Skip to content
Snippets Groups Projects
Commit 0e4cdeaa authored by Jeff Burke's avatar Jeff Burke
Browse files

s1890: fixed LdapGroupDAO unit-tests

parent 2aa1f13c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+ 34
65
View file @ 0e4cdeaa
......@@ -195,7 +195,6 @@ public class LdapGroupDAO extends LdapDAO
}
else
{
// add group to groups tree
LDAPResult result = addGroup(getGroupDN(group.getID()),
group.getID(), ownerDN,
......@@ -211,7 +210,6 @@ public class LdapGroupDAO extends LdapDAO
group.getUserAdmins(),
group.getGroupAdmins());
LdapDAO.checkLdapResult(result.getResultCode());
}
}
catch (LDAPException e)
......@@ -231,8 +229,7 @@ public class LdapGroupDAO extends LdapDAO
{
// add new group
List<Attribute> attributes = new ArrayList<Attribute>();
Attribute ownerAttribute =
new Attribute(LDAP_OWNER, ownerDN.toNormalizedString());
Attribute ownerAttribute = new Attribute(LDAP_OWNER, ownerDN.toNormalizedString());
attributes.add(ownerAttribute);
attributes.add(new Attribute(LDAP_OBJECT_CLASS, LDAP_GROUP_OF_UNIQUE_NAMES));
attributes.add(new Attribute(LDAP_OBJECT_CLASS, LDAP_INET_USER));
......@@ -261,16 +258,12 @@ public class LdapGroupDAO extends LdapDAO
}
if (!members.isEmpty())
{
attributes.add(new Attribute(LDAP_UNIQUE_MEMBER,
(String[]) members
.toArray(new String[members
.size()])));
attributes.add(
new Attribute(LDAP_UNIQUE_MEMBER,
(String[]) members.toArray(new String[members.size()])));
}
AddRequest addRequest = new AddRequest(groupDN, attributes);
//addRequest.addControl(
// new ProxiedAuthorizationV2RequestControl(
// "dn:" + getSubjectDN().toNormalizedString()));
logger.debug("addGroup: " + groupDN);
return getReadWriteConnection().add(addRequest);
......@@ -299,16 +292,11 @@ public class LdapGroupDAO extends LdapDAO
DN groupDN = getGroupDN(group.getID());
SearchRequest searchRequest =
new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE, filter,
new String[]{LDAP_NSACCOUNTLOCK});
new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE,
filter, new String[]{LDAP_NSACCOUNTLOCK});
//searchRequest.addControl(
// new ProxiedAuthorizationV2RequestControl("dn:" +
// getSubjectDN()
// .toNormalizedString()));
SearchResultEntry searchResult = getReadWriteConnection()
.searchForEntry(searchRequest);
SearchResultEntry searchResult =
getReadWriteConnection().searchForEntry(searchRequest);
if (searchResult == null)
{
......@@ -376,19 +364,17 @@ public class LdapGroupDAO extends LdapDAO
}
if ((groupNames.size() % 100) == 0)
{
logger.debug("found: " + groupNames
.size() + " " + dt + "ms");
logger.debug("found: " + groupNames.size() +
" " + dt + "ms");
t1 = t2;
}
}
public void searchReferenceReturned(SearchResultReference srr)
{
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
throw new UnsupportedOperationException("Not supported yet.");
}
}, config
.getGroupsDN(), SearchScope.ONE, filter, PUB_GROUP_ATTRS);
}, config.getGroupsDN(), SearchScope.ONE, filter, PUB_GROUP_ATTRS);
SearchResult searchResult = null;
try
......@@ -419,8 +405,8 @@ public class LdapGroupDAO extends LdapDAO
{
logger.debug("getGroupNames Exception: " + e1, e1);
LdapDAO.checkLdapResult(e1.getResultCode());
throw new IllegalStateException("Unexpected exception: " + e1
.getMatchedDN(), e1);
throw new IllegalStateException("Unexpected exception: " +
e1.getMatchedDN(), e1);
}
}
......@@ -453,7 +439,7 @@ public class LdapGroupDAO extends LdapDAO
return group;
}
// groupID is here so exceptions and loggiong have plain groupID instead of DN
