 2, user.getAttributes().size());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLdapCompareSucceedsWithCorrectPassword() {
|
public void testLdapCompareSucceedsWithCorrectPassword() {
|
||||||
// Don't retrieve the password
|
// Don't retrieve the password
|
||||||
authenticator.setUserAttributes(new String[] {"uid"});
|
authenticator.setUserAttributes(new String[] {"uid"});
|
||||||
|
@ -128,12 +133,14 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
authenticator.authenticate(bob);
|
authenticator.authenticate(bob);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLdapCompareSucceedsWithShaEncodedPassword() {
|
public void testLdapCompareSucceedsWithShaEncodedPassword() {
|
||||||
// Don't retrieve the password
|
// Don't retrieve the password
|
||||||
authenticator.setUserAttributes(new String[] {"uid"});
|
authenticator.setUserAttributes(new String[] {"uid"});
|
||||||
authenticator.authenticate(ben);
|
authenticator.authenticate(ben);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testPasswordEncoderCantBeNull() {
|
public void testPasswordEncoderCantBeNull() {
|
||||||
try {
|
try {
|
||||||
authenticator.setPasswordEncoder(null);
|
authenticator.setPasswordEncoder(null);
|
||||||
|
@ -141,11 +148,13 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
} catch (IllegalArgumentException expected) {}
|
} catch (IllegalArgumentException expected) {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testUseOfDifferentPasswordAttributeSucceeds() {
|
public void testUseOfDifferentPasswordAttributeSucceeds() {
|
||||||
authenticator.setPasswordAttributeName("uid");
|
authenticator.setPasswordAttributeName("uid");
|
||||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "bob"));
|
authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "bob"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
|
public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
|
||||||
authenticator.setUserAttributes(new String[] {"uid"});
|
authenticator.setUserAttributes(new String[] {"uid"});
|
||||||
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
|
authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
|
||||||
|
@ -153,11 +162,12 @@ public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegratio
|
||||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
|
authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testWithUserSearch() {
|
public void testWithUserSearch() {
|
||||||
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
|
authenticator = new PasswordComparisonAuthenticator((InitialDirContextFactory) getContextSource());
|
||||||
assertTrue("User DN matches shouldn't be available", authenticator.getUserDns("Bob").isEmpty());
|
assertTrue("User DN matches shouldn't be available", authenticator.getUserDns("Bob").isEmpty());
|
||||||
|
|
||||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people,dc=acegisecurity,dc=org"));
|
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people,dc=springframework,dc=org"));
|
||||||
ctx.setAttributeValue("userPassword", "bobspassword");
|
ctx.setAttributeValue("userPassword", "bobspassword");
|
||||||
|
|
||||||
authenticator.setUserSearch(new MockUserSearch(ctx));
|
authenticator.setUserSearch(new MockUserSearch(ctx));
|
||||||
|
|
|
@ -26,9 +26,11 @@ import org.springframework.ldap.core.DistinguishedName;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* DOCUMENT ME!
|
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
|
@ -37,13 +39,14 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
|
||||||
private DefaultLdapAuthoritiesPopulator populator;
|
private DefaultLdapAuthoritiesPopulator populator;
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
protected void onSetUp() throws Exception {
|
public void onSetUp() throws Exception {
|
||||||
super.onSetUp();
|
super.onSetUp();
|
||||||
|
|
||||||
populator = new DefaultLdapAuthoritiesPopulator((InitialDirContextFactory) getContextSource(), "ou=groups");
|
populator = new DefaultLdapAuthoritiesPopulator((InitialDirContextFactory) getContextSource(), "ou=groups");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testDefaultRoleIsAssignedWhenSet() {
|
public void testDefaultRoleIsAssignedWhenSet() {
|
||||||
|
|
||||||
populator.setDefaultRole("ROLE_USER");
|
populator.setDefaultRole("ROLE_USER");
|
||||||
|
@ -55,6 +58,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
|
