Author: ate
Date: Fri Mar 19 13:18:22 2010
New Revision: 925209
URL: http://svn.apache.org/viewvc?rev=925209&view=rev
Log:
JS2-1136: Cleanup and strengthening the Security Entity/LDAP mapping
- refactoring the AbstractLDAPTest to leverage the new
AbstractLDAPSecurityTestCase
- fixing and adjusting the default LDAP spring configurations and
jetspeed.properties to match default ApacheDS (1.5+) configurations
- replacing GroupOfUniqueNames usage with "plain" GroupOfNames (look it up:
everybody advises against using GroupOfUniqueNames if you don't realy, really
need it)
- hooking up TestGroupManager and TestRoleManager to now (also) automatically
run and execute against the embedded ApacheDS service
- todo: migrating other security tests to also use and execute against LDAP to
ensure we're properly validating usage of LDAP
Added:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/init.ldif
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/
(props changed)
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/
(props changed)
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRoleManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/AbstractLDAPTest.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/TestLDAP.java
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/pom.xml Fri
Mar 19 13:18:22 2010
@@ -171,6 +171,10 @@
<include>transaction.xml,security-*.xml,static-bean-references.xml,boot/datasource.xml</include>
</resource>
<resource>
+ <path>conf/jetspeed</path>
+ <include>jetspeed.properties</include>
+ </resource>
+ <resource>
<path>db-ojb</path>
</resource>
</resources>
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Fri Mar 19 13:18:22 2010
@@ -1,2 +1,2 @@
-target
+target
surefire*.properties
Added:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/init.ldif
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/init.ldif?rev=925209&view=auto
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/init.ldif
(added)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/JETSPEED-INF/directory/config/apacheds/init.ldif
Fri Mar 19 13:18:22 2010
@@ -0,0 +1,17 @@
+version: 1
+
+dn: ou=Groups,o=sevenSeas
+objectClass: organizationalUnit
+objectClass: top
+ou: Groups
+
+dn: ou=Roles,o=sevenSeas
+objectClass: organizationalUnit
+objectClass: top
+ou: Roles
+
+dn: ou=Users,o=sevenSeas
+objectClass: organizationalUnit
+objectClass: top
+ou: Users
+
Propchange:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Fri Mar 19 13:18:22 2010
@@ -1,2 +1,2 @@
-target
+target
surefire*.properties
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java
Fri Mar 19 13:18:22 2010
@@ -21,7 +21,6 @@ import java.util.List;
import javax.security.auth.Subject;
import junit.framework.Test;
-import junit.framework.TestSuite;
/**
@@ -32,12 +31,11 @@ import junit.framework.TestSuite;
* @author <a href="mailto:[email protected]";>David Le Strat </a>
* @version $Id$
*/
-public class TestGroupManager extends AbstractSecurityTestcase
+public class TestGroupManager extends AbstractLDAPSecurityTestCase
{
public static Test suite()
{
- // All methods starting with "test" will be executed in the test suite.
- return new TestSuite(TestGroupManager.class);
+ return createFixturedTestSuite(TestGroupManager.class,
"ldapTestSetup", "ldapTestTeardown");
}
/**
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRoleManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRoleManager.java?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRoleManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRoleManager.java
Fri Mar 19 13:18:22 2010
@@ -19,7 +19,6 @@ package org.apache.jetspeed.security;
import javax.security.auth.Subject;
import junit.framework.Test;
-import junit.framework.TestSuite;
/**
@@ -30,12 +29,12 @@ import junit.framework.TestSuite;
* @author <a href="mailto:[email protected]";>David Le Strat </a>
* @version $Id$
*/
-public class TestRoleManager extends AbstractSecurityTestcase
+public class TestRoleManager extends AbstractLDAPSecurityTestCase
{
public static Test suite()
{
// All methods starting with "test" will be executed in the test suite.
