use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class InMemoryOperationInterceptorTestCase method testIntermediateResponseWithTransformations.
/**
* Tests to ensure that processing works correctly for intermediate responses.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIntermediateResponseWithTransformations() throws Exception {
final LDAPConnection conn = ds.getConnection();
WhoAmIExtendedRequest whoAmIRequest = new WhoAmIExtendedRequest(ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.INJECT_INTERMEDIATE_RESPONSE));
TestIntermediateResponseListener testIRListener = new TestIntermediateResponseListener();
whoAmIRequest.setIntermediateResponseListener(testIRListener);
assertResultCodeEquals(conn, whoAmIRequest, ResultCode.SUCCESS);
assertEquals(testIRListener.getCount(), 2);
whoAmIRequest = new WhoAmIExtendedRequest(ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.INJECT_INTERMEDIATE_RESPONSE, ControlBasedOperationInterceptor.TransformType.SUPPRESS_INTERMEDIATE_RESPONSE));
testIRListener = new TestIntermediateResponseListener();
whoAmIRequest.setIntermediateResponseListener(testIRListener);
assertResultCodeEquals(conn, whoAmIRequest, ResultCode.SUCCESS);
assertEquals(testIRListener.getCount(), 0);
whoAmIRequest = new WhoAmIExtendedRequest(ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.INJECT_INTERMEDIATE_RESPONSE, ControlBasedOperationInterceptor.TransformType.ALTER_INTERMEDIATE_RESPONSE));
testIRListener = new TestIntermediateResponseListener();
whoAmIRequest.setIntermediateResponseListener(testIRListener);
assertResultCodeEquals(conn, whoAmIRequest, ResultCode.SUCCESS);
assertEquals(testIRListener.getCount(), 2);
whoAmIRequest = new WhoAmIExtendedRequest(ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.INJECT_INTERMEDIATE_RESPONSE, ControlBasedOperationInterceptor.TransformType.INTERMEDIATE_RESPONSE_RUNTIME_EXCEPTION));
testIRListener = new TestIntermediateResponseListener();
whoAmIRequest.setIntermediateResponseListener(testIRListener);
assertResultCodeEquals(conn, whoAmIRequest, ResultCode.SUCCESS);
assertEquals(testIRListener.getCount(), 0);
conn.close();
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class InMemoryOperationInterceptorTestCase method testUnsolicitedResponse.
/**
* Tests to ensure that unsolicited responses are handled properly.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testUnsolicitedResponse() throws Exception {
final LDAPConnection conn = ds.getConnection();
final TestUnsolicitedNotificationHandler testNotificationHandler = new TestUnsolicitedNotificationHandler();
final LDAPConnectionOptions options = conn.getConnectionOptions();
options.setUnsolicitedNotificationHandler(testNotificationHandler);
conn.setConnectionOptions(options);
WhoAmIExtendedRequest whoAmIRequest = new WhoAmIExtendedRequest(ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.INJECT_UNSOLICITED_NOTIFICATION));
assertResultCodeEquals(conn, whoAmIRequest, ResultCode.SUCCESS);
assertEquals(testNotificationHandler.getNotificationCount(), 2);
conn.close();
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class RetainIdentityRequestControlTestCase method testSendFailedSimpleRequest.
/**
* Sends a request to the server containing the retain identity request
* control. It will establish an unauthenticated connection, then send an
* authenticated simple bind with invalid credentials including the retain
* identity request control It will verify that the identity of the client
* connection has not changed.
* <BR><BR>
* Access to a Directory Server instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testSendFailedSimpleRequest() throws Exception {
if (!isDirectoryInstanceAvailable()) {
return;
}
LDAPConnection conn = getAdminConnection();
conn.add(getTestBaseDN(), getBaseEntryAttributes());
conn.add("dn: uid=test," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "givenName: Test", "sn: User", "cn: Test User", "uid: test", "userPassword: password");
// First, use the "Who Am I?" request to get the current authorization
// identity.
WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
String authzID = whoAmIResult.getAuthorizationID();
assertNotNull(authzID);
// Perform an authenticated simple bind that includes both the retain
// identity request control and the authorization identity request control.
Control[] controls = { new RetainIdentityRequestControl() };
SimpleBindRequest bindRequest = new SimpleBindRequest("uid=test," + getTestBaseDN(), "wrong", controls);
try {
BindResult bindResult = conn.bind(bindRequest);
assertEquals(bindResult.getResultCode(), ResultCode.INVALID_CREDENTIALS);
} catch (LDAPException le) {
assertEquals(le.getResultCode(), ResultCode.INVALID_CREDENTIALS);
}
// Use the "Who Am I?" request again to verify that the client identity
// hasn't really changed.
whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertNotNull(whoAmIResult.getAuthorizationID());
assertEquals(whoAmIResult.getAuthorizationID(), authzID);
conn.delete("uid=test," + getTestBaseDN());
conn.delete(getTestBaseDN());
conn.close();
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class RetainIdentityRequestControlTestCase method testSendAuthenticatedPLAINRequest.
