ExtOpTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2009 Sun Microsystems, Inc.
* Portions Copyright 2015 ForgeRock AS
*/
/**
* Unit test to test the extop ACI keyword.
*/
public class ExtOpTestCase extends AciTestCase {
//Allow either reportauthzID or passwordpolicy controls. Used in the
//bind tests.
private static final
OID_PASSWORD_POLICY_CONTROL + "\")" +
"(version 3.0; acl \"control\";" +
"allow(read) userdn=\"ldap:///" + "anyone" + "\";)";
//Allow only password modify extended op.
private static final
"(version 3.0; acl \"extended op\";" +
"allow(read) userdn=\"ldap:///" + "anyone" + "\";)";
//Allow all extended ops based on extop = *.
private static final
"(extop=\"" + "*" + "\")" +
"(version 3.0; acl \"extended op WC\";" +
"allow(read) userdn=\"ldap:///" + "anyone" + "\";)";
//Dis-allow all extended ops based on extop != *"
private static final
"(extop!=\"" + "*" + "\")" +
"(version 3.0; acl \"extended op no wc\";" +
"allow(read) userdn=\"ldap:///" + "anyone" + "\";)";
//Allow all attributes to be modified - so the password can be changed.
private static final
"(version 3.0;acl \"all access\";" +
"allow (all) " +
"userdn=\"ldap:///self\";)";
//Allow pwd modify to people branch.
private static final
OID_PASSWORD_MODIFY_REQUEST + "\")" +
"(version 3.0; acl \"extended op\";" +
"allow(read) userdn=\"ldap:///" + "anyone" + "\";)";
//Dis-allow pwd modify to admin branch.
private static final
"(version 3.0; acl \"extended op\";" +
"allow(read) userdn=\"ldap:///" + "anyone" + "\";)";
//Test for side effect -- targetattr rule gives access to denied extended
//op.
private static final
"(extop = \"1.2.3.4\")" +
"(targetattr != \"userpassword\")" +
"(version 3.0; acl \"extended op\";" +
"allow(all) userdn=\"ldap:///" + "anyone" + "\";)";
public void setupClass() throws Exception {
addEntries("o=test");
}
public void clearBackend() throws Exception {
}
/**
* Test access to extended op using wildcard.
*
* @throws Exception If an unexpected result is returned.
*/
@Test
public void testExtendOpPwdWC() throws Exception {
//Pass the people branch has access to all extended op using wild-card.
//Fail the admin branch has no access to the extended op.
}
/**
* Test denied access to extended operation based on a extop rule
* deny all using a wild-card.
*
* @throws Exception If an unexpected result is returned.
*/
@Test
public void testExtendOpPwdNotWC() throws Exception {
}
/**
* Test access to extended op using one ACI to allow access to the
* extended op and another ACI to allow the pwd change..
*
* @throws Exception If an unexpected result is returned.
*/
@Test
public void testExtendOpPwd() throws Exception {
}
/**
* Test access to disallowed extended op based on a targetattr rule allowing
* access.
*
* @throws Exception If an unexpected result is returned.
*/
@Test
public void testTargetattrSideEffect() throws Exception {
//Fail because pwd not an allowed extended operation.
}
/**
* Test access to pwd changes using global ACIs with target statements giving
* access to different parts of the DIT.
*
* @throws Exception If an unexpected result is returned.
*/
@Test
public void testGlobalTargets() throws Exception {
//Succeed because ACI gives access to people branch.
//Fail because ACI doesn't give access to admin branch.
}
}