||||||
assertEquals("ROLE_USER", authorities[0].getAuthority());
|
assertEquals("ROLE_USER", authorities[0].getAuthority());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testGroupSearchReturnsExpectedRoles() {
|
public void testGroupSearchReturnsExpectedRoles() {
|
||||||
populator.setRolePrefix("ROLE_");
|
populator.setRolePrefix("ROLE_");
|
||||||
populator.setGroupRoleAttribute("ou");
|
populator.setGroupRoleAttribute("ou");
|
||||||
|
@ -63,7 +67,7 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
|
||||||
populator.setConvertToUpperCase(true);
|
populator.setConvertToUpperCase(true);
|
||||||
populator.setGroupSearchFilter("(member={0})");
|
populator.setGroupSearchFilter("(member={0})");
|
||||||
|
|
||||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=acegisecurity,dc=org"));
|
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
|
||||||
|
|
||||||
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "ben");
|
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "ben");
|
||||||
|
|
||||||
|
@ -76,12 +80,13 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
|
||||||
assertTrue(roles.contains("ROLE_MANAGER"));
|
assertTrue(roles.contains("ROLE_MANAGER"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testUseOfUsernameParameterReturnsExpectedRoles() {
|
public void testUseOfUsernameParameterReturnsExpectedRoles() {
|
||||||
populator.setGroupRoleAttribute("ou");
|
populator.setGroupRoleAttribute("ou");
|
||||||
populator.setConvertToUpperCase(true);
|
populator.setConvertToUpperCase(true);
|
||||||
populator.setGroupSearchFilter("(ou={1})");
|
populator.setGroupSearchFilter("(ou={1})");
|
||||||
|
|
||||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=acegisecurity,dc=org"));
|
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
|
||||||
|
|
||||||
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager");
|
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager");
|
||||||
|
|
||||||
|
@ -89,11 +94,12 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
|
||||||
assertEquals("ROLE_MANAGER", authorities[0].getAuthority());
|
assertEquals("ROLE_MANAGER", authorities[0].getAuthority());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testSubGroupRolesAreNotFoundByDefault() {
|
public void testSubGroupRolesAreNotFoundByDefault() {
|
||||||
populator.setGroupRoleAttribute("ou");
|
populator.setGroupRoleAttribute("ou");
|
||||||
populator.setConvertToUpperCase(true);
|
populator.setConvertToUpperCase(true);
|
||||||
|
|
||||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=acegisecurity,dc=org"));
|
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
|
||||||
|
|
||||||
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager");
|
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager");
|
||||||
|
|
||||||
|
@ -105,12 +111,13 @@ public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapIntegratio
|
||||||
assertTrue(roles.contains("ROLE_DEVELOPER"));
|
assertTrue(roles.contains("ROLE_DEVELOPER"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testSubGroupRolesAreFoundWhenSubtreeSearchIsEnabled() {
|
public void testSubGroupRolesAreFoundWhenSubtreeSearchIsEnabled() {
|
||||||
populator.setGroupRoleAttribute("ou");
|
populator.setGroupRoleAttribute("ou");
|
||||||
populator.setConvertToUpperCase(true);
|
populator.setConvertToUpperCase(true);
|
||||||
populator.setSearchSubtree(true);
|
populator.setSearchSubtree(true);
|
||||||
|
|
||||||
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=acegisecurity,dc=org"));
|
DirContextAdapter ctx = new DirContextAdapter(new DistinguishedName("uid=ben,ou=people,dc=springframework,dc=org"));
|
||||||
|
|
||||||
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager");
|
GrantedAuthority[] authorities = populator.getGrantedAuthorities(ctx, "manager");
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,10 @@ import org.springframework.security.context.SecurityContextHolder;
|
||||||
|
|
||||||
import org.springframework.ldap.core.DirContextAdapter;
|
import org.springframework.ldap.core.DirContextAdapter;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
import org.junit.After;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
|
@ -36,7 +40,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
private LdapUserDetailsManager mgr;
|
private LdapUserDetailsManager mgr;
|
||||||
private SpringSecurityLdapTemplate template;
