1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.jndi;
21  
22  
23  import org.apache.directory.server.core.DirectoryService;
24  import org.apache.directory.server.core.entry.DefaultServerEntry;
25  import org.apache.directory.server.core.integ.CiRunner;
26  import static org.apache.directory.server.core.integ.IntegrationUtils.getUserAddLdif;
27  import static org.apache.directory.server.core.integ.IntegrationUtils.getContext;
28  import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
29  import org.apache.directory.shared.ldap.ldif.LdifEntry;
30  
31  import static org.junit.Assert.assertTrue;
32  import static org.junit.Assert.assertFalse;
33  import org.junit.Test;
34  import org.junit.runner.RunWith;
35  
36  import javax.naming.NameClassPair;
37  import javax.naming.NamingEnumeration;
38  import javax.naming.ldap.LdapContext;
39  import java.util.HashSet;
40  
41  
42  /**
43   * Tests our ability to list elements as the admin user and as a non admin user
44   * on security sensitive values.  We do not return results or name class pairs
45   * for user accounts if the user is not the admin.
46   *
47   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
48   * @version $Rev: 686082 $
49   */
50  @RunWith ( CiRunner.class )
51  public class ListIT
52  {
53      public static DirectoryService service;
54  
55  
56      @Test
57      public void testListSystemAsNonAdmin() throws Exception
58      {
59          LdifEntry akarasulu = getUserAddLdif();
60          service.getAdminSession().add( 
61              new DefaultServerEntry( service.getRegistries(), akarasulu.getEntry() ) ); 
62  
63          LdapContext sysRoot = getContext( akarasulu.getDn().getUpName(), service, "ou=system" );
64          HashSet<String> set = new HashSet<String>();
65          NamingEnumeration<NameClassPair> list = sysRoot.list( "" );
66  
67          while ( list.hasMore() )
68          {
69              NameClassPair ncp = list.next();
70              set.add( ncp.getName() );
71          }
72  
73          assertFalse( set.contains( "uid=admin,ou=system" ) );
74          assertTrue( set.contains( "ou=users,ou=system" ) );
75          assertTrue( set.contains( "ou=groups,ou=system" ) );
76      }
77  
78  
79      @Test
80      public void testListUsersAsNonAdmin() throws Exception
81      {
82          LdifEntry akarasulu = getUserAddLdif();
83          service.getAdminSession().add( 
84              new DefaultServerEntry( service.getRegistries(), akarasulu.getEntry() ) ); 
85  
86          LdapContext sysRoot = getContext( akarasulu.getDn().getUpName(), service, "ou=system" );
87          HashSet<String> set = new HashSet<String>();
88          NamingEnumeration<NameClassPair> list = sysRoot.list( "ou=users" );
89  
90          while ( list.hasMore() )
91          {
92              NameClassPair ncp = list.next();
93              set.add( ncp.getName() );
94          }
95  
96          // @todo this assertion fails now - is this the expected behavoir?
97          // assertFalse( set.contains( "uid=akarasulu,ou=users,ou=system" ) );
98      }
99  
100 
101     @Test
102     public void testListSystemAsAdmin() throws Exception
103     {
104         LdapContext sysRoot = getSystemContext( service );
105         HashSet<String> set = new HashSet<String>();
106         NamingEnumeration<NameClassPair> list = sysRoot.list( "" );
107 
108         while ( list.hasMore() )
109         {
110             NameClassPair ncp = list.next();
111             set.add( ncp.getName() );
112         }
113 
114         assertTrue( set.contains( "uid=admin,ou=system" ) );
115         assertTrue( set.contains( "ou=users,ou=system" ) );
116         assertTrue( set.contains( "ou=groups,ou=system" ) );
117     }
118 
119 
120     @Test
121     public void testListUsersAsAdmin() throws Exception
122     {
123         LdapContext sysRoot = getSystemContext( service );
124         HashSet<String> set = new HashSet<String>();
125         LdifEntry akarasulu = getUserAddLdif();
126         service.getAdminSession().add( 
127             new DefaultServerEntry( service.getRegistries(), akarasulu.getEntry() ) ); 
128                 
129 
130         NamingEnumeration<NameClassPair> list = sysRoot.list( "ou=users" );
131         
132         while ( list.hasMore() )
133         {
134             NameClassPair ncp = list.next();
135             set.add( ncp.getName() );
136         }
137 
138         assertTrue( set.contains( "uid=akarasulu,ou=users,ou=system" ) );
139     }
140 }