1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.ArrayList;
24 import java.util.Collection;
25 import java.util.Collections;
26 import java.util.HashSet;
27 import java.util.Set;
28
29 import javax.naming.NamingException;
30
31 import junit.framework.Assert;
32 import junit.framework.TestCase;
33
34 import org.apache.directory.server.core.authz.support.OperationScope;
35 import org.apache.directory.server.core.authz.support.RelatedUserClassFilter;
36 import org.apache.directory.server.core.subtree.SubtreeEvaluator;
37 import org.apache.directory.shared.ldap.aci.ACITuple;
38 import org.apache.directory.shared.ldap.aci.MicroOperation;
39 import org.apache.directory.shared.ldap.aci.ProtectedItem;
40 import org.apache.directory.shared.ldap.aci.UserClass;
41 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
42 import org.apache.directory.shared.ldap.name.LdapDN;
43
44
45
46
47
48
49
50
51 public class RelatedUserClassFilterTest extends TestCase
52 {
53 private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
54 private static final Collection<ProtectedItem> EMPTY_PROTECTED_ITEM_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
55
56 private static final Set<MicroOperation> EMPTY_MICRO_OPERATION_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
57
58 private static final LdapDN GROUP_NAME;
59 private static final LdapDN USER_NAME;
60 private static final Set<LdapDN> USER_NAMES = new HashSet<LdapDN>();
61 private static final Set<LdapDN> GROUP_NAMES = new HashSet<LdapDN>();
62
63 private static final SubtreeEvaluator SUBTREE_EVALUATOR;
64
65 private static final RelatedUserClassFilter filter;
66
67 static
68 {
69 SUBTREE_EVALUATOR = new SubtreeEvaluator( new DummyOidRegistry(), new DummyAttributeTypeRegistry(true) );
70 filter = new RelatedUserClassFilter( SUBTREE_EVALUATOR );
71
72 try
73 {
74 GROUP_NAME = new LdapDN( "ou=test,ou=groups,ou=system" );
75 USER_NAME = new LdapDN( "ou=test, ou=users, ou=system" );
76 }
77 catch ( NamingException e )
78 {
79 throw new Error();
80 }
81
82 USER_NAMES.add( USER_NAME );
83 GROUP_NAMES.add( GROUP_NAME );
84 }
85
86
87 public void testZeroTuple() throws Exception
88 {
89 Assert.assertEquals( 0, filter.filter( null, EMPTY_ACI_TUPLE_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null,
90 null, null, null, null, null, null, null, null, null ).size() );
91 }
92
93
94 public void testAllUsers() throws Exception
95 {
96 Collection<ACITuple> tuples = getTuples( UserClass.ALL_USERS );
97
98 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
99 AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
100 }
101
102
103 public void testThisEntry() throws Exception
104 {
105 Collection<ACITuple> tuples = getTuples( UserClass.THIS_ENTRY );
106
107 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
108 AuthenticationLevel.NONE, USER_NAME, null, null, null, null, null ).size() );
109 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
110 AuthenticationLevel.NONE, new LdapDN( "ou=unrelated" ), null, null, null, null, null ).size() );
111 }
112
113
114 public void testParentOfEntry() throws Exception
115 {
116 Collection<ACITuple> tuples = getTuples( UserClass.PARENT_OF_ENTRY );
117
118 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
119 AuthenticationLevel.NONE, new LdapDN( "ou=phoneBook, ou=test, ou=users, ou=system" ), null, null, null, null, null ).size() );
120 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
121 AuthenticationLevel.NONE, new LdapDN( "ou=unrelated" ), null, null, null, null, null ).size() );
122 }
123
124
125 public void testName() throws Exception
126 {
127 Collection<ACITuple> tuples = getTuples( new UserClass.Name( USER_NAMES ) );
128 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
129 AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
130 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null,
131 new LdapDN( "ou=unrelateduser, ou=users" ), null, AuthenticationLevel.NONE, USER_NAME, null, null, null,
132 null, null ).size() );
133 }
134
135
136 public void testUserGroup() throws Exception
137 {
138 Collection<ACITuple> tuples = getTuples( new UserClass.UserGroup( GROUP_NAMES ) );
139 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, GROUP_NAMES, USER_NAME, null,
140 AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
141
142 Set<LdapDN> wrongGroupNames = new HashSet<LdapDN>();
143 wrongGroupNames.add( new LdapDN( "ou=unrelatedgroup" ) );
144
145 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, wrongGroupNames, USER_NAME, null,
146 AuthenticationLevel.NONE, USER_NAME, null, null, null, null, null ).size() );
147 }
148
149
150 public void testSubtree() throws Exception
151 {
152
153 }
154
155
156 public void testAuthenticationLevel() throws Exception
157 {
158 Collection<ACITuple> tuples = getTuples( AuthenticationLevel.SIMPLE, true );
159
160 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
161 AuthenticationLevel.STRONG, null, null, null, null, null, null ).size() );
162 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
163 AuthenticationLevel.SIMPLE, null, null, null, null, null, null ).size() );
164 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
165 AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
166
167 tuples = getTuples( AuthenticationLevel.SIMPLE, false );
168
169 Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
170 AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
171
172 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
173 AuthenticationLevel.STRONG, null, null, null, null, null, null ).size() );
174
175 tuples = getTuples( AuthenticationLevel.SIMPLE, false );
176
177 Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
178 AuthenticationLevel.SIMPLE, null, null, null, null, null, null ).size() );
179 }
180
181
182 private static Collection<ACITuple> getTuples( UserClass userClass )
183 {
184 Collection<UserClass> classes = new ArrayList<UserClass>();
185 classes.add( userClass );
186
187 Collection<ACITuple> tuples = new ArrayList<ACITuple>();
188 tuples.add( new ACITuple( classes, AuthenticationLevel.NONE, EMPTY_PROTECTED_ITEM_COLLECTION,
189 EMPTY_MICRO_OPERATION_SET, true, 0 ) );
190
191 return tuples;
192 }
193
194
195 private static Collection<ACITuple> getTuples( AuthenticationLevel level, boolean grant )
196 {
197 Collection<UserClass> classes = new ArrayList<UserClass>();
198
199 if ( grant )
200 {
201 classes.add( UserClass.ALL_USERS );
202 }
203 else
204 {
205 Set<LdapDN> names = new HashSet<LdapDN>();
206
207 try
208 {
209 names.add( new LdapDN( "dummy=dummy" ) );
210 }
211 catch ( NamingException e )
212 {
213 throw new Error();
214 }
215
216 classes.add( new UserClass.Name( names ) );
217 }
218
219 Collection<ACITuple> tuples = new ArrayList<ACITuple>();
220 tuples.add( new ACITuple( classes, level, EMPTY_PROTECTED_ITEM_COLLECTION, EMPTY_MICRO_OPERATION_SET, grant, 0 ) );
221
222 return tuples;
223 }
224 }