1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz;
21
22
23 import org.apache.directory.server.core.DirectoryService;
24 import org.apache.directory.server.core.integ.CiRunner;
25 import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
26 import org.apache.directory.server.core.integ.annotations.Factory;
27 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
28 import org.apache.directory.shared.ldap.util.ArrayUtils;
29 import org.apache.directory.shared.ldap.util.StringTools;
30
31 import static org.junit.Assert.assertEquals;
32 import static org.junit.Assert.assertTrue;
33 import static org.junit.Assert.assertNotNull;
34 import static org.junit.Assert.fail;
35 import org.junit.Test;
36 import org.junit.runner.RunWith;
37
38 import javax.naming.NamingEnumeration;
39 import javax.naming.NamingException;
40 import javax.naming.directory.Attributes;
41 import javax.naming.directory.BasicAttributes;
42 import javax.naming.directory.DirContext;
43 import javax.naming.directory.SearchControls;
44 import javax.naming.directory.SearchResult;
45 import javax.naming.ldap.LdapContext;
46 import java.util.HashSet;
47
48
49
50
51
52
53
54
55
56 @RunWith ( CiRunner.class )
57 @Factory ( AutzIntegUtils.ServiceFactory.class )
58 public class AuthorizationServiceAsAdminIT
59 {
60 public static DirectoryService service;
61
62
63
64
65
66
67
68 @Test
69 public void testNoDeleteOnAdminByAdmin() throws Exception
70 {
71 try
72 {
73 getSystemContext( service ).destroySubcontext( "uid=admin" );
74 fail( "admin should not be able to delete his account" );
75 }
76 catch ( LdapNoPermissionException e )
77 {
78 assertNotNull( e );
79 }
80 }
81
82
83
84
85
86
87
88 @Test
89 public void testNoRdnChangesOnAdminByAdmin() throws Exception
90 {
91 try
92 {
93 getSystemContext( service ).rename( "uid=admin", "uid=alex" );
94 fail( "admin should not be able to rename his account" );
95 }
96 catch ( LdapNoPermissionException e )
97 {
98 assertNotNull( e );
99 }
100 }
101
102
103
104
105
106
107
108 @Test
109 public void testModifyOnAdminByAdmin() throws Exception
110 {
111 LdapContext sysRoot = getSystemContext( service );
112 Attributes attributes = new BasicAttributes( true );
113 attributes.put( "userPassword", "replaced" );
114 sysRoot.modifyAttributes( "uid=admin", DirContext.REPLACE_ATTRIBUTE, attributes );
115 Attributes newAttrs = sysRoot.getAttributes( "uid=admin" );
116 assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( "replaced" ), newAttrs.get( "userPassword" ).get() ) );
117 }
118
119
120
121
122
123
124
125 @Test
126 public void testSearchSubtreeByAdmin() throws Exception
127 {
128 LdapContext sysRoot = getSystemContext( service );
129 SearchControls controls = new SearchControls();
130 controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
131 HashSet<String> set = new HashSet<String>();
132 NamingEnumeration<SearchResult> list = sysRoot.search( "", "(objectClass=*)", controls );
133
134 while ( list.hasMore() )
135 {
136 SearchResult result = list.next();
137 set.add( result.getName() );
138 }
139
140 assertEquals( 10, set.size() );
141 assertTrue( set.contains( "ou=system" ) );
142 assertTrue( set.contains( "ou=configuration,ou=system" ) );
143 assertTrue( set.contains( "ou=interceptors,ou=configuration,ou=system" ) );
144 assertTrue( set.contains( "ou=partitions,ou=configuration,ou=system" ) );
145 assertTrue( set.contains( "ou=services,ou=configuration,ou=system" ) );
146 assertTrue( set.contains( "ou=groups,ou=system" ) );
147 assertTrue( set.contains( "cn=Administrators,ou=groups,ou=system" ) );
148 assertTrue( set.contains( "ou=users,ou=system" ) );
149 assertTrue( set.contains( "prefNodeName=sysPrefRoot,ou=system" ) );
150 assertTrue( set.contains( "uid=admin,ou=system" ) );
151 }
152 }