// groupID is here so exceptions and logging have plain groupID instead of DN
private Group getGroup(final DN groupDN, final String xgroupID, String[] attributes)
throws GroupNotFoundException, TransientException,
AccessControlException
......@@ -481,8 +467,8 @@ public class LdapGroupDAO extends LdapDAO
if (searchEntry == null)
{
String msg = "Group not found " + loggableGroupID;
logger.debug(msg + " cause: null");
String msg = "Group not found " + loggableGroupID + " cause: null";
logger.debug(msg);
throw new GroupNotFoundException(loggableGroupID);
}
......@@ -499,7 +485,7 @@ public class LdapGroupDAO extends LdapDAO
User user;
try
{
user = userDAO.getX500User(memberDN);
user = userDAO.getUser(new DNPrincipal(member));
ldapGroup.getUserMembers().add(user);
}
catch (UserNotFoundException e)
......@@ -621,34 +607,24 @@ public class LdapGroupDAO extends LdapDAO
}
// modify the admin group
adminMods.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
(String[]) newAdmins
.toArray(new String[newAdmins
.size()])));
adminMods.add(
new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
(String[]) newAdmins.toArray(new String[newAdmins.size()])));
ModifyRequest adminModify =
new ModifyRequest(getAdminGroupDN(group.getID()), adminMods);
//adminModify.addControl(
// new ProxiedAuthorizationV2RequestControl(
// "dn:" + getSubjectDN().toNormalizedString()));
LdapDAO.checkLdapResult(
getReadWriteConnection().modify(adminModify).getResultCode());
// modify the group itself
mods.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
(String[]) newMembers
.toArray(new String[newMembers
.size()])));
mods.add(
new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
(String[]) newMembers.toArray(new String[newMembers.size()])));
ModifyRequest modifyRequest =
new ModifyRequest(getGroupDN(group.getID()), mods);
//modifyRequest.addControl(
// new ProxiedAuthorizationV2RequestControl(
// "dn:" + getSubjectDN().toNormalizedString()));
LdapDAO.checkLdapResult(
getReadWriteConnection().modify(modifyRequest).getResultCode());
}
......@@ -670,8 +646,8 @@ public class LdapGroupDAO extends LdapDAO
}
catch (GroupNotFoundException e)
{
throw new RuntimeException("BUG: modified group not found (" + group
.getID() + ")");
throw new RuntimeException("BUG: modified group not found (" +
group.getID() + ")");
}
}
......@@ -757,13 +733,7 @@ public class LdapGroupDAO extends LdapDAO
SearchRequest searchRequest = new SearchRequest(
config.getGroupsDN(), SearchScope.SUB, filter, GROUP_ATTRS);
//searchRequest.addControl(
// new ProxiedAuthorizationV2RequestControl("dn:" +
// getSubjectDN()
// .toNormalizedString()));
SearchResult results = getReadOnlyConnection()
.search(searchRequest);
SearchResult results = getReadOnlyConnection().search(searchRequest);
for (SearchResultEntry result : results.getSearchEntries())
{
ret.add(createGroupFromSearchResult(result, GROUP_ATTRS));
......@@ -793,26 +763,25 @@ public class LdapGroupDAO extends LdapDAO
return new Group(groupName);
}
DN ownerDN = result.getAttributeValueAsDN(LDAP_OWNER);
String ownerDN = result.getAttributeValue(LDAP_OWNER);
if (ownerDN == null)
{
throw new AccessControlException(groupName);
}
try
{
User owner = userDAO.getX500User(ownerDN);
Group g = new Group(groupName);
setField(g, owner, LDAP_OWNER);
User owner = userDAO.getUser(new DNPrincipal(ownerDN));
Group group = new Group(groupName);
setField(group, owner, LDAP_OWNER);
if (result.hasAttribute(LDAP_DESCRIPTION))