- return new TestSuite(TestRoleManager.class);
+ return createFixturedTestSuite(TestRoleManager.class, "ldapTestSetup",
"ldapTestTeardown");
}
/**
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
Fri Mar 19 13:18:22 2010
@@ -26,7 +26,6 @@ import javax.security.auth.login.LoginCo
import javax.security.auth.login.LoginException;
import junit.framework.Test;
-import junit.framework.TestSuite;
import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
@@ -37,11 +36,11 @@ import org.apache.jetspeed.security.impl
*
* @author <a href="mailto:[email protected]";>David Le Strat </a>
*/
-public class TestUserManager extends AbstractSecurityTestcase
+public class TestUserManager extends AbstractLDAPSecurityTestCase
{
public static Test suite()
{
- return new TestSuite(TestUserManager.class);
+ return createFixturedTestSuite(TestUserManager.class, "ldapTestSetup",
"ldapTestTeardown");
}
/**
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/AbstractLDAPTest.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/AbstractLDAPTest.java?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/AbstractLDAPTest.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/AbstractLDAPTest.java
Fri Mar 19 13:18:22 2010
@@ -18,15 +18,7 @@ package org.apache.jetspeed.security.map
import java.io.File;
-import org.apache.directory.server.core.DefaultDirectoryService;
-import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.entry.ServerEntry;
-import org.apache.directory.server.core.partition.Partition;
-import
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
-import org.apache.directory.server.ldap.LdapServer;
-import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
-import org.apache.directory.server.protocol.shared.transport.TcpTransport;
-import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.jetspeed.security.EmbeddedApacheDSTestService;
import org.apache.jetspeed.security.mapping.ldap.dao.DefaultLDAPEntityManager;
import
org.apache.jetspeed.security.mapping.ldap.dao.LDAPEntityDAOConfiguration;
import org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl;
@@ -75,88 +67,30 @@ public abstract class AbstractLDAPTest e
protected BasicTestCases basicTestCases;
- /** The directory service */
- private static DirectoryService service;
- private static LdapServer server;
- private static boolean running;
-
- private static boolean deleteDir(File dir)
- {
- if (dir.isDirectory())
- {
- String[] children = dir.list();
- for (int i=0; i < children.length; i++)
- {
- if (!deleteDir(new File(dir, children[i])))
- {
- return false;
- }
- }
- }
- return dir.delete();
- }
+ private static EmbeddedApacheDSTestService ldapService;
- public void ldapTestSetup() throws Exception
+ public AbstractLDAPTest()
{
- File workingDir = new File(getBaseDir()+"target/_apacheds");
- if (workingDir.exists() && !deleteDir(workingDir))
- {
- throw new Exception("Cannot delete apacheds working Directory:
"+workingDir.getAbsolutePath());
- }
-
- // Initialize the LDAP service
- service = new DefaultDirectoryService();
-
- // Disable the ChangeLog system
- service.getChangeLog().setEnabled( false );
- service.setDenormalizeOpAttrsEnabled( true );
-
- // Create a new partition named 'foo'.
- Partition partition = new JdbmPartition();
- partition.setId( "sevenSeas" );
- partition.setSuffix( "o=sevenSeas" );
- service.addPartition( partition );
-
- service.setWorkingDirectory(workingDir);
- server = new LdapServer();
- server.setDirectoryService(service);
- server.setTransports(new TcpTransport(10389));
- service.startup();
- server.start();
+ ldapService = new EmbeddedApacheDSTestService(getBaseDN(),
getLdapPort(), getWorkingDir());
+ }
- // Inject the sevenSeas root entry if it does not already exist
- if (!service.getAdminSession().exists(partition.getSuffixDn()))
- {
- LdapDN dn = new LdapDN( "o=sevenSeas" );
- ServerEntry entry = service.newEntry( dn );
- entry.add( "objectClass", "top", "domain", "extensibleObject" );
- entry.add( "dc", "sevenSeas" );
- service.getAdminSession().add( entry );
- }
- running = true;
+ public void ldapTestSetup() throws Exception
+ {
+ ldapService.start();
}
public void ldapTestTeardown() throws Exception
{
- server.stop();
- service.shutdown();
- server = null;
- service = null;
- File workingDir = new File(getBaseDir()+"target/_apacheds");
- if (workingDir.exists())
- {
- deleteDir(workingDir);
- }
- running = false;
+ ldapService.stop();
}
public void setUp() throws Exception
{
super.setUp();
// TODO : move config to build environment
- baseDN = "o=sevenSeas";
+ baseDN = getBaseDN();
LdapContextSource contextSource = new LdapContextSource();
- contextSource.setUrl("ldap://localhost:10389";);
+
contextSource.setUrl("ldap://localhost:"+Integer.toString(getLdapPort()));
contextSource.setBase(baseDN);
contextSource.setUserDn("uid=admin,ou=system");
contextSource.setPassword("secret");
@@ -164,23 +98,12 @@ public abstract class AbstractLDAPTest e
ldapTemplate = new LdapTemplate();
ldapTemplate.setContextSource(contextSource);
- if (!running) return;
+ if (!ldapService.isRunning()) return;
- try
- {
- emptyLDAP();
- } catch (Exception e)
- {
- if (debugMode)
- {
- e.printStackTrace();
- }
- }
Resource[] ldifs = initializationData();
for (int i = 0; i < ldifs.length; i++)
{
- LdifFileLoader loader = new
LdifFileLoader(service.getAdminSession(), ldifs[i].getFile().getAbsolutePath());
- loader.execute();
+ ldapService.loadLdif(ldifs[i].getFile());
}
internalSetUp();
@@ -188,18 +111,28 @@ public abstract class AbstractLDAPTest e
basicTestCases = new BasicTestCases(entityManager, debugMode);
