--- /dev/null
+package org.apache.archiva.redback.authentication.ldap;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.archiva.redback.authentication.AuthenticationDataSource;
+import org.apache.archiva.redback.authentication.AuthenticationException;
+import org.apache.archiva.redback.authentication.AuthenticationResult;
+import org.apache.archiva.redback.authentication.Authenticator;
+import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.codehaus.plexus.redback.common.ldap.UserMapper;
+import org.codehaus.plexus.redback.common.ldap.connection.LdapConnection;
+import org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory;
+import org.codehaus.plexus.redback.common.ldap.connection.LdapException;
+import org.codehaus.plexus.redback.configuration.UserConfiguration;
+import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+/**
+ * LdapBindAuthenticator:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@Service( "authenticator#ldap" )
+public class LdapBindAuthenticator
+ implements Authenticator
+{
+
+ private Logger log = LoggerFactory.getLogger( getClass() );
+
+ @Inject
+ @Named( value = "userMapper#ldap" )
+ private UserMapper mapper;
+
+ @Inject
+ @Named( value = "ldapConnectionFactory#configurable" )
+ private LdapConnectionFactory connectionFactory;
+
+ @Inject
+ @Named( value = "userConfiguration" )
+ private UserConfiguration config;
+
+ @Inject
+ private LdapCacheService ldapCacheService;
+
+ public String getId()
+ {
+ return "LdapBindAuthenticator";
+ }
+
+ public AuthenticationResult authenticate( AuthenticationDataSource s )
+ throws AuthenticationException
+ {
+ PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) s;
+
+ if ( !config.getBoolean( "ldap.bind.authenticator.enabled" ) || (
+ !config.getBoolean( "ldap.bind.authenticator.allowEmptyPasswords", false ) && StringUtils.isEmpty(
+ source.getPassword() ) ) )
+ {
+ return new AuthenticationResult( false, source.getPrincipal(), null );
+ }
+
+ SearchControls ctls = new SearchControls();
+
+ ctls.setCountLimit( 1 );
+
+ ctls.setDerefLinkFlag( true );
+ ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+
+ String filter = "(&(objectClass=" + mapper.getUserObjectClass() + ")"
+ + ( mapper.getUserFilter() != null ? mapper.getUserFilter() : "" ) + "(" + mapper.getUserIdAttribute() + "="
+ + source.getPrincipal() + "))";
+
+ log.info( "Searching for users with filter: \'{}\'" + " from base dn: {}", filter, mapper.getUserBaseDn() );
+
+ LdapConnection ldapConnection = getLdapConnection();
+ LdapConnection authLdapConnection = null;
+ NamingEnumeration<SearchResult> results = null;
+ try
+ {
+ // check the cache for user's userDn in the ldap server
+ String userDn = ldapCacheService.getLdapUserDn( source.getPrincipal() );
+
+ if( userDn == null )
+ {
+ log.debug( "userDn for user {} not found in cache. Retrieving from ldap server..", source.getPrincipal() );
+
+ DirContext context = ldapConnection.getDirContext();
+
+ results = context.search( mapper.getUserBaseDn(), filter, ctls );
+
+ log.info( "Found user?: {}", results.hasMoreElements() );
+
+ if ( results.hasMoreElements() )
+ {
+ SearchResult result = results.nextElement();
+
+ userDn = result.getNameInNamespace();
+
+ log.debug( "Adding userDn {} for user {} to the cache..", userDn, source.getPrincipal() );
+
+ // REDBACK-289/MRM-1488 cache the ldap user's userDn to lessen calls to ldap server
+ ldapCacheService.addLdapUserDn( source.getPrincipal(), userDn );
+ }
+ else
+ {
+ return new AuthenticationResult( false, source.getPrincipal(), null );
+ }
+ }
+
+ log.info( "Attempting Authenication: + {}", userDn );
+
+ authLdapConnection = connectionFactory.getConnection( userDn, source.getPassword() );
+
+ return new AuthenticationResult( true, source.getPrincipal(), null );
+ }
+ catch ( LdapException e )
+ {
+ return new AuthenticationResult( false, source.getPrincipal(), e );
+ }
+ catch ( NamingException e )
+ {
+ return new AuthenticationResult( false, source.getPrincipal(), e );