|
private SpringSecurityLdapTemplate template;
|
||||||
|
|
||||||
protected void onSetUp() throws Exception {
|
public void onSetUp() throws Exception {
|
||||||
super.onSetUp();
|
super.onSetUp();
|
||||||
mgr = new LdapUserDetailsManager(getContextSource());
|
mgr = new LdapUserDetailsManager(getContextSource());
|
||||||
template = new SpringSecurityLdapTemplate(getContextSource());
|
template = new SpringSecurityLdapTemplate(getContextSource());
|
||||||
|
@ -53,7 +57,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
|
|
||||||
group.setAttributeValue("objectclass", "groupOfNames");
|
group.setAttributeValue("objectclass", "groupOfNames");
|
||||||
group.setAttributeValue("cn", "clowns");
|
group.setAttributeValue("cn", "clowns");
|
||||||
group.setAttributeValue("member", "cn=nobody,ou=testpeople,dc=acegisecurity,dc=org");
|
group.setAttributeValue("member", "cn=nobody,ou=testpeople,dc=springframework,dc=org");
|
||||||
template.bind("cn=clowns,ou=testgroups", group, null);
|
template.bind("cn=clowns,ou=testgroups", group, null);
|
||||||
|
|
||||||
group.setAttributeValue("cn", "acrobats");
|
group.setAttributeValue("cn", "acrobats");
|
||||||
|
@ -66,8 +70,8 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
mgr.setUserDetailsMapper(new PersonContextMapper());
|
mgr.setUserDetailsMapper(new PersonContextMapper());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@After
|
||||||
protected void onTearDown() throws Exception {
|
public void onTearDown() throws Exception {
|
||||||
// Iterator people = template.list("ou=testpeople").iterator();
|
// Iterator people = template.list("ou=testpeople").iterator();
|
||||||
|
|
||||||
// DirContext rootCtx = new DirContextAdapter(new DistinguishedName(getInitialCtxFactory().getRootDn()));
|
// DirContext rootCtx = new DirContextAdapter(new DistinguishedName(getInitialCtxFactory().getRootDn()));
|
||||||
|
@ -80,9 +84,9 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
template.unbind("ou=testgroups",true);
|
template.unbind("ou=testgroups",true);
|
||||||
|
|
||||||
SecurityContextHolder.clearContext();
|
SecurityContextHolder.clearContext();
|
||||||
super.onTearDown();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLoadUserByUsernameReturnsCorrectData() {
|
public void testLoadUserByUsernameReturnsCorrectData() {
|
||||||
mgr.setUserDnBase("ou=people");
|
mgr.setUserDnBase("ou=people");
|
||||||
mgr.setGroupSearchBase("ou=groups");
|
mgr.setGroupSearchBase("ou=groups");
|
||||||
|
@ -94,6 +98,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
assertEquals(1, bob.getAuthorities().length);
|
assertEquals(1, bob.getAuthorities().length);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testLoadingInvalidUsernameThrowsUsernameNotFoundException() {
|
public void testLoadingInvalidUsernameThrowsUsernameNotFoundException() {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -104,15 +109,18 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testUserExistsReturnsTrueForValidUser() {
|
public void testUserExistsReturnsTrueForValidUser() {
|
||||||
mgr.setUserDnBase("ou=people");
|
mgr.setUserDnBase("ou=people");
|
||||||
assertTrue(mgr.userExists("bob"));
|
assertTrue(mgr.userExists("bob"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testUserExistsReturnsFalseForInValidUser() {
|
public void testUserExistsReturnsFalseForInValidUser() {
|
||||||
assertFalse(mgr.userExists("jim"));
|
assertFalse(mgr.userExists("jim"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testCreateNewUserSucceeds() {
|
public void testCreateNewUserSucceeds() {
|
||||||
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
||||||
p.setCn(new String[] {"Joe Smeth"});
|
p.setCn(new String[] {"Joe Smeth"});
|
||||||
|
@ -123,6 +131,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
mgr.createUser(p.createUserDetails());
|
mgr.createUser(p.createUserDetails());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testDeleteUserSucceeds() {
|
public void testDeleteUserSucceeds() {
|
||||||
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
||||||
p.setCn(new String[] {"Don Smeth"});
|
p.setCn(new String[] {"Don Smeth"});
|
||||||
|
@ -150,6 +159,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
assertEquals(0, mgr.getUserAuthorities(mgr.buildDn("don"), "don").length);
|