/**
* Sends a request to the server containing the retain identity request
* control. It will establish an unauthenticated connection, then send a SASL
* PLAIN bind including the retain identity request control It will verify
* that the identity of the client connection has not changed.
* <BR><BR>
* Access to a Directory Server instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testSendAuthenticatedPLAINRequest() throws Exception {
if (!isDirectoryInstanceAvailable()) {
return;
}
LDAPConnection conn = getAdminConnection();
conn.add(getTestBaseDN(), getBaseEntryAttributes());
conn.add("dn: uid=test," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "givenName: Test", "sn: User", "cn: Test User", "uid: test", "userPassword: password");
// First, use the "Who Am I?" request to get the current authorization
// identity.
WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
String authzID = whoAmIResult.getAuthorizationID();
assertNotNull(authzID);
// Perform an authenticated simple bind that includes both the retain
// identity request control and the authorization identity request control.
Control[] controls = { new RetainIdentityRequestControl(), new AuthorizationIdentityRequestControl() };
PLAINBindRequest bindRequest = new PLAINBindRequest("dn:uid=test," + getTestBaseDN(), "password", controls);
BindResult bindResult = conn.bind(bindRequest);
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
boolean authzIDFound = false;
for (Control c : bindResult.getResponseControls()) {
if (c instanceof AuthorizationIdentityResponseControl) {
authzIDFound = true;
String bindAuthzID = ((AuthorizationIdentityResponseControl) c).getAuthorizationID();
assertNotNull(bindAuthzID);
assertFalse(bindAuthzID.equals(authzID));
break;
}
}
assertTrue(authzIDFound);
// Use the "Who Am I?" request again to verify that the client identity
// hasn't really changed.
whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertNotNull(whoAmIResult.getAuthorizationID());
assertEquals(whoAmIResult.getAuthorizationID(), authzID);
conn.delete("uid=test," + getTestBaseDN());
conn.delete(getTestBaseDN());
conn.close();
}
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class MoveSubtree method getAuthenticatedUserDN.
/**
* Retrieves the DN of the user authenticated on the provided connection. It
* will first try to look at the last successful bind request processed on the
* connection, and will fall back to using the "Who Am I?" extended request.
*
* @param connection The connection for which to make the
* determination.
* @param isSource Indicates whether the connection is to the source
* or target server.
* @param opPurposeControl An optional operation purpose request control
* that may be included in the request.
*
* @return The DN of the user authenticated on the provided connection, or
* {@code null} if the connection is not authenticated.
*
* @throws LDAPException If a problem is encountered while making the
* determination.
*/
@Nullable()
private static String getAuthenticatedUserDN(@NotNull final LDAPConnection connection, final boolean isSource, @Nullable final OperationPurposeRequestControl opPurposeControl) throws LDAPException {
final BindRequest bindRequest = InternalSDKHelper.getLastBindRequest(connection);
if ((bindRequest != null) && (bindRequest instanceof SimpleBindRequest)) {
final SimpleBindRequest r = (SimpleBindRequest) bindRequest;
return r.getBindDN();
}
final Control[] controls;
if (opPurposeControl == null) {
controls = StaticUtils.NO_CONTROLS;
} else {
controls = new Control[] { opPurposeControl };
}
final String connectionName = isSource ? INFO_MOVE_SUBTREE_CONNECTION_NAME_SOURCE.get() : INFO_MOVE_SUBTREE_CONNECTION_NAME_TARGET.get();
final WhoAmIExtendedResult whoAmIResult;
try {
whoAmIResult = (WhoAmIExtendedResult) connection.processExtendedOperation(new WhoAmIExtendedRequest(controls));
} catch (final LDAPException le) {
Debug.debugException(le);
throw new LDAPException(le.getResultCode(), ERR_MOVE_SUBTREE_ERROR_INVOKING_WHO_AM_I.get(connectionName, StaticUtils.getExceptionMessage(le)), le);
}
if (whoAmIResult.getResultCode() != ResultCode.SUCCESS) {
throw new LDAPException(whoAmIResult.getResultCode(), ERR_MOVE_SUBTREE_ERROR_INVOKING_WHO_AM_I.get(connectionName, whoAmIResult.getDiagnosticMessage()));
}
final String authzID = whoAmIResult.getAuthorizationID();
if ((authzID != null) && authzID.startsWith("dn:")) {
return authzID.substring(3);
} else {
throw new LDAPException(ResultCode.UNWILLING_TO_PERFORM, ERR_MOVE_SUBTREE_CANNOT_IDENTIFY_CONNECTED_USER.get(connectionName));
}
}
Aggregations