+ }
+ finally
+ {
+ closeNamingEnumeration( results );
+ closeLdapConnection( ldapConnection );
+ if ( authLdapConnection != null )
+ {
+ closeLdapConnection( authLdapConnection );
+ }
+ }
+ }
+
+ public boolean supportsDataSource( AuthenticationDataSource source )
+ {
+ return ( source instanceof PasswordBasedAuthenticationDataSource );
+ }
+
+ private LdapConnection getLdapConnection()
+ {
+ try
+ {
+ return connectionFactory.getConnection();
+ }
+ catch ( LdapException e )
+ {
+ log.warn( "failed to get a ldap connection " + e.getMessage(), e );
+ throw new RuntimeException( "failed to get a ldap connection " + e.getMessage(), e );
+ }
+ }
+
+ private void closeLdapConnection( LdapConnection ldapConnection )
+ {
+ if ( ldapConnection != null )
+ {
+ ldapConnection.close();
+ }
+ }
+
+ private void closeNamingEnumeration( NamingEnumeration<SearchResult> results )
+ {
+ try
+ {
+ if ( results != null )
+ {
+ results.close();
+ }
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "skip exception closing naming search result " + e.getMessage() );
+ }
+ }
+}
+++ /dev/null
-package org.codehaus.plexus.redback.authentication.ldap;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.archiva.redback.authentication.AuthenticationDataSource;
-import org.apache.archiva.redback.authentication.AuthenticationException;
-import org.apache.archiva.redback.authentication.AuthenticationResult;
-import org.apache.archiva.redback.authentication.Authenticator;
-import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.codehaus.plexus.redback.common.ldap.UserMapper;
-import org.codehaus.plexus.redback.common.ldap.connection.LdapConnection;
-import org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory;
-import org.codehaus.plexus.redback.common.ldap.connection.LdapException;
-import org.codehaus.plexus.redback.configuration.UserConfiguration;
-import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-
-/**
- * LdapBindAuthenticator:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@Service( "authenticator#ldap" )
-public class LdapBindAuthenticator
- implements Authenticator
-{
-
- private Logger log = LoggerFactory.getLogger( getClass() );
-
- @Inject
- @Named( value = "userMapper#ldap" )
- private UserMapper mapper;
-
- @Inject
- @Named( value = "ldapConnectionFactory#configurable" )
- private LdapConnectionFactory connectionFactory;
-
- @Inject
- @Named( value = "userConfiguration" )
- private UserConfiguration config;
-
- @Inject
- private LdapCacheService ldapCacheService;
-
- public String getId()
- {
- return "LdapBindAuthenticator";
- }
-
- public AuthenticationResult authenticate( AuthenticationDataSource s )
- throws AuthenticationException
- {
- PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) s;
-
- if ( !config.getBoolean( "ldap.bind.authenticator.enabled" ) || (
- !config.getBoolean( "ldap.bind.authenticator.allowEmptyPasswords", false ) && StringUtils.isEmpty(
- source.getPassword() ) ) )
- {
- return new AuthenticationResult( false, source.getPrincipal(), null );
- }
-
- SearchControls ctls = new SearchControls();
-
- ctls.setCountLimit( 1 );
-
- ctls.setDerefLinkFlag( true );
- ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-
- String filter = "(&(objectClass=" + mapper.getUserObjectClass() + ")"
- + ( mapper.getUserFilter() != null ? mapper.getUserFilter() : "" ) + "(" + mapper.getUserIdAttribute() + "="
- + source.getPrincipal() + "))";
-
- log.info( "Searching for users with filter: \'{}\'" + " from base dn: {}", filter, mapper.getUserBaseDn() );
-
- LdapConnection ldapConnection = getLdapConnection();
- LdapConnection authLdapConnection = null;
- NamingEnumeration<SearchResult> results = null;
- try
- {
- // check the cache for user's userDn in the ldap server
- String userDn = ldapCacheService.getLdapUserDn( source.getPrincipal() );
-
- if( userDn == null )
- {
- log.debug( "userDn for user {} not found in cache. Retrieving from ldap server..", source.getPrincipal() );
