private LdapAuthenticationTestCase(Builder builder) { this.ldapProvider = new LdapAuthenticationProviderImpl(builder.conf); }
private void authenticateUserAndCheckSearchIsClosed(String user) throws IOException { auth = new LdapAuthenticationProviderImpl(conf, factory); try { auth.Authenticate(user, "password doesn't matter"); } finally { verify(search, atLeastOnce()).close(); } } }
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod, HiveConf conf) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }
@Test public void testAuthenticateNoUserOrGroupFilter() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "cn=%s,ou=Users,dc=mycorp,dc=com:cn=%s,ou=PowerUsers,dc=mycorp,dc=com"); DirSearchFactory factory = mock(DirSearchFactory.class); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(factory.getInstance(conf, "cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "Blah")).thenReturn(search); when(factory.getInstance(conf, "cn=user1,ou=Users,dc=mycorp,dc=com", "Blah")).thenThrow(AuthenticationException.class); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); verify(factory, times(2)).getInstance(isA(HiveConf.class), anyString(), eq("Blah")); verify(search, atLeastOnce()).close(); }
@Test public void testAuthenticateWhenUserMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); String groupDn = "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"; when(search.findGroupDn("HIVE-USERS")).thenReturn(groupDn); when(search.isUserMemberOfGroup("user1", groupDn)).thenReturn(true); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); verify(factory, times(1)).getInstance(isA(HiveConf.class), anyString(), eq("Blah")); verify(search, times(1)).findGroupDn(anyString()); verify(search, times(1)).isUserMemberOfGroup(anyString(), anyString()); verify(search, atLeastOnce()).close(); }
@Test public void testAuthenticateWhenUserMembershipKeyFilter2x2PatternsPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS1,HIVE-USERS2"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "cn=%s,ou=Groups,ou=branch1,dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "cn=%s,ou=Userss,ou=branch1,dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findGroupDn("HIVE-USERS1")) .thenReturn("cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com"); when(search.findGroupDn("HIVE-USERS2")) .thenReturn("cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com"); when(search.isUserMemberOfGroup("user1", "cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com")).thenThrow(NamingException.class); when(search.isUserMemberOfGroup("user1", "cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com")).thenReturn(true); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); verify(factory, times(1)).getInstance(isA(HiveConf.class), anyString(), eq("Blah")); verify(search, times(2)).findGroupDn(anyString()); verify(search, times(2)).isUserMemberOfGroup(anyString(), anyString()); verify(search, atLeastOnce()).close(); }
@Test public void testAuthenticateWhenUserMembershipKeyFilterFails() throws NamingException, AuthenticationException, IOException { thrown.expect(AuthenticationException.class); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); String groupDn = "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"; when(search.findGroupDn("HIVE-USERS")).thenReturn(groupDn); when(search.isUserMemberOfGroup("user1", groupDn)).thenReturn(false); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); }
@Test public void authenticateGivenBlankPassword() throws Exception { auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory()); expectAuthenticationExceptionForInvalidPassword(); auth.Authenticate("user", ""); }
@Test public void authenticateGivenNullForPassword() throws Exception { auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory()); expectAuthenticationExceptionForInvalidPassword(); auth.Authenticate("user", null); }
@Test public void authenticateGivenStringWithNullCharacterForPassword() throws Exception { auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory()); expectAuthenticationExceptionForInvalidPassword(); auth.Authenticate("user", "\0"); }
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod, HiveConf conf) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }