DefaultLdapAuthoritiesPopulatorTests xref


1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.ldap.populator;
17  
18  import org.acegisecurity.GrantedAuthority;
19  
20  import org.acegisecurity.ldap.AbstractLdapServerTestCase;
21  
22  import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
23  
24  import java.util.HashSet;
25  import java.util.Set;
26  import java.util.Map;
27  import java.util.HashMap;
28  
29  import javax.naming.directory.BasicAttributes;
30  
31  
32  /**
33   * DOCUMENT ME!
34   *
35   * @author Luke Taylor
36   * @version $Id: DefaultLdapAuthoritiesPopulatorTests.java 1968 2007-08-28 15:26:59Z luke_t $
37   */
38  public class DefaultLdapAuthoritiesPopulatorTests extends AbstractLdapServerTestCase {
39      //~ Methods ========================================================================================================
40  
41      public void onSetUp() {
42          getInitialCtxFactory().setManagerDn(MANAGER_USER);
43          getInitialCtxFactory().setManagerPassword(MANAGER_PASSWORD);
44      }
45  
46  //    public void testUserAttributeMappingToRoles() {
47  //        DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator();
48  //        populator.setUserRoleAttributes(new String[] {"userRole", "otherUserRole"});
49  //        populator.getUserRoleAttributes();
50  //
51  //        Attributes userAttrs = new BasicAttributes();
52  //        BasicAttribute attr = new BasicAttribute("userRole", "role1");
53  //        attr.add("role2");
54  //        userAttrs.put(attr);
55  //        attr = new BasicAttribute("otherUserRole", "role3");
56  //        attr.add("role2"); // duplicate
57  //        userAttrs.put(attr);
58  //
59  //        LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
60  //        user.setDn("Ignored");
61  //        user.setUsername("Ignored");
62  //        user.setAttributes(userAttrs);
63  //
64  //        GrantedAuthority[] authorities =
65  //                populator.getGrantedAuthorities(user.createUserDetails());
66  //        assertEquals("User should have three roles", 3, authorities.length);
67  
68      //    }
69      public void testDefaultRoleIsAssignedWhenSet() {
70          DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
71                  "ou=groups");
72          populator.setDefaultRole("ROLE_USER");
73  
74          LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
75          user.setDn("cn=notfound");
76          user.setUsername("notfound");
77          user.setAttributes(new BasicAttributes());
78  
79          GrantedAuthority[] authorities = populator.getGrantedAuthorities(user.createUserDetails());
80          assertEquals(1, authorities.length);
81          assertEquals("ROLE_USER", authorities[0].getAuthority());
82      }
83  
84      public void testGroupSearchReturnsExpectedRoles() {
85          DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
86                  "ou=groups");
87          populator.setRolePrefix("ROLE_");
88          populator.setGroupRoleAttribute("ou");
89          populator.setSearchSubtree(true);
90          populator.setSearchSubtree(false);
91          populator.setConvertToUpperCase(true);
92          populator.setGroupSearchFilter("(member={0})");
93  
94          LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
95          user.setUsername("ben");
96          user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org");
97          user.setAttributes(new BasicAttributes());
98  
99          GrantedAuthority[] authorities = populator.getGrantedAuthorities(user.createUserDetails());
100 
101         assertEquals("Should have 2 roles", 2, authorities.length);
102 
103         Set roles = new HashSet();
104         roles.add(authorities[0].toString());
105         roles.add(authorities[1].toString());
106         assertTrue(roles.contains("ROLE_DEVELOPER"));
107         assertTrue(roles.contains("ROLE_MANAGER"));
108     }
109 
110     public void testUseOfUsernameParameterReturnsExpectedRoles() {
111         DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
112                 "ou=groups");
113         populator.setGroupRoleAttribute("ou");
114         populator.setConvertToUpperCase(true);
115         populator.setGroupSearchFilter("(ou={1})");
116 
117         LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
118         user.setUsername("manager");
119         user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org");
120 
121         GrantedAuthority[] authorities = populator.getGrantedAuthorities(user.createUserDetails());
122         assertEquals("Should have 1 role", 1, authorities.length);
123         assertEquals("ROLE_MANAGER", authorities[0].getAuthority());
124     }
125 
126     public void testSubGroupRolesAreNotFoundByDefault() {
127         DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
128                 "ou=groups");
129         populator.setGroupRoleAttribute("ou");
130         populator.setConvertToUpperCase(true);
131 
132         LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
133         user.setUsername("manager");
134         user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org");
135 
136         GrantedAuthority[] authorities = populator.getGrantedAuthorities(user.createUserDetails());
137         assertEquals("Should have 2 roles", 2, authorities.length);
138         Set roles = new HashSet(2);
139         roles.add(authorities[0].getAuthority());
140         roles.add(authorities[1].getAuthority());
141         assertTrue(roles.contains("ROLE_MANAGER"));
142         assertTrue(roles.contains("ROLE_DEVELOPER"));
143     }
144 
145     public void testSubGroupRolesAreFoundWhenSubtreeSearchIsEnabled() {
146         DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(getInitialCtxFactory(),
147                 "ou=groups");
148         populator.setGroupRoleAttribute("ou");
149         populator.setConvertToUpperCase(true);
150         populator.setSearchSubtree(true);
151 
152         LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
153         user.setUsername("manager");
154         user.setDn("uid=ben,ou=people,dc=acegisecurity,dc=org");
155 
156         GrantedAuthority[] authorities = populator.getGrantedAuthorities(user.createUserDetails());
157         assertEquals("Should have 3 roles", 3, authorities.length);
158         Set roles = new HashSet(3);
159         roles.add(authorities[0].getAuthority());
160         roles.add(authorities[1].getAuthority());
161         roles.add(authorities[2].getAuthority());
162         assertTrue(roles.contains("ROLE_MANAGER"));
163         assertTrue(roles.contains("ROLE_DEVELOPER"));
164         assertTrue(roles.contains("ROLE_SUBMANAGER"));
165     }
166 
167 }