-
- DirContext context = ldapConnection.getDirContext();
-
- results = context.search( mapper.getUserBaseDn(), filter, ctls );
-
- log.info( "Found user?: {}", results.hasMoreElements() );
-
- if ( results.hasMoreElements() )
- {
- SearchResult result = results.nextElement();
-
- userDn = result.getNameInNamespace();
-
- log.debug( "Adding userDn {} for user {} to the cache..", userDn, source.getPrincipal() );
-
- // REDBACK-289/MRM-1488 cache the ldap user's userDn to lessen calls to ldap server
- ldapCacheService.addLdapUserDn( source.getPrincipal(), userDn );
- }
- else
- {
- return new AuthenticationResult( false, source.getPrincipal(), null );
- }
- }
-
- log.info( "Attempting Authenication: + {}", userDn );
-
- authLdapConnection = connectionFactory.getConnection( userDn, source.getPassword() );
-
- return new AuthenticationResult( true, source.getPrincipal(), null );
- }
- catch ( LdapException e )
- {
- return new AuthenticationResult( false, source.getPrincipal(), e );
- }
- catch ( NamingException e )
- {
- return new AuthenticationResult( false, source.getPrincipal(), e );
- }
- finally
- {
- closeNamingEnumeration( results );
- closeLdapConnection( ldapConnection );
- if ( authLdapConnection != null )
- {
- closeLdapConnection( authLdapConnection );
- }
- }
- }
-
- public boolean supportsDataSource( AuthenticationDataSource source )
- {
- return ( source instanceof PasswordBasedAuthenticationDataSource );
- }
-
- private LdapConnection getLdapConnection()
- {
- try
- {
- return connectionFactory.getConnection();
- }
- catch ( LdapException e )
- {
- log.warn( "failed to get a ldap connection " + e.getMessage(), e );
- throw new RuntimeException( "failed to get a ldap connection " + e.getMessage(), e );
- }
- }
-
- private void closeLdapConnection( LdapConnection ldapConnection )
- {
- if ( ldapConnection != null )
- {
- ldapConnection.close();
- }
- }
-
- private void closeNamingEnumeration( NamingEnumeration<SearchResult> results )
- {
- try
- {
- if ( results != null )
- {
- results.close();
- }
- }
- catch ( NamingException e )
- {
- log.warn( "skip exception closing naming search result " + e.getMessage() );
- }
- }
-}
<context:annotation-config />
<context:component-scan
- base-package="org.codehaus.plexus.redback.authentication.ldap"/>
+ base-package="org.apache.archiva.redback.authentication.ldap"/>
</beans>
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.authentication.ldap;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.authentication.AuthenticationResult;
+import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.apache.archiva.redback.authentication.ldap.LdapBindAuthenticator;
+import org.codehaus.plexus.redback.policy.PasswordEncoder;
+import org.codehaus.plexus.redback.policy.encoders.SHA1PasswordEncoder;
+import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
+import org.codehaus.redback.components.apacheds.ApacheDs;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import java.util.Calendar;
+
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = "classpath*:/META-INF/spring-context.xml" )
+public class LdapBindAuthenticatorTest
+ extends TestCase
+{
+
+ protected Logger log = LoggerFactory.getLogger( getClass() );
+
+ @Inject
+ @Named( value = "apacheDS#test" )
+ private ApacheDs apacheDs;
+
+ @Inject
+ private LdapBindAuthenticator authnr;
+
+ private String suffix;
+
+ private PasswordEncoder passwordEncoder;
+
+ @Inject
+ private LdapCacheService ldapCacheService;
+
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+
+ passwordEncoder = new SHA1PasswordEncoder();
+
+ suffix =
+ apacheDs.addSimplePartition( "test", new String[]{ "redback", "plexus", "codehaus", "org" } ).getSuffix();
+
+ log.info( "DN Suffix: " + suffix );
+
+ apacheDs.startServer();
+
+ makeUsers();
+
+ }
+
+ @After
+ public void tearDown()
+ throws Exception
+ {
+ // clear the cache
+ ldapCacheService.removeAllLdapUserDn();
+
+ InitialDirContext context = apacheDs.getAdminContext();
+