}
- private void emptyLDAP() throws Exception
- {
- ldapTemplate.unbind("", true); // recursively delete root node of ldap
- }
-
@Override
protected void tearDown() throws Exception
{
super.tearDown();
- if (!running) return;
+ if (!ldapService.isRunning()) return;
internaltearDown();
- emptyLDAP();
+ ldapService.revert();
+ }
+
+ protected String getBaseDN()
+ {
+ return "o=sevenSeas";
+ }
+
+ protected int getLdapPort()
+ {
+ return 10389;
+ }
+
+ protected File getWorkingDir()
+ {
+ return new File(getBaseDir()+"target/_apacheds");
}
public abstract void internalSetUp() throws Exception;
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/TestLDAP.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/TestLDAP.java?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/TestLDAP.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/ldap/setup1/TestLDAP.java
Fri Mar 19 13:18:22 2010
@@ -37,16 +37,6 @@ public class TestLDAP extends AbstractSe
return createFixturedTestSuite(TestLDAP.class, "ldapTestSetup",
"ldapTestTeardown");
}
- public void ldapTestSetup() throws Exception
- {
- super.ldapTestSetup();
- }
-
- public void ldapTestTeardown() throws Exception
- {
- super.ldapTestTeardown();
- }
-
public void testSingleUser() throws Exception
{
EntityImpl sampleUser = new EntityImpl("user", "jsmith", userAttrDefs);
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Fri Mar 19 13:18:22 2010
@@ -162,7 +162,7 @@
</bean>
</property>
<property name="ldapIdAttribute" value="cn" />
- <property name="objectClasses"
value="groupOfUniqueNames,extensibleObject"/>
+ <property name="objectClasses" value="groupOfNames,extensibleObject"/>
<property name="attributeDefinitions">
<set>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
@@ -179,12 +179,6 @@
<constructor-arg type="java.lang.String" index="3"
value="role.display.name" />
</bean>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
- <constructor-arg type="java.lang.String" index="0"
value="uniqueMember" />
- <constructor-arg index="1" value="true" />
- <constructor-arg index="2" value="false" />
- <property name="required" value="true" />
- </bean>
- <bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg type="java.lang.String" index="0" value="member" />
<constructor-arg index="1" value="true" />
<constructor-arg index="2" value="false" />
@@ -206,7 +200,7 @@
</bean>
</property>
<property name="ldapIdAttribute" value="cn" />
- <property name="objectClasses"
value="groupOfUniqueNames,extensibleObject"/>
+ <property name="objectClasses" value="groupOfNames,extensibleObject"/>
<property name="attributeDefinitions">
<set>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
@@ -223,12 +217,6 @@
<constructor-arg type="java.lang.String" index="3"
value="group.display.name" />
</bean>
<bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
- <constructor-arg type="java.lang.String" index="0"
value="uniqueMember" />
- <constructor-arg index="1" value="true" />
- <constructor-arg index="2" value="false" />
- <property name="required" value="true" />
- </bean>
- <bean
class="org.apache.jetspeed.security.mapping.model.impl.AttributeDefImpl">
<constructor-arg type="java.lang.String" index="0" value="member" />
<constructor-arg index="1" value="true" />
<constructor-arg index="2" value="false" />
@@ -251,7 +239,7 @@
<bean id="UserRoleRelationDAO"
class="org.apache.jetspeed.security.mapping.ldap.dao.impl.AttributeBasedRelationDAO">
<meta key="j2:cat" value="ldapSecurity" />
- <property name="relationAttribute" value="uniqueMember" />
+ <property name="relationAttribute" value="member" />
<property name="attributeContainsInternalId" value="true" />
<property name="useFromEntityAttribute" value="false" />
<property name="relationType">
@@ -265,7 +253,7 @@
<bean id="UserGroupRelationDAO"
class="org.apache.jetspeed.security.mapping.ldap.dao.impl.AttributeBasedRelationDAO">
<meta key="j2:cat" value="ldapSecurity" />
- <property name="relationAttribute" value="uniqueMember" />
+ <property name="relationAttribute" value="member" />
<property name="attributeContainsInternalId" value="true" />
<property name="useFromEntityAttribute" value="false" />
<property name="relationType">
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties?rev=925209&r1=925208&r2=925209&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Fri Mar 19 13:18:22 2010
@@ -332,20 +332,20 @@ page.file.cache.size=100
#-------------------------------------------------------------------------
# LDAP
#-------------------------------------------------------------------------
-#defaults for LDAP
-ldap.url = ldap://localhost:389
-ldap.base =o=sevenSeas
-ldap.userDn = cn=admin,o=sevenSeas
-ldap.password =secret
+#defaults for LDAP (Apache DS 1.5+)
+ldap.url=ldap://localhost:10389
+ldap.base=o=sevenSeas
+ldap.userDn=uid=admin,ou=system
+ldap.password=secret
ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
-ldap.user.filter = (objectclass=person)
-ldap.search.scope = 2
-ldap.user.searchBase=
+ldap.user.filter=(objectclass=person)
+ldap.search.scope=2
+ldap.user.searchBase=ou=Users
ldap.user.entryPrefix=uid
-ldap.role.searchBase=ou=Roles,o=Jetspeed
-ldap.role.filter = (objectClass=groupOfUniqueNames)
-ldap.group.searchBase=ou=Groups,o=Jetspeed
-ldap.group.filter = (objectClass=groupOfUniqueNames)
+ldap.role.searchBase=ou=Roles
+ldap.role.filter = (objectClass=groupOfNames)
+ldap.group.searchBase=ou=Groups
+ldap.group.filter = (objectClass=groupOfNames)
ldap.context.pool.maxActive = 20
ldap.context.pool.maxIdle = 20
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
