use of com.zimbra.cs.account.soap.SoapProvisioning in project zm-mailbox by Zimbra.
the class TestProvisioningUtil method getSoapProvisioning.
public static SoapProvisioning getSoapProvisioning(String userName, String password) throws ServiceException {
SoapProvisioning sp = new SoapProvisioning();
sp.soapSetURI("https://localhost:7071" + AdminConstants.ADMIN_SERVICE_URI);
sp.soapAdminAuthenticate(userName, password);
return sp;
}
use of com.zimbra.cs.account.soap.SoapProvisioning in project zm-mailbox by Zimbra.
the class TestDomainAdmin method testDelegatedAdminAssignSendToDistList.
/**
* Test that delegated admin with adminConsoleDLACLTabRights can grant sendToDistList right
* @throws Exception
*/
@Test
public void testDelegatedAdminAssignSendToDistList() throws Exception {
createAdminConsoleStyleDomainAdmin(DOMADMIN);
adminSoapProv.createAccount(TARGET_ACCT, TestUtil.DEFAULT_PASSWORD, null);
SoapProvisioning domAdminSoapProv = getSoapProvisioning(DOMADMIN, TestUtil.DEFAULT_PASSWORD);
CreateDistributionListResponse caResp;
caResp = domAdminSoapProv.invokeJaxb(new CreateDistributionListRequest(TARGET_DL));
assertNotNull("CreateDistributionListResponse for " + TARGET_DL + " simple as domAdmin", caResp);
caResp = adminSoapProv.invokeJaxb(new CreateDistributionListRequest(DIFF_DL));
assertNotNull("CreateDistributionListResponse for " + TARGET_DL + " simple as domAdmin", caResp);
failToGrantRight(domAdminSoapProv, TargetType.dl, TARGET_DL, TARGET_ACCT, RightConsts.RT_sendToDistList, "permission denied: insufficient right to grant 'sendToDistList' right");
grantRight(adminSoapProv, TargetType.domain, ADMINISTERED_DOMAIN, DOMADMIN, /* grantee */
RightConsts.RT_adminConsoleDLACLTabRights);
grantRight(domAdminSoapProv, TargetType.dl, TARGET_DL, TARGET_ACCT, RightConsts.RT_sendToDistList);
/* Check that doesn't allow it for a dl in a different domain */
failToGrantRight(domAdminSoapProv, TargetType.dl, DIFF_DL, TARGET_ACCT, RightConsts.RT_sendToDistList, "permission denied: insufficient right to grant 'sendToDistList' right");
}
use of com.zimbra.cs.account.soap.SoapProvisioning in project zm-mailbox by Zimbra.
the class TestDomainAdmin method testAccountPassword.
@Test
public void testAccountPassword() throws Exception {
Account acct = adminSoapProv.createAccount(TARGET_ACCT, TestUtil.DEFAULT_PASSWORD, null);
String domAdminId = createAdminConsoleStyleDomainAdmin(DOMADMIN);
adminSoapProv.authAccount(acct, TestUtil.DEFAULT_PASSWORD, AuthContext.Protocol.test);
assertNotNull("Account for " + TARGET_ACCT, acct);
// first as admin
adminSoapProv.changePassword(acct, TestUtil.DEFAULT_PASSWORD, "DelTA4Pa555");
adminSoapProv.checkPasswordStrength(acct, "2ndDelTA4Pa555");
adminSoapProv.setPassword(acct, "2ndDelTA4Pa555");
SoapProvisioning domAdminSoapProv = getSoapProvisioning(DOMADMIN, TestUtil.DEFAULT_PASSWORD);
try {
domAdminSoapProv.changePassword(acct, "DelTA4Pa555", TestUtil.DEFAULT_PASSWORD);
fail("changePassword succeeded when shouldn't");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "authentication failed for");
}
try {
domAdminSoapProv.checkPasswordStrength(acct, "2ndDelTA4Pa555");
fail("checkPasswordStrength succeeded in spite of not having checkPasswordStrength right!!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: need right: checkPasswordStrength for account");
}
domAdminSoapProv.setPassword(acct, TestUtil.DEFAULT_PASSWORD);
}
use of com.zimbra.cs.account.soap.SoapProvisioning in project zm-mailbox by Zimbra.
the class TestDomainAdmin method testGetAccountInDiffDomain.
@Test
public void testGetAccountInDiffDomain() throws Exception {
Account acct = TestJaxbProvisioning.ensureAccountExists(DIFF_ACCT);
String acctId = acct.getId();
String domAdminId = createAdminConsoleStyleDomainAdmin(DOMADMIN);
SoapProvisioning domAdminSoapProv = getSoapProvisioning(DOMADMIN, TestUtil.DEFAULT_PASSWORD);
GetAccountRequest getAcctReq = new GetAccountRequest(AccountSelector.fromName(DIFF_ACCT), true);
try {
domAdminSoapProv.invokeJaxb(getAcctReq);
fail("GetAccountRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
try {
domAdminSoapProv.invokeJaxbOnTargetAccount(getAcctReq, acctId);
fail("GetAccountRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
// try non-existent acct
getAcctReq = new GetAccountRequest(AccountSelector.fromName(DIFF_ACCT2), true);
try {
domAdminSoapProv.invokeJaxb(getAcctReq);
fail("GetAccountRequest succeeded for non-existent account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
GetMailboxRequest gmReq = new GetMailboxRequest(new MailboxByAccountIdSelector(acctId));
try {
domAdminSoapProv.invokeJaxb(gmReq);
fail("GetMailboxRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
try {
domAdminSoapProv.invokeJaxbOnTargetAccount(gmReq, acctId);
fail("GetMailboxRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
AddAccountAliasResponse aaaResp;
try {
aaaResp = domAdminSoapProv.invokeJaxb(new AddAccountAliasRequest(acctId, ALIAS_FOR_TARGET_ACCT));
fail("AddAccountAliasRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
try {
aaaResp = domAdminSoapProv.invokeJaxbOnTargetAccount(new AddAccountAliasRequest(acctId, ALIAS_FOR_TARGET_ACCT2), acctId);
fail("AddAccountAliasRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
aaaResp = adminSoapProv.invokeJaxb(new AddAccountAliasRequest(acctId, ALIAS_FOR_TARGET_ACCT));
assertNotNull("AddAccountAliasResponse for " + TARGET_ACCT + " as FULL ADMIN", aaaResp);
try {
domAdminSoapProv.invokeJaxb(new RemoveAccountAliasRequest(acctId, ALIAS_FOR_TARGET_ACCT));
fail("RemoveAccountAliasRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
try {
domAdminSoapProv.invokeJaxb(new RenameAccountRequest(acctId, TARGET_ACCT_RENAMED));
fail("RenameAccountRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
try {
domAdminSoapProv.invokeJaxb(new DeleteAccountRequest(acctId));
fail("DeleteAccountRequest succeeded for account in other domain!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "permission denied: can not access account ");
}
}
use of com.zimbra.cs.account.soap.SoapProvisioning in project zm-mailbox by Zimbra.
the class TestDomainAdmin method testGetDistributionListInDomAdminDomain.
@Test
public void testGetDistributionListInDomAdminDomain() throws Exception {
String domAdminId = createAdminConsoleStyleDomainAdmin(DOMADMIN);
SoapProvisioning domAdminSoapProv = getSoapProvisioning(DOMADMIN, TestUtil.DEFAULT_PASSWORD);
CreateDistributionListResponse caResp;
caResp = domAdminSoapProv.invokeJaxb(new CreateDistributionListRequest(TARGET_DL));
assertNotNull("CreateDistributionListResponse for " + TARGET_DL + " simple as domAdmin", caResp);
String dlId = caResp.getDl().getId();
GetDistributionListRequest getDlReq = new GetDistributionListRequest(DistributionListSelector.fromName(TARGET_DL));
GetDistributionListResponse getDlResp = domAdminSoapProv.invokeJaxb(getDlReq);
assertNotNull("GetDistributionListResponse for " + TARGET_DL + " simple as domAdmin", getDlResp);
AddDistributionListAliasResponse aaaResp;
aaaResp = domAdminSoapProv.invokeJaxb(new AddDistributionListAliasRequest(dlId, ALIAS_FOR_TARGET_DL));
assertNotNull("AddDistributionListAliasResponse for " + TARGET_DL + " simple as domAdmin", aaaResp);
RemoveDistributionListAliasResponse daaResp;
daaResp = domAdminSoapProv.invokeJaxb(new RemoveDistributionListAliasRequest(dlId, ALIAS_FOR_TARGET_DL));
assertNotNull("RemoveDistributionListAliasResponse for " + TARGET_DL + " simple as domAdmin", daaResp);
RenameDistributionListResponse renAResp;
renAResp = domAdminSoapProv.invokeJaxb(new RenameDistributionListRequest(dlId, TARGET_DL_RENAMED));
assertNotNull("RenameDistributionListResponse for " + TARGET_DL + " simple as domAdmin", renAResp);
DeleteDistributionListRequest delDLReq;
DeleteDistributionListResponse delDlResp;
delDLReq = new DeleteDistributionListRequest(null);
try {
delDlResp = domAdminSoapProv.invokeJaxb(delDLReq);
fail("DeleteDistributionListRequest succeeded in spite of having no 'id' specified!!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "invalid request: missing required attribute: id");
}
delDLReq = new DeleteDistributionListRequest(dlId);
delDlResp = domAdminSoapProv.invokeJaxb(delDLReq);
assertNotNull("DeleteDistributionListResponse for " + TARGET_DL + " as domAdmin", delDlResp);
try {
getDlResp = domAdminSoapProv.invokeJaxb(getDlReq);
fail("GetDistributionListRequest succeeded after delete!");
} catch (SoapFaultException sfe) {
checkSoapReason(sfe, "no such distribution list:");
}
try {
getDlResp = domAdminSoapProv.invokeJaxb(new GetDistributionListRequest(DistributionListSelector.fromId(dlId)));
fail("GetDistributionListRequest succeeded after delete!");
} catch (SoapFaultException sfe) {
// because by id not name
checkSoapReason(sfe, "permission denied: can not access distribution list");
}
}
Aggregations