assertEquals(0, mgr.getUserAuthorities(mgr.buildDn("don"), "don").length);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testPasswordChangeWithCorrectOldPasswordSucceeds() {
|
public void testPasswordChangeWithCorrectOldPasswordSucceeds() {
|
||||||
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
||||||
p.setCn(new String[] {"John Yossarian"});
|
p.setCn(new String[] {"John Yossarian"});
|
||||||
|
@ -165,10 +175,11 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
|
||||||
|
|
||||||
mgr.changePassword("yossarianspassword", "yossariansnewpassword");
|
mgr.changePassword("yossarianspassword", "yossariansnewpassword");
|
||||||
|
|
||||||
assertTrue(template.compare("uid=johnyossarian,ou=testpeople,dc=acegisecurity,dc=org",
|
assertTrue(template.compare("uid=johnyossarian,ou=testpeople,dc=springframework,dc=org",
|
||||||
"userPassword", "yossariansnewpassword"));
|
"userPassword", "yossariansnewpassword"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
public void testPasswordChangeWithWrongOldPasswordFails() {
|
public void testPasswordChangeWithWrongOldPasswordFails() {
|
||||||
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
InetOrgPerson.Essence p = new InetOrgPerson.Essence();
|
||||||
p.setCn(new String[] {"John Yossarian"});
|
p.setCn(new String[] {"John Yossarian"});
|
||||||
|
|
|
@ -1,81 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
This context automatically starts the Apache Directory Server
|
|
||||||
and sets up the test data
|
|
||||||
-->
|
|
||||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
||||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
|
||||||
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
|
|
||||||
<!-- JNDI environment variable -->
|
|
||||||
<bean id="environment"
|
|
||||||
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
|
|
||||||
<property name="properties">
|
|
||||||
<props>
|
|
||||||
<prop key="java.naming.security.authentication">
|
|
||||||
simple
|
|
||||||
</prop>
|
|
||||||
<prop key="java.naming.security.principal">
|
|
||||||
${userDn}
|
|
||||||
</prop>
|
|
||||||
<prop key="java.naming.security.credentials">
|
|
||||||
${password}
|
|
||||||
</prop>
|
|
||||||
</props>
|
|
||||||
</property>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Note the non-standard port, in order to leave 389 unused, thus
|
|
||||||
making it easier for the integration tests requiring OpenLDAP.
|
|
||||||
-->
|
|
||||||
<bean id="configuration" class="org.apache.directory.server.configuration.MutableServerStartupConfiguration">
|
|
||||||
<property name="ldapPort" value="3999" />
|
|
||||||
<property name="contextPartitionConfigurations">
|
|
||||||
<set>
|
|
||||||
<bean class="org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration">
|
|
||||||
<property name="name" value="acegisecurity" />
|
|
||||||
<property name="suffix" value="dc=acegisecurity,dc=org" />
|
|
||||||
<property name="contextEntry">
|
|
||||||
<value>
|
|
||||||
objectClass: top
|
|
||||||
objectClass: domain
|
|
||||||
objectClass: extensibleObject
|
|
||||||
dc: acegisecurity
|
|
||||||
</value>
|
|
||||||
</property>
|
|
||||||
</bean>
|
|
||||||
</set>
|
|
||||||
</property>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="configEnvHelper" class="org.springframework.security.ldap.ConfigEnvHelper">
|
|
||||||
<constructor-arg ref="environment" />
|
|
||||||
<constructor-arg ref="configuration" />
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean name="serverContext" class="javax.naming.InitialContext">
|
|
||||||
<constructor-arg>
|
|
||||||
<bean class="org.springframework.beans.factory.config.PropertyPathFactoryBean">
|
|
||||||
<property name="targetObject" ref="configEnvHelper" />
|
|
||||||
<property name="propertyPath" value="env" />
|
|
||||||
</bean>
|
|
||||||
</constructor-arg>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean name="ldapServerManager" class="org.springframework.security.ldap.LdapServerManager">
|
|
||||||
<property name="contextSource" ref="contextSource" />
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<!-- Custom editors required to launch ApacheDS -->
|
|
||||||
<bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
|
|
||||||
<property name="customEditors">
|
|
||||||
<map>
|
|
||||||
<entry key="javax.naming.directory.Attributes">
|
|
||||||
<bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
|
|
||||||
</entry>
|
|
||||||
</map>
|
|
||||||
</property>
|
|
||||||
