s1890: fixed LdapGroupDAO unit-tests (0e4cdeaa) · Commits · OATS-CADC / ac

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

+34 −65

Original line number	Diff line number	Diff line
		@@ -195,7 +195,6 @@ public class LdapGroupDAO extends LdapDAO
		}
		else
		{

		// add group to groups tree
		LDAPResult result = addGroup(getGroupDN(group.getID()),
		group.getID(), ownerDN,
		@@ -211,7 +210,6 @@ public class LdapGroupDAO extends LdapDAO
		group.getUserAdmins(),
		group.getGroupAdmins());
		LdapDAO.checkLdapResult(result.getResultCode());

		}
		}
		catch (LDAPException e)
		@@ -231,8 +229,7 @@ public class LdapGroupDAO extends LdapDAO
		{
		// add new group
		List<Attribute> attributes = new ArrayList<Attribute>();
		Attribute ownerAttribute =
		new Attribute(LDAP_OWNER, ownerDN.toNormalizedString());
		Attribute ownerAttribute = new Attribute(LDAP_OWNER, ownerDN.toNormalizedString());
		attributes.add(ownerAttribute);
		attributes.add(new Attribute(LDAP_OBJECT_CLASS, LDAP_GROUP_OF_UNIQUE_NAMES));
		attributes.add(new Attribute(LDAP_OBJECT_CLASS, LDAP_INET_USER));
		@@ -261,16 +258,12 @@ public class LdapGroupDAO extends LdapDAO
		}
		if (!members.isEmpty())
		{
		attributes.add(new Attribute(LDAP_UNIQUE_MEMBER,
		(String[]) members
		.toArray(new String[members
		.size()])));
		attributes.add(
		new Attribute(LDAP_UNIQUE_MEMBER,
		(String[]) members.toArray(new String[members.size()])));
		}

		AddRequest addRequest = new AddRequest(groupDN, attributes);
		//addRequest.addControl(
		// new ProxiedAuthorizationV2RequestControl(
		// "dn:" + getSubjectDN().toNormalizedString()));

		logger.debug("addGroup: " + groupDN);
		return getReadWriteConnection().add(addRequest);
		@@ -299,16 +292,11 @@ public class LdapGroupDAO extends LdapDAO

		DN groupDN = getGroupDN(group.getID());
		SearchRequest searchRequest =
		new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE, filter,
		new String[]{LDAP_NSACCOUNTLOCK});
		new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE,
		filter, new String[]{LDAP_NSACCOUNTLOCK});

		//searchRequest.addControl(
		// new ProxiedAuthorizationV2RequestControl("dn:" +
		// getSubjectDN()
		// .toNormalizedString()));

		SearchResultEntry searchResult = getReadWriteConnection()
		.searchForEntry(searchRequest);
		SearchResultEntry searchResult =
		getReadWriteConnection().searchForEntry(searchRequest);

		if (searchResult == null)
		{
		@@ -376,19 +364,17 @@ public class LdapGroupDAO extends LdapDAO
		}
		if ((groupNames.size() % 100) == 0)
		{

		logger.debug("found: " + groupNames
		.size() + " " + dt + "ms");
		logger.debug("found: " + groupNames.size() +
		" " + dt + "ms");
		t1 = t2;
		}
		}

		public void searchReferenceReturned(SearchResultReference srr)
		{
		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools \| Templates.
		throw new UnsupportedOperationException("Not supported yet.");
		}
		}, config
		.getGroupsDN(), SearchScope.ONE, filter, PUB_GROUP_ATTRS);
		}, config.getGroupsDN(), SearchScope.ONE, filter, PUB_GROUP_ATTRS);

		SearchResult searchResult = null;
		try
		@@ -419,8 +405,8 @@ public class LdapGroupDAO extends LdapDAO
		{
		logger.debug("getGroupNames Exception: " + e1, e1);
		LdapDAO.checkLdapResult(e1.getResultCode());
		throw new IllegalStateException("Unexpected exception: " + e1
		.getMatchedDN(), e1);
		throw new IllegalStateException("Unexpected exception: " +
		e1.getMatchedDN(), e1);
		}
		}

		@@ -453,7 +439,7 @@ public class LdapGroupDAO extends LdapDAO
		return group;
		}

		// groupID is here so exceptions and loggiong have plain groupID instead of DN
		// groupID is here so exceptions and logging have plain groupID instead of DN
		private Group getGroup(final DN groupDN, final String xgroupID, String[] attributes)
		throws GroupNotFoundException, TransientException,
		AccessControlException
		@@ -481,8 +467,8 @@ public class LdapGroupDAO extends LdapDAO

		if (searchEntry == null)
		{
		String msg = "Group not found " + loggableGroupID;
		logger.debug(msg + " cause: null");
		String msg = "Group not found " + loggableGroupID + " cause: null";
		logger.debug(msg);
		throw new GroupNotFoundException(loggableGroupID);
		}

