protected void setupPanel(final String userDnPattern, String userFilter, String userFormat, String userGroupService) { config = new LDAPSecurityServiceConfig(); config.setName("test"); config.setServerURL(ldapServerUrl + "/" + basePath); config.setUserDnPattern(userDnPattern); config.setUserFilter(userFilter); config.setUserFormat(userFormat); config.setUserGroupServiceName(userGroupService); setupPanel(config); }
authenticator.setUserFilter(ldapConfig.getUserFilter()); authenticator.setUserFormat(ldapConfig.getUserFormat()); if (ldapConfig.getUserDnPattern() != null) { authenticator.setUserDnPatterns(new String[] {ldapConfig.getUserDnPattern()}); String ugServiceName = ldapConfig.getUserGroupServiceName(); if (ugServiceName != null) { if (ldapConfig.isBindBeforeGroupSearch()) { authPopulator = new BindingLdapAuthoritiesPopulator( ldapContext, ldapConfig.getGroupSearchBase()); if (ldapConfig.getGroupSearchFilter() != null) { ((BindingLdapAuthoritiesPopulator) authPopulator) .setGroupSearchFilter(ldapConfig.getGroupSearchFilter()); authPopulator = new DefaultLdapAuthoritiesPopulator( ldapContext, ldapConfig.getGroupSearchBase()); if (ldapConfig.getGroupSearchFilter() != null) { ((DefaultLdapAuthoritiesPopulator) authPopulator) .setGroupSearchFilter(ldapConfig.getGroupSearchFilter()); provider, ldapConfig.getAdminGroup(), ldapConfig.getGroupAdminGroup());
public LDAPSecurityServiceConfig(LDAPSecurityServiceConfig other) { super(other); userDnPattern = other.getUserDnPattern(); userGroupServiceName = other.getUserGroupServiceName(); userFormat = other.getUserFormat(); }
/** * Test that authentication can be done using the couple userFilter and * userFormat instead of userDnPattern. * * @throws Exception */ public void testUserFilterAndFormat() throws Exception { if(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)) { // filter to extract user data config.setUserFilter("(telephonenumber=1)"); // username to bind to config.setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertEquals(2, result.getAuthorities().size()); } }
@Override public void setUp() throws Exception { tempFolder = File.createTempFile("ldap", "test"); tempFolder.delete(); tempFolder.mkdirs(); GeoServerResourceLoader resourceLoader = new GeoServerResourceLoader( tempFolder); securityManager = new GeoServerSecurityManager( new GeoServerDataDirectory(resourceLoader)); securityProvider = new LDAPSecurityProvider(securityManager); config = new LDAPSecurityServiceConfig(); config.setServerURL(ldapServerUrl + "/" + basePath); config.setGroupSearchBase("ou=Groups"); config.setGroupSearchFilter("member=cn={1}"); config.setUseTLS(false); authentication = new UsernamePasswordAuthenticationToken("admin", "admin"); authenticationOther = new UsernamePasswordAuthenticationToken("other", "other"); }
/** Test that LDAPAuthenticationProvider finds roles even if there is a colon in the password */ @Test public void testColonPassword() throws Exception { Assume.assumeTrue( LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath, "data3.ldif")); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); createAuthenticationProvider(); authentication = new UsernamePasswordAuthenticationToken("colon", "da:da"); Authentication result = authProvider.authenticate(authentication); assertEquals(2, result.getAuthorities().size()); }
/** * Test that bindBeforeGroupSearch correctly enables roles fetching on a * server without anonymous access enabled. * * @throws Exception */ public void testBindBeforeGroupSearch() throws Exception { // no anonymous access if(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); config.setBindBeforeGroupSearch(true); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertNotNull(result); assertEquals("admin", result.getName()); assertEquals(2, result.getAuthorities().size()); } }
/** * Test that if and adminGroup is defined, the roles contain * ROLE_ADMINISTRATOR * * @throws Exception */ public void testAdminGroup() throws Exception { if(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); config.setAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_ADMINISTRATOR")) { foundAdmin = true; } } assertTrue(foundAdmin); } }
/** * Test that if and groupAdminGroup is defined, the roles contain * ROLE_GROUP_ADMIN * * @throws Exception */ public void testGroupAdminGroup() throws Exception { if(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); config.setGroupAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_GROUP_ADMIN")) { foundAdmin = true; } } assertTrue(foundAdmin); } }
@Override protected void createConfig() { config = new LDAPSecurityServiceConfig(); }
if (ldapConfig.getUserDnPattern() == null && ldapConfig.getUserFilter() == null) { error("Neither user dn pattern or user filter specified"); return;