</bean>
|
|
||||||
</beans>
|
|
|
@ -1,34 +1,16 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:security="http://www.springframework.org/schema/security"
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||||
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
|
||||||
|
|
||||||
<import resource="classpath:/org/springframework/security/ldap/apacheDsContext.xml"/>
|
<security:ldap ldif="classpath:test-server.ldif"/>
|
||||||
|
|
||||||
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
<!--<import resource="classpath:/org/springframework/security/ldap/apacheDsContext.xml"/>-->
|
||||||
<property name="location" value="classpath:/org/springframework/security/ldap/ldapserver.properties" />
|
|
||||||
</bean>
|
|
||||||
<!--
|
|
||||||
<bean id="contextSource" class="org.springframework.ldap.core.support.DirContextSource" >
|
|
||||||
<property name="urls" value="${urls}" />
|
|
||||||
<property name="userDn" value="${userDn}" />
|
|
||||||
<property name="password" value="${password}" />
|
|
||||||
<property name="base" value="${base}" />
|
|
||||||
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
|
|
||||||
</bean>
|
|
||||||
-->
|
|
||||||
<bean id="contextSource" class="org.springframework.security.ldap.DefaultInitialDirContextFactory" >
|
|
||||||
<constructor-arg value="${fullUrl}"/>
|
|
||||||
<property name="managerDn" value="${userDn}"/>
|
|
||||||
<property name="managerPassword" value="${password}" />
|
|
||||||
<property name="useLdapContext" value="true"/>
|
|
||||||
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<!-- Here for refactoring, until we have a satisfactory context source implementation -->
|
|
||||||
<bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory" >
|
<bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory" >
|
||||||
<constructor-arg value="${fullUrl}"/>
|
<constructor-arg value="ldap://127.0.0.1:3389/dc=springframework,dc=org"/>
|
||||||
<property name="useLdapContext" value="true"/>
|
<property name="useLdapContext" value="true"/>
|
||||||
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
|
<property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
|
||||||
</bean>
|
</bean>
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
urls=ldap://127.0.0.1:3999
|
|
||||||
userDn=uid=admin,ou=system
|
|
||||||
password=secret
|
|
||||||
base=dc=acegisecurity,dc=org
|
|
||||||
fullUrl=ldap://127.0.0.1:3999/dc=acegisecurity,dc=org
|
|
|
@ -1,56 +0,0 @@
|
||||||
dn: ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
ou: groups
|
|
||||||
|
|
||||||
dn: ou=subgroups,ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
ou: subgroups
|
|
||||||
|
|
||||||
dn: ou=people,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: organizationalUnit
|
|
||||||
ou: groups
|
|
||||||
|
|
||||||
dn: uid=ben,ou=people,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: person
|
|
||||||
objectclass: organizationalPerson
|
|
||||||
objectclass: inetOrgPerson
|
|
||||||
cn: Ben Alex
|
|
||||||
sn: Alex
|
|
||||||
uid: ben
|
|
||||||
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
|
|
||||||
|
|
||||||
dn: uid=bob,ou=people,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: person
|
|
||||||
objectclass: organizationalPerson
|
|
||||||
objectclass: inetOrgPerson
|
|
||||||
cn: Bob Hamilton
|
|
||||||
sn: Hamilton
|
|
||||||
uid: bob
|
|
||||||
userPassword: bobspassword
|
|
||||||
|
|
||||||
dn: cn=developers,ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: groupOfNames
|
|
||||||
cn: developers
|
|
||||||
ou: developer
|
|
||||||
member: uid=ben,ou=people,dc=acegisecurity,dc=org
|
|
||||||
member: uid=bob,ou=people,dc=acegisecurity,dc=org
|
|
||||||
|
|
||||||
dn: cn=managers,ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: groupOfNames
|
|
||||||
cn: managers
|
|
||||||
ou: manager
|
|
||||||
member: uid=ben,ou=people,dc=acegisecurity,dc=org
|
|
||||||
|
|
||||||
dn: cn=submanagers,ou=subgroups,ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: groupOfNames
|
|
||||||
cn: submanagers
|
|
||||||
ou: submanager
|
|
||||||
member: uid=ben,ou=people,dc=acegisecurity,dc=org
|
|
|
@ -1,56 +0,0 @@
|
||||||
version: 1
|
|
||||||
dn: dc=acegisecurity,dc=org
|
|
||||||
objectClass: dcObject
|
|
||||||
objectClass: organization
|
|
||||||
dc: acegisecurity
|
|
||||||
description: Acegi Security (Test LDAP DIT)
|
|
||||||
o: Monkey Machine Ltd.
