defaultinitialdircontextfactorytests.java

acegi构造安全的java系统

/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.ldap;

import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.BadCredentialsException;

import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.directory.DirContext;


/**
 * Tests {@link org.acegisecurity.ldap.DefaultInitialDirContextFactory}.
 *
 * @author Luke Taylor
 * @version $Id: DefaultInitialDirContextFactoryTests.java 1496 2006-05-23 13:38:33Z benalex $
 */
public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTestCase {
    //~ Instance fields ================================================================================================

    DefaultInitialDirContextFactory idf;

    //~ Methods ========================================================================================================

    public void onSetUp() {
        idf = getInitialCtxFactory();
        idf.setMessageSource(new AcegiMessageSource());
    }

    public void testAnonymousBindSucceeds() throws Exception {
        DirContext ctx = idf.newInitialDirContext();
        // Connection pooling should be set by default for anon users.
        // Can't rely on this property being there with embedded server
        // assertEquals("true",ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
        ctx.close();
    }

    public void testBaseDnIsParsedFromCorrectlyFromUrl() {
        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/dc=acegisecurity,dc=org");
        assertEquals("dc=acegisecurity,dc=org", idf.getRootDn());

        // Check with an empty root
        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
        assertEquals("", idf.getRootDn());

        // Empty root without trailing slash
        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org");
        assertEquals("", idf.getRootDn());
    }

    public void testBindAsManagerFailsIfNoPasswordSet()
        throws Exception {
        idf.setManagerDn(MANAGER_USER);

        DirContext ctx = null;

        try {
            ctx = idf.newInitialDirContext();
            fail("Binding with no manager password should fail.");

// Can't rely on this property being there with embedded server
//        assertEquals("true",ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
        } catch (BadCredentialsException expected) {}

        LdapUtils.closeContext(ctx);
    }

    public void testBindAsManagerSucceeds() throws Exception {
        idf.setManagerPassword(MANAGER_PASSWORD);
        idf.setManagerDn(MANAGER_USER);

        DirContext ctx = idf.newInitialDirContext();
// Can't rely on this property being there with embedded server
//        assertEquals("true",ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
        ctx.close();
    }

    public void testConnectionAsSpecificUserSucceeds()
        throws Exception {
        DirContext ctx = idf.newInitialDirContext("uid=Bob,ou=people,dc=acegisecurity,dc=org", "bobspassword");
        // We don't want pooling for specific users.
        // assertNull(ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
//        com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
        ctx.close();
    }

    public void testConnectionFailure() throws Exception {
        // Use the wrong port
        idf = new DefaultInitialDirContextFactory("ldap://localhost:60389");
        idf.setInitialContextFactory("com.sun.jndi.ldap.LdapCtxFactory");

        Hashtable env = new Hashtable();
        env.put("com.sun.jndi.ldap.connect.timeout", "200");
        idf.setExtraEnvVars(env);
        idf.setUseConnectionPool(false); // coverage purposes only

        try {
            idf.newInitialDirContext();
            fail("Connection succeeded unexpectedly");
        } catch (LdapDataAccessException expected) {}
    }

    public void testEnvironment() {
        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");

        // check basic env
        Hashtable env = idf.getEnvironment();
        //assertEquals("com.sun.jndi.ldap.LdapCtxFactory", env.get(Context.INITIAL_CONTEXT_FACTORY));
        assertEquals("ldap://acegisecurity.org/", env.get(Context.PROVIDER_URL));
        assertEquals("simple", env.get(Context.SECURITY_AUTHENTICATION));
        assertNull(env.get(Context.SECURITY_PRINCIPAL));
        assertNull(env.get(Context.SECURITY_CREDENTIALS));

        // Ctx factory.
        idf.setInitialContextFactory("org.acegisecurity.NonExistentCtxFactory");
        env = idf.getEnvironment();
        assertEquals("org.acegisecurity.NonExistentCtxFactory", env.get(Context.INITIAL_CONTEXT_FACTORY));

        // Auth type
        idf.setAuthenticationType("myauthtype");
        env = idf.getEnvironment();
        assertEquals("myauthtype", env.get(Context.SECURITY_AUTHENTICATION));

        // Check extra vars
        Hashtable extraVars = new Hashtable();
        extraVars.put("extravar", "extravarvalue");
        idf.setExtraEnvVars(extraVars);
        env = idf.getEnvironment();
        assertEquals("extravarvalue", env.get("extravar"));
    }

    public void testInvalidPasswordCausesBadCredentialsException()
        throws Exception {
        idf.setManagerDn(MANAGER_USER);
        idf.setManagerPassword("wrongpassword");

        DirContext ctx = null;

        try {
            ctx = idf.newInitialDirContext();
            fail("Binding with wrong credentials should fail.");
        } catch (BadCredentialsException expected) {}

        LdapUtils.closeContext(ctx);
    }

    public void testMultipleProviderUrlsAreAccepted() {
        idf = new DefaultInitialDirContextFactory("ldaps://acegisecurity.org/dc=acegisecurity,dc=org "
                + "ldap://monkeymachine.co.uk/dc=acegisecurity,dc=org");
    }

    public void testMultipleProviderUrlsWithDifferentRootsAreRejected() {
        try {
            idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/dc=acegisecurity,dc=org "
                    + "ldap://monkeymachine.co.uk/dc=someotherplace,dc=org");
            fail("Different root DNs should cause an exception");
        } catch (IllegalArgumentException expected) {}
    }

    public void testSecureLdapUrlIsSupported() {
        idf = new DefaultInitialDirContextFactory("ldaps://localhost/dc=acegisecurity,dc=org");
        assertEquals("dc=acegisecurity,dc=org", idf.getRootDn());
    }

//    public void testNonLdapUrlIsRejected() throws Exception {
//        DefaultInitialDirContextFactory idf = new DefaultInitialDirContextFactory();
//
//        idf.setUrl("http://acegisecurity.org/dc=acegisecurity,dc=org");
//        idf.setInitialContextFactory(CoreContextFactory.class.getName());
//
//        try {
//            idf.afterPropertiesSet();
//            fail("Expected exception for non 'ldap://' URL");
//        } catch(IllegalArgumentException expected) {
//        }
//    }
    public void testServiceLocationUrlIsSupported() {
        idf = new DefaultInitialDirContextFactory("ldap:///dc=acegisecurity,dc=org");
        assertEquals("dc=acegisecurity,dc=org", idf.getRootDn());
    }
}