1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.realm.activedirectory;
20
21 import org.apache.shiro.SecurityUtils;
22 import org.apache.shiro.authc.*;
23 import org.apache.shiro.authc.credential.CredentialsMatcher;
24 import org.apache.shiro.authz.AuthorizationInfo;
25 import org.apache.shiro.authz.SimpleAuthorizationInfo;
26 import org.apache.shiro.mgt.DefaultSecurityManager;
27 import org.apache.shiro.realm.AuthorizingRealm;
28 import org.apache.shiro.realm.UserIdPrincipal;
29 import org.apache.shiro.realm.UsernamePrincipal;
30 import org.apache.shiro.realm.ldap.LdapContextFactory;
31 import org.apache.shiro.subject.PrincipalCollection;
32 import org.apache.shiro.subject.SimplePrincipalCollection;
33 import org.apache.shiro.subject.Subject;
34 import org.apache.shiro.util.ThreadContext;
35 import org.junit.After;
36 import org.junit.Before;
37 import org.junit.Test;
38
39 import javax.naming.NamingException;
40 import java.util.HashSet;
41 import java.util.Set;
42
43 import static org.junit.Assert.assertTrue;
44
45
46
47
48
49
50
51
52
53
54
55 public class ActiveDirectoryRealmTest {
56
57 DefaultSecurityManager securityManager = null;
58 AuthorizingRealm realm;
59
60 private static final String USERNAME = "testuser";
61 private static final String PASSWORD = "password";
62 private static final int USER_ID = 12345;
63 private static final String ROLE = "admin";
64
65 @Before
66 public void setup() {
67 ThreadContext.remove();
68 realm = new TestActiveDirectoryRealm();
69 securityManager = new DefaultSecurityManager(realm);
70 SecurityUtils.setSecurityManager(securityManager);
71 }
72
73 @After
74 public void tearDown() {
75 SecurityUtils.setSecurityManager(null);
76 securityManager.destroy();
77 ThreadContext.remove();
78 }
79
80 @Test
81 public void testDefaultConfig() {
82 String localhost = "localhost";
83 Subject subject = SecurityUtils.getSubject();
84 subject.login(new UsernamePasswordToken(USERNAME, PASSWORD, localhost));
85 assertTrue(subject.isAuthenticated());
86 assertTrue(subject.hasRole(ROLE));
87
88
89 UsernamePrincipal usernamePrincipal = subject.getPrincipals().oneByType(UsernamePrincipal.class);
90 assertTrue(usernamePrincipal.getUsername().equals(USERNAME));
91
92 UserIdPrincipal userIdPrincipal = subject.getPrincipals().oneByType(UserIdPrincipal.class);
93 assertTrue(userIdPrincipal.getUserId() == USER_ID);
94
95 assertTrue(realm.hasRole(subject.getPrincipals(), ROLE));
96
97 subject.logout();
98 }
99
100 public class TestActiveDirectoryRealm extends ActiveDirectoryRealm {
101
102
103
104
105 CredentialsMatcher credentialsMatcher;
106
107 public TestActiveDirectoryRealm() {
108 super();
109
110
111 credentialsMatcher = new CredentialsMatcher() {
112 public boolean doCredentialsMatch(AuthenticationToken object, AuthenticationInfo object1) {
113 return true;
114 }
115 };
116
117 setCredentialsMatcher(credentialsMatcher);
118 }
119
120
121 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
122 SimpleAccount account = (SimpleAccount) super.doGetAuthenticationInfo(token);
123
124 if (account != null) {
125 SimplePrincipalCollection principals = new SimplePrincipalCollection();
126 principals.add(new UserIdPrincipal(USER_ID), getName());
127 principals.add(new UsernamePrincipal(USERNAME), getName());
128 account.setPrincipals(principals);
129 }
130
131 return account;
132
133 }
134
135 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
136 Set<String> roles = new HashSet<String>();
137 roles.add(ROLE);
138 return new SimpleAuthorizationInfo(roles);
139 }
140
141
142 protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
143 return new SimpleAccount(token.getPrincipal(), token.getCredentials(), getName());
144 }
145
146 }
147
148 }