{
g.description = result.getAttributeValue(LDAP_DESCRIPTION);
group.description = result.getAttributeValue(LDAP_DESCRIPTION);
}
if (result.hasAttribute(LDAP_MODIFY_TIMESTAMP))
{
g.lastModified = result
.getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
group.lastModified = result.getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
}
return g;
return group;
}
catch (UserNotFoundException ex)
{
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
+ 3
2
View file @ 0e4cdeaa
......@@ -175,13 +175,14 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
GroupNotFoundException
{
Subject caller = AuthenticationUtil.getCurrentSubject();
Principal owner = getUser(caller);
setField(group, owner, "owner");
Principal userID = getUser(caller);
LdapConnections conns = new LdapConnections(this);
try
{
LdapUserDAO userDAO = new LdapUserDAO(conns);
User owner = userDAO.getAugmentedUser(userID);
setField(group, owner, "owner");
LdapGroupDAO groupDAO = new LdapGroupDAO(conns, userDAO);
groupDAO.addGroup(group);
}
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+ 1
0
View file @ 0e4cdeaa
......@@ -186,6 +186,7 @@ public class LdapUserDAO extends LdapDAO
this.userLdapAttrib.put(HttpPrincipal.class, LDAP_UID);
this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME);
this.userLdapAttrib.put(NumericPrincipal.class, LDAP_NUMERICID);
this.userLdapAttrib.put(DNPrincipal.class, LDAP_ENTRYDN);
// add the id attributes to user and member attributes
String[] princs = userLdapAttrib.values()
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+ 31
67
View file @ 0e4cdeaa
......@@ -80,6 +80,7 @@ import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import ca.nrc.cadc.ac.server.TestUtil;
import ca.nrc.cadc.auth.NumericPrincipal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
......@@ -98,41 +99,14 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
static String user1Username = "CadcDaoTest1";
static String user2Username = "CadcDaoTest2";
static String user3Username = "CadcDaoTest3";
static String user1UID = "cadcdaotest1";
static String user2UID = "cadcdaotest2";
static String user3UID = "cadcdaotest3";
static String user1DN = "cn=" + user1UID + ",ou=cadc,o=hia,c=ca";
static String user2DN = "cn=" + user2UID + ",ou=cadc,o=hia,c=ca";
static String user3DN = "cn=" + user3UID + ",ou=cadc,o=hia,c=ca";
static String unknownDN = "cn=foo,ou=cadc,o=hia,c=ca";
static String user1EntryDN = "uid=cadcdaotest1,ou=users,ou=ds,dc=testcanfar";
static String user2EntryDN = "uid=cadcdaotest2,ou=users,ou=ds,dc=testcanfar";
static String user3EntryDN = "uid=cadcdaotest3,ou=users,ou=ds,dc=testcanfar";
static HttpPrincipal user1HttpPrincipal;
static HttpPrincipal user2HttpPrincipal;
static HttpPrincipal user3HttpPrincipal;
static DNPrincipal user1DNPrincipal;
static DNPrincipal user2DNPrincipal;
static DNPrincipal user3DNPrincipal;
static X500Principal user1X500Principal;
static X500Principal user2X500Principal;
static X500Principal user3X500Principal;
static X500Principal unknownPrincipal;
static User daoTestUser1;
static User daoTestUser2;
static User daoTestUser3;
static User unknownUser;
static User augmentedDaoTestUser1;
static User augmentedDaoTestUser2;
static Subject daoTestUser1Subject;
static Subject daoTestUser2Subject;
static Subject anonSubject;
......@@ -148,47 +122,36 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// get the configuration of the development server from and config files...
