/** Test that LDAPAuthenticationProvider finds roles even if there is a colon in the password */ @Test public void testColonPassword() throws Exception { Assume.assumeTrue( LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath, "data3.ldif")); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); createAuthenticationProvider(); authentication = new UsernamePasswordAuthenticationToken("colon", "da:da"); Authentication result = authProvider.authenticate(authentication); assertEquals(2, result.getAuthorities().size()); }
if (getSecurityManager() != null) { RoleCalculator calc = new RoleCalculator(getSecurityManager().getActiveRoleService()); try { roles.addAll(calc.calculateRoles(new GeoServerUser(auth.getName())));
/** Test that active role service is applied in the LDAPAuthenticationProvider */ @Test public void testRoleService() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); createAuthenticationProvider(); authProvider.setSecurityManager(securityManager); securityManager.setProviders(Collections.singletonList(authProvider)); MemoryRoleStore roleService = new MemoryRoleStore(); roleService.initializeFromService(new MemoryRoleService()); roleService.setSecurityManager(securityManager); GeoServerRole role = roleService.createRoleObject("MyRole"); roleService.addRole(role); roleService.associateRoleToUser(role, "other"); securityManager.setActiveRoleService(roleService); Authentication result = authProvider.authenticate(authenticationOther); assertTrue(result.getAuthorities().contains(role)); assertEquals(3, result.getAuthorities().size()); }
return new LDAPAuthenticationProvider( provider, ldapConfig.getAdminGroup(), ldapConfig.getGroupAdminGroup());
.createAuthenticationProvider(ldapConfig); Authentication authentication = authProvider .authenticate(new UsernamePasswordAuthenticationToken( username, password)); if(authentication == null || !authentication.isAuthenticated()) {
/** * Test that authentication can be done using the couple userFilter and * userFormat instead of userDnPattern. * * @throws Exception */ public void testUserFilterAndFormat() throws Exception { if(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)) { // filter to extract user data config.setUserFilter("(telephonenumber=1)"); // username to bind to config.setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertEquals(2, result.getAuthorities().size()); } }
/** * Test that if and adminGroup is defined, the roles contain * ROLE_ADMINISTRATOR * * @throws Exception */ public void testAdminGroup() throws Exception { if(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); config.setAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_ADMINISTRATOR")) { foundAdmin = true; } } assertTrue(foundAdmin); } }
/** * Test that if and groupAdminGroup is defined, the roles contain * ROLE_GROUP_ADMIN * * @throws Exception */ public void testGroupAdminGroup() throws Exception { if(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); config.setGroupAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_GROUP_ADMIN")) { foundAdmin = true; } } assertTrue(foundAdmin); } }
/** Test that if and groupAdminGroup is defined, the roles contain ROLE_GROUP_ADMIN */ @Test public void testGroupAdminGroup() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); config.setGroupAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_GROUP_ADMIN")) { foundAdmin = true; } } assertTrue(foundAdmin); }
/** Test that if and adminGroup is defined, the roles contain ROLE_ADMINISTRATOR */ @Test public void testAdminGroup() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); config.setAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_ADMINISTRATOR")) { foundAdmin = true; } } assertTrue(foundAdmin); }
/** * Test that authentication can be done using the couple userFilter and userFormat instead of * userDnPattern, using placemarks in userFilter. */ @Test public void testUserFilterPlacemarks() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); // filter to extract user data ((LDAPSecurityServiceConfig) config).setUserFilter("(givenName={1})"); // username to bind to ((LDAPSecurityServiceConfig) config).setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertEquals(3, result.getAuthorities().size()); // filter to extract user data ((LDAPSecurityServiceConfig) config).setUserFilter("(cn={0})"); // username to bind to ((LDAPSecurityServiceConfig) config).setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); result = authProvider.authenticate(authentication); assertEquals(3, result.getAuthorities().size()); }
/** * Test that bindBeforeGroupSearch correctly enables roles fetching on a * server without anonymous access enabled. * * @throws Exception */ public void testBindBeforeGroupSearch() throws Exception { // no anonymous access if(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); config.setBindBeforeGroupSearch(true); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertNotNull(result); assertEquals("admin", result.getName()); assertEquals(2, result.getAuthorities().size()); } }
/** * Test that authentication can be done using the couple userFilter and userFormat instead of * userDnPattern. */ @Test public void testUserFilterAndFormat() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); // filter to extract user data ((LDAPSecurityServiceConfig) config).setUserFilter("(telephonenumber=1)"); // username to bind to ((LDAPSecurityServiceConfig) config).setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertEquals(3, result.getAuthorities().size()); }
/** * LdapTestUtils Test that bindBeforeGroupSearch correctly enables roles fetching on a server * without anonymous access enabled. */ @Test public void testBindBeforeGroupSearch() throws Exception { // no anonymous access Assume.assumeTrue(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); config.setBindBeforeGroupSearch(true); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertNotNull(result); assertEquals("admin", result.getName()); assertEquals(3, result.getAuthorities().size()); }
/** * Test that without bindBeforeGroupSearch we get an exception during roles * fetching on a server without anonymous access enabled. * * @throws Exception */ public void testBindBeforeGroupSearchRequiredIfAnonymousDisabled() throws Exception { // no anonymous access if(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); // we don't bind config.setBindBeforeGroupSearch(false); createAuthenticationProvider(); boolean error = false; try { authProvider.authenticate(authentication); } catch (Exception e) { error = true; } assertTrue(error); } }
/** * Test that without bindBeforeGroupSearch we get an exception during roles fetching on a server * without anonymous access enabled. */ @Test public void testBindBeforeGroupSearchRequiredIfAnonymousDisabled() throws Exception { // no anonymous access Assume.assumeTrue(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); // we don't bind config.setBindBeforeGroupSearch(false); createAuthenticationProvider(); boolean error = false; try { authProvider.authenticate(authentication); } catch (Exception e) { error = true; } assertTrue(error); }