		@@ -499,7 +485,7 @@ public class LdapGroupDAO extends LdapDAO
		User user;
		try
		{
		user = userDAO.getX500User(memberDN);
		user = userDAO.getUser(new DNPrincipal(member));
		ldapGroup.getUserMembers().add(user);
		}
		catch (UserNotFoundException e)
		@@ -621,34 +607,24 @@ public class LdapGroupDAO extends LdapDAO
		}

		// modify the admin group
		adminMods.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
		(String[]) newAdmins
		.toArray(new String[newAdmins
		.size()])));
		adminMods.add(
		new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
		(String[]) newAdmins.toArray(new String[newAdmins.size()])));

		ModifyRequest adminModify =
		new ModifyRequest(getAdminGroupDN(group.getID()), adminMods);

		//adminModify.addControl(
		// new ProxiedAuthorizationV2RequestControl(
		// "dn:" + getSubjectDN().toNormalizedString()));

		LdapDAO.checkLdapResult(
		getReadWriteConnection().modify(adminModify).getResultCode());

		// modify the group itself
		mods.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
		(String[]) newMembers
		.toArray(new String[newMembers
		.size()])));
		mods.add(
		new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
		(String[]) newMembers.toArray(new String[newMembers.size()])));

		ModifyRequest modifyRequest =
		new ModifyRequest(getGroupDN(group.getID()), mods);

		//modifyRequest.addControl(
		// new ProxiedAuthorizationV2RequestControl(
		// "dn:" + getSubjectDN().toNormalizedString()));

		LdapDAO.checkLdapResult(
		getReadWriteConnection().modify(modifyRequest).getResultCode());
		}
		@@ -670,8 +646,8 @@ public class LdapGroupDAO extends LdapDAO
		}
		catch (GroupNotFoundException e)
		{
		throw new RuntimeException("BUG: modified group not found (" + group
		.getID() + ")");
		throw new RuntimeException("BUG: modified group not found (" +
		group.getID() + ")");
		}
		}

		@@ -757,13 +733,7 @@ public class LdapGroupDAO extends LdapDAO
		SearchRequest searchRequest = new SearchRequest(
		config.getGroupsDN(), SearchScope.SUB, filter, GROUP_ATTRS);

		//searchRequest.addControl(
		// new ProxiedAuthorizationV2RequestControl("dn:" +
		// getSubjectDN()
		// .toNormalizedString()));

		SearchResult results = getReadOnlyConnection()
		.search(searchRequest);
		SearchResult results = getReadOnlyConnection().search(searchRequest);
		for (SearchResultEntry result : results.getSearchEntries())
		{
		ret.add(createGroupFromSearchResult(result, GROUP_ATTRS));
		@@ -793,26 +763,25 @@ public class LdapGroupDAO extends LdapDAO
		return new Group(groupName);
		}

		DN ownerDN = result.getAttributeValueAsDN(LDAP_OWNER);
		String ownerDN = result.getAttributeValue(LDAP_OWNER);
		if (ownerDN == null)
		{
		throw new AccessControlException(groupName);
		}
		try
		{
		User owner = userDAO.getX500User(ownerDN);
		Group g = new Group(groupName);
		setField(g, owner, LDAP_OWNER);
		User owner = userDAO.getUser(new DNPrincipal(ownerDN));
		Group group = new Group(groupName);
		setField(group, owner, LDAP_OWNER);
		if (result.hasAttribute(LDAP_DESCRIPTION))
		{
		g.description = result.getAttributeValue(LDAP_DESCRIPTION);
		group.description = result.getAttributeValue(LDAP_DESCRIPTION);
		}
		if (result.hasAttribute(LDAP_MODIFY_TIMESTAMP))
		{
		g.lastModified = result
		.getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
		group.lastModified = result.getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
		}
		return g;
		return group;
		}
		catch (UserNotFoundException ex)
		{

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java

+3 −2

Original line number	Diff line number	Diff line
		@@ -175,13 +175,14 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
		GroupNotFoundException
		{
		Subject caller = AuthenticationUtil.getCurrentSubject();
		Principal owner = getUser(caller);
		setField(group, owner, "owner");
		Principal userID = getUser(caller);