|
|
||||||
|
|
||||||
dn: ou=people,dc=acegisecurity,dc=org
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
description: All people in organisation
|
|
||||||
ou: people
|
|
||||||
|
|
||||||
dn: cn=Ben Alex,ou=people,dc=acegisecurity,dc=org
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: person
|
|
||||||
objectClass: top
|
|
||||||
cn: Ben Alex
|
|
||||||
ou:: 5a6J5YWo
|
|
||||||
sn: Alex
|
|
||||||
uid: Ben
|
|
||||||
userPassword:: e1NIQX1uRkNlYldqeGZhTGJISEcxUWs1VVU0dHJidlE9
|
|
||||||
|
|
||||||
dn: uid=bob,ou=people,dc=acegisecurity,dc=org
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: person
|
|
||||||
objectClass: top
|
|
||||||
cn: Bob Hamilton
|
|
||||||
sn: Hamilton
|
|
||||||
uid: bob
|
|
||||||
userPassword:: Ym9ic3Bhc3N3b3Jk
|
|
||||||
|
|
||||||
dn: ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectClass: top
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
ou: groups
|
|
||||||
|
|
||||||
dn: cn=developers,ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectClass: groupOfNames
|
|
||||||
objectClass: top
|
|
||||||
cn: developers
|
|
||||||
description: Acegi Security Developers
|
|
||||||
member: uid=bob,ou=people,dc=acegisecurity,dc=org
|
|
||||||
member: cn=ben alex,ou=people,dc=acegisecurity,dc=org
|
|
||||||
o: Acegi Security System for Spring
|
|
||||||
ou: developer
|
|
||||||
|
|
||||||
dn: cn=managers,ou=groups,dc=acegisecurity,dc=org
|
|
||||||
objectClass: groupOfNames
|
|
||||||
objectClass: top
|
|
||||||
cn: managers
|
|
||||||
member: cn=ben alex,ou=people,dc=acegisecurity,dc=org
|
|
||||||
ou: manager
|
|
||||||
|
|
|
@ -37,8 +37,8 @@
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
|
<bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
|
||||||
<constructor-arg value="ldap://monkeymachine.co.uk:389/dc=acegisecurity,dc=org"/>
|
<constructor-arg value="ldap://monkeymachine.co.uk:389/dc=springframework,dc=org"/>
|
||||||
<property name="managerDn" value="cn=manager,dc=acegisecurity,dc=org" />
|
<property name="managerDn" value="cn=manager,dc=springframework,dc=org" />
|
||||||
<property name="managerPassword" value="acegisecurity"/>
|
<property name="managerPassword" value="acegisecurity"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
|
|
|
@ -13,8 +13,8 @@
|
||||||
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
|
<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order -->
|
||||||
<security:authentication-mechanism id="authenticationManager">
|
<security:authentication-mechanism id="authenticationManager">
|
||||||
<security:authentication-ldap
|
<security:authentication-ldap
|
||||||
ldapUrl="ldap://monkeymachine:389/dc=acegisecurity,dc=org"
|
ldapUrl="ldap://monkeymachine:389/dc=springframework,dc=org"
|
||||||
managerDn="cn=manager,dc=acegisecurity,dc=org"
|
managerDn="cn=manager,dc=springframework,dc=org"
|
||||||
managerPassword="password" groupSearchBase="ou=groups"
|
managerPassword="password" groupSearchBase="ou=groups"
|
||||||
groupRoleAttribute="ou">
|
groupRoleAttribute="ou">
|
||||||
<security:property name="userDnPatterns">
|
<security:property name="userDnPatterns">
|
||||||
|
@ -29,9 +29,9 @@
|
||||||
<!--<bean id="initialDirContextFactory"
|
<!--<bean id="initialDirContextFactory"
|
||||||
class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
|
class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
|
||||||
<constructor-arg
|
<constructor-arg
|
||||||
value="ldap://monkeymachine:389/dc=acegisecurity,dc=org" />
|
value="ldap://monkeymachine:389/dc=springframework,dc=org" />
|
||||||
<property name="managerDn">
|
<property name="managerDn">
|
||||||
<value>cn=manager,dc=acegisecurity,dc=org</value>
|
<value>cn=manager,dc=springframework,dc=org</value>
|
||||||
</property>
|
</property>
|
||||||
<property name="managerPassword">
|
<property name="managerPassword">
|
||||||
<value>password</value>
|
<value>password</value>
|
||||||
|
|
Loading…
Reference in New Issue