View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.realm.activedirectory;
20  
21  import org.apache.shiro.SecurityUtils;
22  import org.apache.shiro.authc.*;
23  import org.apache.shiro.authc.credential.CredentialsMatcher;
24  import org.apache.shiro.authz.AuthorizationInfo;
25  import org.apache.shiro.authz.SimpleAuthorizationInfo;
26  import org.apache.shiro.mgt.DefaultSecurityManager;
27  import org.apache.shiro.realm.AuthorizingRealm;
28  import org.apache.shiro.realm.UserIdPrincipal;
29  import org.apache.shiro.realm.UsernamePrincipal;
30  import org.apache.shiro.realm.ldap.LdapContextFactory;
31  import org.apache.shiro.subject.PrincipalCollection;
32  import org.apache.shiro.subject.SimplePrincipalCollection;
33  import org.apache.shiro.subject.Subject;
34  import org.apache.shiro.util.ThreadContext;
35  import org.junit.After;
36  import org.junit.Before;
37  import org.junit.Test;
38  
39  import javax.naming.NamingException;
40  import java.util.HashSet;
41  import java.util.Set;
42  
43  import static org.junit.Assert.assertTrue;
44  
45  
46  /**
47   * Simple test case for ActiveDirectoryRealm.
48   * <p/>
49   * todo:  While the original incarnation of this test case does not actually test the
50   * heart of ActiveDirectoryRealm (no meaningful implemenation of queryForLdapAccount, etc) it obviously should.
51   * This version was intended to mimic my current usage scenario in an effort to debug upgrade issues which were not related
52   * to LDAP connectivity.
53   *
54   */
55  public class ActiveDirectoryRealmTest {
56  
57      DefaultSecurityManager securityManager = null;
58      AuthorizingRealm realm;
59  
60      private static final String USERNAME = "testuser";
61      private static final String PASSWORD = "password";
62      private static final int USER_ID = 12345;
63      private static final String ROLE = "admin";
64  
65      @Before
66      public void setup() {
67          ThreadContext.remove();
68          realm = new TestActiveDirectoryRealm();
69          securityManager = new DefaultSecurityManager(realm);
70          SecurityUtils.setSecurityManager(securityManager);
71      }
72  
73      @After
74      public void tearDown() {
75          SecurityUtils.setSecurityManager(null);
76          securityManager.destroy();
77          ThreadContext.remove();
78      }
79  
80      @Test
81      public void testDefaultConfig() {
82          String localhost = "localhost";
83          Subject subject = SecurityUtils.getSubject();
84          subject.login(new UsernamePasswordToken(USERNAME, PASSWORD, localhost));
85          assertTrue(subject.isAuthenticated());
86          assertTrue(subject.hasRole(ROLE));
87  
88  
89          UsernamePrincipal usernamePrincipal = subject.getPrincipals().oneByType(UsernamePrincipal.class);
90          assertTrue(usernamePrincipal.getUsername().equals(USERNAME));
91  
92          UserIdPrincipal userIdPrincipal = subject.getPrincipals().oneByType(UserIdPrincipal.class);
93          assertTrue(userIdPrincipal.getUserId() == USER_ID);
94  
95          assertTrue(realm.hasRole(subject.getPrincipals(), ROLE));
96  
97          subject.logout();
98      }
99  
100     public class TestActiveDirectoryRealm extends ActiveDirectoryRealm {
101 
102         /*--------------------------------------------
103         |         C O N S T R U C T O R S           |
104             ============================================*/
105         CredentialsMatcher credentialsMatcher;
106 
107         public TestActiveDirectoryRealm() {
108             super();
109 
110 
111             credentialsMatcher = new CredentialsMatcher() {
112                 public boolean doCredentialsMatch(AuthenticationToken object, AuthenticationInfo object1) {
113                     return true;
114                 }
115             };
116 
117             setCredentialsMatcher(credentialsMatcher);
118         }
119 
120 
121         protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
122             SimpleAccount account = (SimpleAccount) super.doGetAuthenticationInfo(token);
123 
124             if (account != null) {
125                 SimplePrincipalCollection principals = new SimplePrincipalCollection();
126                 principals.add(new UserIdPrincipal(USER_ID), getName());
127                 principals.add(new UsernamePrincipal(USERNAME), getName());
128                 account.setPrincipals(principals);
129             }
130 
131             return account;
132 
133         }
134 
135         protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
136             Set<String> roles = new HashSet<String>();
137             roles.add(ROLE);
138             return new SimpleAuthorizationInfo(roles);
139         }
140 
141         // override ldap query because i don't care about testing that piece in this case
142         protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
143             return new SimpleAccount(token.getPrincipal(), token.getCredentials(), getName());
144         }
145 
146     }
147 
148 }