1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz;
21
22
23 import org.apache.directory.server.core.DirectoryService;
24 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
25 import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
26 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
27 import org.apache.directory.server.core.integ.CiRunner;
28 import org.apache.directory.server.core.integ.SetupMode;
29 import org.apache.directory.server.core.integ.annotations.*;
30 import static org.junit.Assert.assertTrue;
31 import static org.junit.Assert.assertFalse;
32 import static org.junit.Assert.fail;
33
34 import org.junit.Test;
35 import org.junit.runner.RunWith;
36
37 import javax.naming.Name;
38 import javax.naming.NamingException;
39 import javax.naming.NoPermissionException;
40 import javax.naming.directory.DirContext;
41
42
43
44
45
46
47
48
49
50 @RunWith ( CiRunner.class )
51 @Mode ( SetupMode.PRISTINE )
52 public class AdministratorsGroupIT
53 {
54 public static DirectoryService service;
55
56 boolean canReadAdministrators( DirContext ctx ) throws NamingException
57 {
58 try
59 {
60 ctx.getAttributes( "cn=Administrators,ou=groups" );
61 return true;
62 }
63 catch ( NoPermissionException e )
64 {
65 return false;
66 }
67 }
68
69
70
71
72
73
74
75
76
77
78
79 @Test
80 @Factory ( AutzIntegUtils.ServiceFactory.class )
81 public void testNonAdminReadAccessToGroups() throws Exception
82 {
83 Name billydDn = createUser( "billyd", "s3kr3t" );
84
85
86
87 try
88 {
89 getContextAs( billydDn, "s3kr3t" );
90 fail( "Should not get here since we cannot browse ou=system" );
91 }
92 catch( NoPermissionException e )
93 {
94 }
95
96
97 addUserToGroup( "billyd", "Administrators" );
98
99
100 DirContext ctx = getContextAs( billydDn, "s3kr3t" );
101 assertTrue( canReadAdministrators( ctx ) );
102 }
103
104
105
106
107
108
109
110
111
112 @Test
113 @Factory ( AutzIntegUtils.DefaultServiceFactory.class )
114 public void testDefaultNonAdminReadAccessToGroups() throws Exception
115 {
116 Name billydDn = createUser( "billyd", "s3kr3t" );
117 assertFalse( service.isAccessControlEnabled() );
118 DirContext ctx = getContextAs( billydDn, "s3kr3t" );
119
120
121 assertFalse( canReadAdministrators( ctx ) );
122
123
124 addUserToGroup( "billyd", "Administrators" );
125
126
127 assertTrue( canReadAdministrators( ctx ) );
128 }
129 }