		LdapConnections conns = new LdapConnections(this);
		try
		{
		LdapUserDAO userDAO = new LdapUserDAO(conns);
		User owner = userDAO.getAugmentedUser(userID);
		setField(group, owner, "owner");
		LdapGroupDAO groupDAO = new LdapGroupDAO(conns, userDAO);
		groupDAO.addGroup(group);
		}

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -186,6 +186,7 @@ public class LdapUserDAO extends LdapDAO
		this.userLdapAttrib.put(HttpPrincipal.class, LDAP_UID);
		this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME);
		this.userLdapAttrib.put(NumericPrincipal.class, LDAP_NUMERICID);
		this.userLdapAttrib.put(DNPrincipal.class, LDAP_ENTRYDN);

		// add the id attributes to user and member attributes
		String[] princs = userLdapAttrib.values()

cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java

+31 −67

Original line number	Diff line number	Diff line
		@@ -80,6 +80,7 @@ import javax.security.auth.Subject;
		import javax.security.auth.x500.X500Principal;

		import ca.nrc.cadc.ac.server.TestUtil;
		import ca.nrc.cadc.auth.NumericPrincipal;
		import org.apache.log4j.Level;
		import org.apache.log4j.Logger;
		import org.junit.Assert;
		@@ -98,41 +99,14 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
		{
		private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);

		static String user1Username = "CadcDaoTest1";
		static String user2Username = "CadcDaoTest2";
		static String user3Username = "CadcDaoTest3";

		static String user1UID = "cadcdaotest1";
		static String user2UID = "cadcdaotest2";
		static String user3UID = "cadcdaotest3";

		static String user1DN = "cn=" + user1UID + ",ou=cadc,o=hia,c=ca";
		static String user2DN = "cn=" + user2UID + ",ou=cadc,o=hia,c=ca";
		static String user3DN = "cn=" + user3UID + ",ou=cadc,o=hia,c=ca";
		static String unknownDN = "cn=foo,ou=cadc,o=hia,c=ca";

		static String user1EntryDN = "uid=cadcdaotest1,ou=users,ou=ds,dc=testcanfar";
		static String user2EntryDN = "uid=cadcdaotest2,ou=users,ou=ds,dc=testcanfar";
		static String user3EntryDN = "uid=cadcdaotest3,ou=users,ou=ds,dc=testcanfar";

		static HttpPrincipal user1HttpPrincipal;
		static HttpPrincipal user2HttpPrincipal;
		static HttpPrincipal user3HttpPrincipal;

		static DNPrincipal user1DNPrincipal;
		static DNPrincipal user2DNPrincipal;
		static DNPrincipal user3DNPrincipal;

		static X500Principal user1X500Principal;
		static X500Principal user2X500Principal;
		static X500Principal user3X500Principal;
		static X500Principal unknownPrincipal;

		static User daoTestUser1;
		static User daoTestUser2;
		static User daoTestUser3;
		static User unknownUser;

		static User augmentedDaoTestUser1;
		static User augmentedDaoTestUser2;

		static Subject daoTestUser1Subject;
		static Subject daoTestUser2Subject;
		static Subject anonSubject;
		@@ -148,47 +122,36 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
		// get the configuration of the development server from and config files...
		config = getLdapConfig();

		user1HttpPrincipal = new HttpPrincipal(user1Username);
		user2HttpPrincipal = new HttpPrincipal(user2Username);
		user3HttpPrincipal = new HttpPrincipal(user3Username);

		user1X500Principal = new X500Principal(user1DN);
		user2X500Principal = new X500Principal(user2DN);
		user3X500Principal = new X500Principal(user3DN);
		unknownPrincipal = new X500Principal(unknownDN);

		user1DNPrincipal = new DNPrincipal(user1EntryDN);
		user2DNPrincipal = new DNPrincipal(user2EntryDN);

		daoTestUser1 = new User();
		daoTestUser1.getIdentities().add(user1X500Principal);
		daoTestUser1.getIdentities().add(user1DNPrincipal);
		daoTestUser1.getIdentities().add(user1HttpPrincipal);
		daoTestUser2 = new User();
		daoTestUser2.getIdentities().add(user2X500Principal);
		daoTestUser2.getIdentities().add(user2DNPrincipal);
		daoTestUser2.getIdentities().add(user2HttpPrincipal);
		daoTestUser3 = new User();
		daoTestUser3.getIdentities().add(user3X500Principal);
		daoTestUser3.getIdentities().add(user3DNPrincipal);
		daoTestUser3.getIdentities().add(user3HttpPrincipal);
		unknownUser = new User();
		unknownUser.getIdentities().add(unknownPrincipal);
		HttpPrincipal httpPrincipal1 = new HttpPrincipal("CadcDaoTest1");
		HttpPrincipal httpPrincipal2 = new HttpPrincipal("CadcDaoTest2");
		HttpPrincipal httpPrincipal3 = new HttpPrincipal("CadcDaoTest3");

		daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
		daoTestUser2 = getUserDAO().getUser(httpPrincipal2);
		daoTestUser3 = getUserDAO().getUser(httpPrincipal3);

		augmentedDaoTestUser1 = getUserDAO().getAugmentedUser(httpPrincipal1);
		daoTestUser1Subject = new Subject();
		daoTestUser1Subject.getPrincipals().add(user1X500Principal);
		daoTestUser1Subject.getPrincipals().add(user1DNPrincipal);
		daoTestUser1Subject.getPrincipals().add(user1HttpPrincipal);
		daoTestUser1Subject.getPrincipals().addAll(augmentedDaoTestUser1.getIdentities());

		augmentedDaoTestUser2 = getUserDAO().getAugmentedUser(httpPrincipal2);
		daoTestUser2Subject = new Subject();
		daoTestUser2Subject.getPrincipals().add(user2X500Principal);
		daoTestUser2Subject.getPrincipals().add(user2DNPrincipal);
		daoTestUser2Subject.getPrincipals().add(user2HttpPrincipal);
		daoTestUser2Subject.getPrincipals().addAll(augmentedDaoTestUser2.getIdentities());

		HttpPrincipal unknownPrincipal = new HttpPrincipal("foo");
		unknownUser = new User();
		unknownUser.getIdentities().add(unknownPrincipal);

		anonSubject = new Subject();
		anonSubject.getPrincipals().add(unknownPrincipal);
		}

		static LdapUserDAO getUserDAO() throws Exception
		{
		LdapConnections connections = new LdapConnections(config);
		return new LdapUserDAO(connections);
		}

		LdapGroupDAO getGroupDAO() throws Exception
		{
		LdapConnections connections = new LdapConnections(config);
		@@ -212,7 +175,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
		try
		{
		Group expectGroup = new Group(getGroupID());
		TestUtil.setField(expectGroup, daoTestUser1, "owner");
		TestUtil.setField(expectGroup, augmentedDaoTestUser1, "owner");
		getGroupDAO().addGroup(expectGroup);
		Group actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
		log.info("addGroup: " + expectGroup.getID());
		@@ -227,7 +190,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
		assertGroupsEqual(expectGroup, actualGroup);

		Group otherGroup = new Group(getGroupID());
		TestUtil.setField(otherGroup, daoTestUser1, "owner");
		TestUtil.setField(otherGroup, augmentedDaoTestUser1, "owner");
		getGroupDAO().addGroup(otherGroup);
		otherGroup = getGroupDAO().getGroup(otherGroup.getID(), true);
		log.info("addGroup: " + otherGroup.getID());
		@@ -252,7 +215,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
		// the the returned result should contain only
		// one entry (the dn one)
		User duplicateIdentity = new User();
		duplicateIdentity.getIdentities().add(new HttpPrincipal(user2UID));
		duplicateIdentity.getIdentities().add(daoTestUser2.getHttpPrincipal());
		expectGroup.getUserMembers().add(daoTestUser2);
		expectGroup.getUserMembers().add(duplicateIdentity);
		actualGroup = getGroupDAO().modifyGroup(expectGroup);
		@@ -287,7 +250,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest

		// groupAdmins
		Group adminGroup = new Group(getGroupID());
		TestUtil.setField(adminGroup, daoTestUser1, "owner");
		TestUtil.setField(adminGroup, augmentedDaoTestUser1, "owner");
		getGroupDAO().addGroup(adminGroup);
		adminGroup = getGroupDAO().getGroup(adminGroup.getID(), true);
		expectGroup.getGroupAdmins().add(adminGroup);
		@@ -320,6 +283,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest

		// reactivate the group
		Group reactGroup = new Group(expectGroup.getID());
		TestUtil.setField(reactGroup, augmentedDaoTestUser1, "owner");
		getGroupDAO().addGroup(reactGroup);
		log.info("create (reactivate) group: " + expectGroup.getID());
		actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
		@@ -332,7 +296,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
		// create another group and make expected group
		// member of that group. Delete expected group after
		Group expectGroup2 = new Group(getGroupID());
		TestUtil.setField(expectGroup, daoTestUser1, "owner");
		TestUtil.setField(expectGroup2, augmentedDaoTestUser1, "owner");
		expectGroup2.getGroupAdmins().add(actualGroup);
		expectGroup2.getGroupMembers().add(actualGroup);
		getGroupDAO().addGroup(expectGroup2);