+ context.unbind( createDn( "jesse" ) );
+
+ context.unbind( createDn( "joakim" ) );
+
+ context.unbind( createDn( "brent" ) );
+
+ if ( !apacheDs.isStopped() )
+ {
+ apacheDs.stopServer();
+ }
+
+ super.tearDown();
+ }
+
+ @Test
+ public void testAuthenticationEmptyPassword()
+ throws Exception
+ {
+ PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
+
+ // Would throw NPE if attempting to bind, this hack tests bind prevention
+ authDs.setPrincipal( "brent" );
+ authDs.setPassword( null );
+ AuthenticationResult result = authnr.authenticate( authDs );
+ assertFalse( result.isAuthenticated() );
+
+ // This passes anyway on ApacheDS, but not true for AD or Novel eDir
+ authDs.setPassword( "" );
+ result = authnr.authenticate( authDs );
+ assertFalse( result.isAuthenticated() );
+ }
+
+ @Test
+ public void testAuthentication()
+ throws Exception
+ {
+ PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
+ authDs.setPrincipal( "jesse" );
+ authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
+ AuthenticationResult result = authnr.authenticate( authDs );
+ assertTrue( result.isAuthenticated() );
+ }
+
+ // REDBACK-289/MRM-1488
+ @Test
+ public void testAuthenticationFromCache()
+ throws Exception
+ {
+ PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
+ authDs.setPrincipal( "jesse" );
+ authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
+
+ // user shouldn't be in the cache yet
+ assertNull( ldapCacheService.getLdapUserDn( "jesse" ) );
+
+ long startTime = Calendar.getInstance().getTimeInMillis();
+ AuthenticationResult result = authnr.authenticate( authDs );
+ long endTime = Calendar.getInstance().getTimeInMillis();
+
+ assertTrue( result.isAuthenticated() );
+
+ long firstAuth = endTime - startTime;
+
+ // user should be in the cache now
+ assertNotNull( ldapCacheService.getLdapUserDn( "jesse" ) );
+
+ startTime = Calendar.getInstance().getTimeInMillis();
+ result = authnr.authenticate( authDs );
+ endTime = Calendar.getInstance().getTimeInMillis();
+
+ long secondAuth = endTime - startTime;
+
+ assertTrue( "Second authn should be quicker!", secondAuth < firstAuth );
+ }
+
+ private void makeUsers()
+ throws Exception
+ {
+ InitialDirContext context = apacheDs.getAdminContext();
+
+ String cn = "jesse";
+ bindUserObject( context, cn, createDn( cn ) );
+
+ cn = "joakim";
+ bindUserObject( context, cn, createDn( cn ) );
+
+ cn = "brent";
+ bindUserObject( context, cn, createDn( cn ) );
+ }
+
+ private void bindUserObject( DirContext context, String cn, String dn )
+ throws Exception
+ {
+ Attributes attributes = new BasicAttributes( true );
+ BasicAttribute objectClass = new BasicAttribute( "objectClass" );
+ objectClass.add( "top" );
+ objectClass.add( "inetOrgPerson" );
+ objectClass.add( "person" );
+ objectClass.add( "organizationalperson" );
+ attributes.put( objectClass );
+ attributes.put( "cn", cn );
+ attributes.put( "sn", "foo" );
+ attributes.put( "mail", "foo" );
+ attributes.put( "userPassword", passwordEncoder.encodePassword( "foo" ) );
+ attributes.put( "givenName", "foo" );
+ context.createSubcontext( dn, attributes );
+ }
+
+ private String createDn( String cn )
+ {
+ return "cn=" + cn + "," + suffix;
+ }
+}
+++ /dev/null
-package org.codehaus.plexus.redback.authentication.ldap;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.authentication.AuthenticationResult;
-import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.codehaus.plexus.redback.policy.PasswordEncoder;
-import org.codehaus.plexus.redback.policy.encoders.SHA1PasswordEncoder;
-import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
-import org.codehaus.redback.components.apacheds.ApacheDs;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import java.util.Calendar;
-
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = "classpath*:/META-INF/spring-context.xml" )
-public class LdapBindAuthenticatorTest
- extends TestCase
-{
-
- protected Logger log = LoggerFactory.getLogger( getClass() );
-
- @Inject