config = getLdapConfig();
user1HttpPrincipal = new HttpPrincipal(user1Username);
user2HttpPrincipal = new HttpPrincipal(user2Username);
user3HttpPrincipal = new HttpPrincipal(user3Username);
user1X500Principal = new X500Principal(user1DN);
user2X500Principal = new X500Principal(user2DN);
user3X500Principal = new X500Principal(user3DN);
unknownPrincipal = new X500Principal(unknownDN);
user1DNPrincipal = new DNPrincipal(user1EntryDN);
user2DNPrincipal = new DNPrincipal(user2EntryDN);
daoTestUser1 = new User();
daoTestUser1.getIdentities().add(user1X500Principal);
daoTestUser1.getIdentities().add(user1DNPrincipal);
daoTestUser1.getIdentities().add(user1HttpPrincipal);
daoTestUser2 = new User();
daoTestUser2.getIdentities().add(user2X500Principal);
daoTestUser2.getIdentities().add(user2DNPrincipal);
daoTestUser2.getIdentities().add(user2HttpPrincipal);
daoTestUser3 = new User();
daoTestUser3.getIdentities().add(user3X500Principal);
daoTestUser3.getIdentities().add(user3DNPrincipal);
daoTestUser3.getIdentities().add(user3HttpPrincipal);
unknownUser = new User();
unknownUser.getIdentities().add(unknownPrincipal);
HttpPrincipal httpPrincipal1 = new HttpPrincipal("CadcDaoTest1");
HttpPrincipal httpPrincipal2 = new HttpPrincipal("CadcDaoTest2");
HttpPrincipal httpPrincipal3 = new HttpPrincipal("CadcDaoTest3");
daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
daoTestUser2 = getUserDAO().getUser(httpPrincipal2);
daoTestUser3 = getUserDAO().getUser(httpPrincipal3);
augmentedDaoTestUser1 = getUserDAO().getAugmentedUser(httpPrincipal1);
daoTestUser1Subject = new Subject();
daoTestUser1Subject.getPrincipals().add(user1X500Principal);
daoTestUser1Subject.getPrincipals().add(user1DNPrincipal);
daoTestUser1Subject.getPrincipals().add(user1HttpPrincipal);
daoTestUser1Subject.getPrincipals().addAll(augmentedDaoTestUser1.getIdentities());
augmentedDaoTestUser2 = getUserDAO().getAugmentedUser(httpPrincipal2);
daoTestUser2Subject = new Subject();
daoTestUser2Subject.getPrincipals().add(user2X500Principal);
daoTestUser2Subject.getPrincipals().add(user2DNPrincipal);
daoTestUser2Subject.getPrincipals().add(user2HttpPrincipal);
daoTestUser2Subject.getPrincipals().addAll(augmentedDaoTestUser2.getIdentities());
HttpPrincipal unknownPrincipal = new HttpPrincipal("foo");
unknownUser = new User();
unknownUser.getIdentities().add(unknownPrincipal);
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownPrincipal);
}
static LdapUserDAO getUserDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
return new LdapUserDAO(connections);
}
LdapGroupDAO getGroupDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
......@@ -212,7 +175,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
try
{
Group expectGroup = new Group(getGroupID());
TestUtil.setField(expectGroup, daoTestUser1, "owner");
TestUtil.setField(expectGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(expectGroup);
Group actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
log.info("addGroup: " + expectGroup.getID());
......@@ -227,7 +190,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
assertGroupsEqual(expectGroup, actualGroup);
Group otherGroup = new Group(getGroupID());
TestUtil.setField(otherGroup, daoTestUser1, "owner");
TestUtil.setField(otherGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(otherGroup);
otherGroup = getGroupDAO().getGroup(otherGroup.getID(), true);
log.info("addGroup: " + otherGroup.getID());
......@@ -252,7 +215,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// the the returned result should contain only
// one entry (the dn one)
User duplicateIdentity = new User();
duplicateIdentity.getIdentities().add(new HttpPrincipal(user2UID));
duplicateIdentity.getIdentities().add(daoTestUser2.getHttpPrincipal());
expectGroup.getUserMembers().add(daoTestUser2);
expectGroup.getUserMembers().add(duplicateIdentity);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
......@@ -287,7 +250,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// groupAdmins
Group adminGroup = new Group(getGroupID());
TestUtil.setField(adminGroup, daoTestUser1, "owner");
TestUtil.setField(adminGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(adminGroup);
adminGroup = getGroupDAO().getGroup(adminGroup.getID(), true);
expectGroup.getGroupAdmins().add(adminGroup);
......@@ -320,6 +283,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// reactivate the group
Group reactGroup = new Group(expectGroup.getID());
TestUtil.setField(reactGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(reactGroup);
log.info("create (reactivate) group: " + expectGroup.getID());
actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
......@@ -332,7 +296,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// create another group and make expected group
// member of that group. Delete expected group after
Group expectGroup2 = new Group(getGroupID());
TestUtil.setField(expectGroup, daoTestUser1, "owner");
TestUtil.setField(expectGroup2, augmentedDaoTestUser1, "owner");
expectGroup2.getGroupAdmins().add(actualGroup);
expectGroup2.getGroupMembers().add(actualGroup);
getGroupDAO().addGroup(expectGroup2);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment