use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapCacheTest method testAdminLogin.
@Test
public void testAdminLogin() throws Exception {
Properties options = ldapLoginModuleOptions();
LDAPLoginModule module = new LDAPLoginModule();
CallbackHandler cb = new NamePasswordCallbackHandler("admin", "admin123");
Subject subject = new Subject();
module.initialize(subject, cb, null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(2, subject.getPrincipals().size());
boolean foundUser = false;
boolean foundRole = false;
for (Principal pr : subject.getPrincipals()) {
if (pr instanceof UserPrincipal) {
assertEquals("admin", pr.getName());
foundUser = true;
} else if (pr instanceof RolePrincipal) {
assertEquals("admin", pr.getName());
foundRole = true;
}
}
assertTrue(foundUser);
assertTrue(foundRole);
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
DirContext context = new LDAPCache(new LDAPOptions(options)).open();
// Make "admin" user a member of a new "another" group
// dn: cn=admin,ou=groups,dc=example,dc=com
// objectClass: top
// objectClass: groupOfNames
// cn: admin
// member: cn=admin,ou=people,dc=example,dc=com
Attributes entry = new BasicAttributes();
entry.put(new BasicAttribute("cn", "another"));
Attribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("groupOfNames");
entry.put(oc);
Attribute mb = new BasicAttribute("member");
mb.add("cn=admin,ou=people,dc=example,dc=com");
entry.put(mb);
context.createSubcontext("cn=another,ou=groups,dc=example,dc=com", entry);
Thread.sleep(100);
module = new LDAPLoginModule();
subject = new Subject();
module.initialize(subject, cb, null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals("Postcondition", 3, subject.getPrincipals().size());
}
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class PropertiesBackingEngine method listUsers.
@Override
public List<UserPrincipal> listUsers() {
List<UserPrincipal> result = new ArrayList<>();
for (Object user : users.keySet()) {
String userName = (String) user;
if (userName.startsWith(GROUP_PREFIX))
continue;
UserPrincipal userPrincipal = new UserPrincipal(userName);
result.add(userPrincipal);
}
return result;
}
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapLoginModuleTest method testNonAdminLogin.
@Test
public void testNonAdminLogin() throws Exception {
Properties options = ldapLoginModuleOptions();
LDAPLoginModule module = new LDAPLoginModule();
Subject subject = new Subject();
module.initialize(subject, new NamePasswordCallbackHandler("cheese", "foodie"), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(1, subject.getPrincipals().size());
boolean foundUser = false;
boolean foundRole = false;
for (Principal pr : subject.getPrincipals()) {
if (pr instanceof UserPrincipal) {
assertEquals("cheese", pr.getName());
foundUser = true;
} else if (pr instanceof RolePrincipal) {
assertEquals("admin", pr.getName());
foundRole = true;
}
}
assertTrue(foundUser);
// cheese is not an admin so no roles should be returned
assertFalse(foundRole);
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapLoginModuleTest method testRoleMappingParsing.
@Test
public void testRoleMappingParsing() throws Exception {
Properties options = ldapLoginModuleOptions();
options.put(LDAPOptions.ROLE_MAPPING, "admin = karaf, test; admin = another");
LDAPLoginModule module = new LDAPLoginModule();
Subject subject = new Subject();
module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(4, subject.getPrincipals().size());
final List<String> roles = new ArrayList<>(Arrays.asList("karaf", "test", "another"));
boolean foundUser = false;
boolean foundRole = false;
for (Principal pr : subject.getPrincipals()) {
if (pr instanceof UserPrincipal) {
assertEquals("admin", pr.getName());
foundUser = true;
} else if (pr instanceof RolePrincipal) {
assertTrue(roles.remove(pr.getName()));
foundRole = true;
}
}
assertTrue(foundUser);
assertTrue(foundRole);
assertTrue(roles.isEmpty());
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapLoginModuleTest method testRoleMappingFqdn.
@Test
public void testRoleMappingFqdn() throws Exception {
Properties options = ldapLoginModuleOptions();
options.put(LDAPOptions.ROLE_MAPPING, "cn=admin,ou=groups,dc=example,dc=com=karaf;cn=admin,ou=mygroups,dc=example,dc=com=another");
options.put(LDAPOptions.ROLE_BASE_DN, "ou=groups,dc=example,dc=com");
options.put(LDAPOptions.ROLE_SEARCH_SUBTREE, "true");
options.put(LDAPOptions.ROLE_FILTER, "(member=%fqdn)");
options.put(LDAPOptions.ROLE_NAME_ATTRIBUTE, "description");
LDAPLoginModule module = new LDAPLoginModule();
Subject subject = new Subject();
module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(2, subject.getPrincipals().size());
final List<String> roles = new ArrayList<>(Arrays.asList("karaf"));
boolean foundUser = false;
boolean foundRole = false;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof UserPrincipal) {
assertEquals("admin", principal.getName());
foundUser = true;
} else if (principal instanceof RolePrincipal) {
assertTrue(roles.remove(principal.getName()));
foundRole = true;
}
}
assertTrue(foundUser);
assertTrue(foundRole);
assertTrue(roles.isEmpty());
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Aggregations