1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz;
21
22
23 import junit.framework.Assert;
24 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
25 import org.apache.directory.shared.ldap.name.LdapDN;
26 import org.apache.directory.server.core.integ.CiRunner;
27 import org.apache.directory.server.core.integ.annotations.*;
28 import org.apache.directory.server.core.DirectoryService;
29 import org.junit.runner.RunWith;
30
31 import static org.junit.Assert.fail;
32 import org.junit.Test;
33 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
34 import static org.apache.directory.server.core.authz.AutzIntegUtils.getContextAs;
35 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
36
37
38
39
40
41
42
43
44 @RunWith ( CiRunner.class )
45 @Factory ( AutzIntegUtils.ServiceFactory.class )
46 public class AuthzAuthnIT
47 {
48 public static DirectoryService service;
49
50
51
52
53
54
55
56
57 @Test
58 public void testAuthnWithRootDSE() throws Exception
59 {
60 createUser( "billyd", "billyd" );
61
62 LdapDN userName = new LdapDN( "uid=billyd,ou=users,ou=system" );
63 try
64 {
65
66 getContextAs( userName, "billyd", "" );
67 }
68 catch ( LdapNoPermissionException e )
69 {
70 fail( "Authentication should not have failed." );
71 }
72 }
73
74
75
76
77
78
79
80
81 @Test
82 public void testAuthnFailsWithSystemPartition() throws Exception
83 {
84 createUser( "billyd", "billyd" );
85
86 LdapDN userName = new LdapDN( "uid=billyd,ou=users,ou=system" );
87 try
88 {
89
90 getContextAs( userName, "billyd", "ou=system" );
91 fail( "Authentication should have failed." );
92 }
93 catch ( LdapNoPermissionException e )
94 {
95 Assert.assertNotNull( e );
96 }
97 }
98
99
100
101
102
103
104
105
106 @Test
107 public void testAuthnPassesWithSystemPartition() throws Exception
108 {
109 createUser( "billyd", "billyd" );
110
111
112
113
114
115
116
117 createAccessControlSubentry(
118 "grantBrowseForTheWholeNamingContext",
119 "{ maximum 0 }",
120 "{ " + "identificationTag \"browseACI\", "
121 + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
122 + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
123 + "protectedItems { entry }, "
124 + "grantsAndDenials { grantBrowse } } } } }" );
125
126 LdapDN userName = new LdapDN( "uid=billyd,ou=users,ou=system" );
127 try
128 {
129
130 getContextAs( userName, "billyd", "ou=system" );
131 }
132 catch ( LdapNoPermissionException e )
133 {
134 fail( "Authentication should not have failed." );
135 }
136 }
137 }