private LdapProperties someLdapProperties() { return ldapProperties("", 389, singletonList("someBaseDn"), "someRoleBaseDn", "someRdnIdentifier", singletonList("/internal"), StartTLS); }
@BeforeEach public void setUp() { ldapConnectionFactory = mock(LdapConnectionFactory.class); response = mock(HttpServletResponse.class); testee = new LdapAuthenticationFilter( ldapProperties("someHost", 389, singletonList("someBaseDn"), null, "someRdnIdentifier", singletonList("/internal"), StartTLS, WHITELISTED_PATH), ldapConnectionFactory ); }
@Test public void shouldNotApplyFilterToNotAuthenticatedUser() throws IOException, ServletException, GeneralSecurityException, LDAPException { final LdapProperties ldapProperties = ldapProperties("someHost", 389, singletonList("someBaseDn"), null, "someRdnIdentifier", singletonList("/internal"), StartTLS, WHITELISTED_PATH); final LdapConnectionFactory connectionFactory = mock(LdapConnectionFactory.class); final LDAPConnection ldapConnection = someLdapConnectionReturning(AUTHORIZATION_DENIED); when(connectionFactory.buildLdapConnection()).thenReturn(ldapConnection); testee = new LdapAuthenticationFilter(ldapProperties, connectionFactory); final HttpServletRequest request = requestWithAuthorizationHeader(); when(request.getServletPath()).thenReturn("/foo"); final FilterChain filterChain = mock(FilterChain.class); testee.doFilter(request, response, filterChain); verify(filterChain, never()).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void shouldApplyFilterToAuthenticatedUser() throws IOException, ServletException, GeneralSecurityException, LDAPException { final LdapProperties ldapProperties = ldapProperties("someHost", 389, singletonList("someBaseDn"), null, "someRdnIdentifier", singletonList("/internal"), StartTLS, WHITELISTED_PATH); final LdapConnectionFactory connectionFactory = mock(LdapConnectionFactory.class); final LDAPConnection ldapConnection = someLdapConnectionReturning(SUCCESS); when(connectionFactory.buildLdapConnection()).thenReturn(ldapConnection); testee = new LdapAuthenticationFilter(ldapProperties, connectionFactory); final HttpServletRequest request = requestWithAuthorizationHeader(); when(request.getServletPath()).thenReturn("/foo"); final FilterChain filterChain = mock(FilterChain.class); testee.doFilter(request, response, filterChain); verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void shouldFailToStartIfBaseDnIsNotConfigured() { assertThrows(IllegalStateException.class, () -> { new LdapAuthenticationFilter( ldapProperties("someHost", 389, singletonList(""), null, "someRdnIdentifier", singletonList("/internal"), StartTLS), ldapConnectionFactory ); }); }
@Test public void shouldFailToStartIfRdnIdentifierIsNotConfigured() { assertThrows(IllegalStateException.class, () -> { new LdapAuthenticationFilter( ldapProperties("someHost", 389, singletonList("someBaseDn"), null, "", singletonList("/internal"), StartTLS), ldapConnectionFactory ); }); }
@Test public void shouldFailToStartIfHostIsNotConfigured() { assertThrows(IllegalStateException.class, () -> { new LdapAuthenticationFilter( ldapProperties("", 389, singletonList("someBaseDn"), null, "someRdnIdentifier", singletonList("/internal"), StartTLS), ldapConnectionFactory ); }); }
@Test public void shouldApplyFilterToAuthenticatedUserWithAdditionallyConfiguredBaseDn() throws IOException, ServletException, GeneralSecurityException, LDAPException { // given final LdapProperties ldapProperties = ldapProperties("someHost", 389, asList("exceptionBaseDn", "successBaseDn"), null, "someRdnIdentifier", singletonList("/internal"), StartTLS, WHITELISTED_PATH); final LdapConnectionFactory connectionFactory = mock(LdapConnectionFactory.class); final LDAPConnection ldapConnection = someLdapConnectionReturningSuccessOrThrowingBindException("successBaseDn", "exceptionBaseDn"); when(connectionFactory.buildLdapConnection()).thenReturn(ldapConnection); testee = new LdapAuthenticationFilter(ldapProperties, connectionFactory); // when final HttpServletRequest request = requestWithAuthorizationHeader(); when(request.getServletPath()).thenReturn("/foo"); final FilterChain filterChain = mock(FilterChain.class); testee.doFilter(request, response, filterChain); // then verify(ldapConnection).bind(contains("exceptionBaseDn"), anyString()); verify(ldapConnection).bind(contains("successBaseDn"), anyString()); verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); }