public LDAPAuthProviderPanel(String id, IModel<LDAPSecurityServiceConfig> model) { super(id, model); add(new TextField("serverURL").setRequired(true)); add(new CheckBox("useTLS")); add(new TextField("userDnPattern")); add(new TextField("userFilter")); add(new TextField("userFormat")); boolean useLdapAuth = model.getObject().getUserGroupServiceName() == null; add(new AjaxCheckBox("useLdapAuthorization", new Model(useLdapAuth)) { @Override protected void onUpdate(AjaxRequestTarget target) { WebMarkupContainer c = (WebMarkupContainer) LDAPAuthProviderPanel.this.get("authorizationPanelContainer"); //reset any values that were set ((AuthorizationPanel)c.get("authorizationPanel")).resetModel(); //remove the old panel c.remove("authorizationPanel"); //add the new panel c.add(createAuthorizationPanel("authorizationPanel", getModelObject())); target.addComponent(c); } }); add(new WebMarkupContainer("authorizationPanelContainer") .add(createAuthorizationPanel("authorizationPanel", useLdapAuth)).setOutputMarkupId(true)); add(new TestLDAPConnectionPanel("testCx")); }
/** * Test that authentication can be done using the couple userFilter and userFormat instead of * userDnPattern, using placemarks in userFilter. */ @Test public void testUserFilterPlacemarks() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); // filter to extract user data ((LDAPSecurityServiceConfig) config).setUserFilter("(givenName={1})"); // username to bind to ((LDAPSecurityServiceConfig) config).setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertEquals(3, result.getAuthorities().size()); // filter to extract user data ((LDAPSecurityServiceConfig) config).setUserFilter("(cn={0})"); // username to bind to ((LDAPSecurityServiceConfig) config).setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); result = authProvider.authenticate(authentication); assertEquals(3, result.getAuthorities().size()); }
/** Test that if and groupAdminGroup is defined, the roles contain ROLE_GROUP_ADMIN */ @Test public void testGroupAdminGroup() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); config.setGroupAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_GROUP_ADMIN")) { foundAdmin = true; } } assertTrue(foundAdmin); }
/** * Test that without bindBeforeGroupSearch we get an exception during roles * fetching on a server without anonymous access enabled. * * @throws Exception */ public void testBindBeforeGroupSearchRequiredIfAnonymousDisabled() throws Exception { // no anonymous access if(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)) { config.setUserDnPattern("uid={0},ou=People"); // we don't bind config.setBindBeforeGroupSearch(false); createAuthenticationProvider(); boolean error = false; try { authProvider.authenticate(authentication); } catch (Exception e) { error = true; } assertTrue(error); } }
protected void setupPanel(final String userDnPattern, String userFilter, String userFormat) { config = new LDAPSecurityServiceConfig(); config.setName("test"); config.setServerURL(ldapServerUrl + "/" + basePath); config.setUserDnPattern(userDnPattern); config.setUserFilter(userFilter); config.setUserFormat(userFormat); setupPanel(config); }
/** * Test that authentication can be done using the couple userFilter and userFormat instead of * userDnPattern. */ @Test public void testUserFilterAndFormat() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); // filter to extract user data ((LDAPSecurityServiceConfig) config).setUserFilter("(telephonenumber=1)"); // username to bind to ((LDAPSecurityServiceConfig) config).setUserFormat("uid={0},ou=People,dc=example,dc=com"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertEquals(3, result.getAuthorities().size()); }
/** Test that if and adminGroup is defined, the roles contain ROLE_ADMINISTRATOR */ @Test public void testAdminGroup() throws Exception { Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); config.setAdminGroup("other"); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authenticationOther); boolean foundAdmin = false; for (GrantedAuthority authority : result.getAuthorities()) { if (authority.getAuthority().equalsIgnoreCase("ROLE_ADMINISTRATOR")) { foundAdmin = true; } } assertTrue(foundAdmin); }
protected void setupPanel( final String userDnPattern, String userFilter, String userFormat, String userGroupService) { config = new LDAPSecurityServiceConfig(); config.setName("test"); config.setServerURL(ldapServerUrl + "/" + basePath); config.setUserDnPattern(userDnPattern); config.setUserFilter(userFilter); config.setUserFormat(userFormat); config.setUserGroupServiceName(userGroupService); setupPanel(config); }
/** * LdapTestUtils Test that bindBeforeGroupSearch correctly enables roles fetching on a server * without anonymous access enabled. */ @Test public void testBindBeforeGroupSearch() throws Exception { // no anonymous access Assume.assumeTrue(LDAPTestUtils.initLdapServer(false, ldapServerUrl, basePath)); ((LDAPSecurityServiceConfig) config).setUserDnPattern("uid={0},ou=People"); config.setBindBeforeGroupSearch(true); createAuthenticationProvider(); Authentication result = authProvider.authenticate(authentication); assertNotNull(result); assertEquals("admin", result.getName()); assertEquals(3, result.getAuthorities().size()); }