- @Named( value = "apacheDS#test" )
- private ApacheDs apacheDs;
-
- @Inject
- private LdapBindAuthenticator authnr;
-
- private String suffix;
-
- private PasswordEncoder passwordEncoder;
-
- @Inject
- private LdapCacheService ldapCacheService;
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
-
- passwordEncoder = new SHA1PasswordEncoder();
-
- suffix =
- apacheDs.addSimplePartition( "test", new String[]{ "redback", "plexus", "codehaus", "org" } ).getSuffix();
-
- log.info( "DN Suffix: " + suffix );
-
- apacheDs.startServer();
-
- makeUsers();
-
- }
-
- @After
- public void tearDown()
- throws Exception
- {
- // clear the cache
- ldapCacheService.removeAllLdapUserDn();
-
- InitialDirContext context = apacheDs.getAdminContext();
-
- context.unbind( createDn( "jesse" ) );
-
- context.unbind( createDn( "joakim" ) );
-
- context.unbind( createDn( "brent" ) );
-
- if ( !apacheDs.isStopped() )
- {
- apacheDs.stopServer();
- }
-
- super.tearDown();
- }
-
- @Test
- public void testAuthenticationEmptyPassword()
- throws Exception
- {
- PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
-
- // Would throw NPE if attempting to bind, this hack tests bind prevention
- authDs.setPrincipal( "brent" );
- authDs.setPassword( null );
- AuthenticationResult result = authnr.authenticate( authDs );
- assertFalse( result.isAuthenticated() );
-
- // This passes anyway on ApacheDS, but not true for AD or Novel eDir
- authDs.setPassword( "" );
- result = authnr.authenticate( authDs );
- assertFalse( result.isAuthenticated() );
- }
-
- @Test
- public void testAuthentication()
- throws Exception
- {
- PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
- authDs.setPrincipal( "jesse" );
- authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
- AuthenticationResult result = authnr.authenticate( authDs );
- assertTrue( result.isAuthenticated() );
- }
-
- // REDBACK-289/MRM-1488
- @Test
- public void testAuthenticationFromCache()
- throws Exception
- {
- PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
- authDs.setPrincipal( "jesse" );
- authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
-
- // user shouldn't be in the cache yet
- assertNull( ldapCacheService.getLdapUserDn( "jesse" ) );
-
- long startTime = Calendar.getInstance().getTimeInMillis();
- AuthenticationResult result = authnr.authenticate( authDs );
- long endTime = Calendar.getInstance().getTimeInMillis();
-
- assertTrue( result.isAuthenticated() );
-
- long firstAuth = endTime - startTime;
-
- // user should be in the cache now
- assertNotNull( ldapCacheService.getLdapUserDn( "jesse" ) );
-
- startTime = Calendar.getInstance().getTimeInMillis();
- result = authnr.authenticate( authDs );
- endTime = Calendar.getInstance().getTimeInMillis();
-
- long secondAuth = endTime - startTime;
-
- assertTrue( "Second authn should be quicker!", secondAuth < firstAuth );
- }
-
- private void makeUsers()
- throws Exception
- {
- InitialDirContext context = apacheDs.getAdminContext();
-
- String cn = "jesse";
- bindUserObject( context, cn, createDn( cn ) );
-
- cn = "joakim";
- bindUserObject( context, cn, createDn( cn ) );
-
- cn = "brent";
- bindUserObject( context, cn, createDn( cn ) );
- }
-
- private void bindUserObject( DirContext context, String cn, String dn )
- throws Exception
- {
- Attributes attributes = new BasicAttributes( true );
- BasicAttribute objectClass = new BasicAttribute( "objectClass" );
- objectClass.add( "top" );
- objectClass.add( "inetOrgPerson" );
- objectClass.add( "person" );
- objectClass.add( "organizationalperson" );
- attributes.put( objectClass );
- attributes.put( "cn", cn );
- attributes.put( "sn", "foo" );
- attributes.put( "mail", "foo" );
- attributes.put( "userPassword", passwordEncoder.encodePassword( "foo" ) );
- attributes.put( "givenName", "foo" );
- context.createSubcontext( dn, attributes );
- }
-
- private String createDn( String cn )
- {
- return "cn=" + cn + "," + suffix;
- }
-}
projects / archiva.git / commitdiff