TargetTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2009 Sun Microsystems, Inc.
* Portions Copyright 2014-2015 ForgeRock AS
*/
public class TargetTestCase extends AciTestCase
{
private static final
"(version 3.0; acl \"entryCheck aci\";" +
"deny(all) (ssf < \"1\");)";
private static final
"(version 3.0; acl \"user attr ACI\"; " +
"allow (search, read, compare) " +
"userdn=\"ldap:///anyone\";)";
public Object[][] matchingPatterns()
{
return new Object[][] {
{
"uid=bj*,ou=people,dc=example,dc=com",
"uid=bjensen,ou=people,dc=example,dc=com"
},
{
"uid=*,ou=people,dc=example,dc=com",
"uid=bjensen,ou=people,dc=example,dc=com"
},
{
"uid=bjensen*,**",
"uid=bjensen,ou=people,dc=example,dc=com"
},
{
"*jensen,ou=People,dc=example,dc=com",
"uid=bjensen,ou=people,dc=example,dc=com"
},
{
"bjensen,ou=People,dc=example,dc=com",
"uid=bjensen,ou=people,dc=example,dc=com"
},
{
"**",
"uid=bjensen,ou=people,dc=example,dc=com"
},
{
"*",
"dc=com"
},
{
"uid=bj*+sn=*,ou=people,dc=example,dc=com",
"sn=jensen+uid=bjensen,ou=people,dc=example,dc=com"
},
{
"bjensen",
"uid=bjensen"
},
{
"uid=dmiller, **, ou=branch level two, **, ou=aci branches, " +
"dc=example,dc=com",
"uid=dmiller, ou=branch level three, ou=branch level two, " +
"ou=branch level one, ou=aci branches, dc=example,dc=com"
},
};
}
public Object[][] nonMatchingPatterns()
{
return new Object[][] {
{
"uid=bj*,ou=people,dc=example,dc=com",
"uid=bjensen,ou=j,ou=people,dc=example,dc=com"
},
{
"uid=*,ou=people,dc=example,dc=com",
"cn=bjensen,ou=people,dc=example,dc=com"
},
{
"uid=bjensen*,**",
"uid=bjensen"
},
{
"**",
""
},
{
"*",
"dc=example,dc=com"
},
{
"uid=bj*+cn=*,ou=people,dc=example,dc=com",
"sn=jensen+uid=bjensen,ou=people,dc=example,dc=com"
},
{
"uid=dmiller, **, ou=Bad branch level, **, ou=aci branches, " +
"dc=example,dc=com",
"uid=dmiller, ou=branch level three, ou=branch level two, " +
"ou=branch level one, ou=aci branches, dc=example,dc=com"
},
{
"uid=dmiller, **, dc=example,dc=com",
"uid=dmiller, dc=example,dc=com"
},
};
}
public Object[][] invalidPatterns()
{
return new Object[][] {
{
"uid=bj**,ou=people,dc=example,dc=com"
},
{
"uid*=bjensen,ou=people,dc=example,dc=com",
},
{
"uid=bjensen*,***",
},
{
"uid=bjensen+*=jensen,ou=people,dc=example,dc=com"
},
};
}
public Object[][] applicableTargets()
{
return new Object[][] {
{
"dc=example,dc=com",
"(target=\"ldap:///uid=bj*,ou=people,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=*,ou=people,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=bjensen*,**\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=*,*,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=*,ou=*,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=BJ*,ou=people,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target!=\"ldap:///cn=*,ou=people,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///*,ou=people,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=bjensen,**,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=bjensen,*,*,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///*=*jensen,ou=People,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///*jensen,ou=People,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"ou=aci branch,o=ACI Tests,dc=example,dc=com",
"(target=\"ldap:///ou=Peo*,ou=aci branch, o=ACI Tests," +
"dc=example,dc=com\")(targetattr=\"*\")" +
"(version 3.0; acl \"add_aci3\"; allow" +
"(search,read) userdn=\"ldap:///all\";)",
"uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com",
},
{
"ou=aci branch,o=ACI Tests,dc=example,dc=com",
"(target=\"ldap:///ou=*eople,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com\")(targetattr=\"*\")" +
"(version 3.0; acl \"add_aci3\"; allow" +
"(search,read) userdn=\"ldap:///all\";)",
"uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com",
},
{
"ou=aci branch,o=ACI Tests,dc=example,dc=com",
"(target=\"ldap:///ou=Pe*le,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com\")(targetattr=\"*\")" +
"(version 3.0; acl \"add_aci3\"; allow" +
"(search,read) userdn=\"ldap:///all\";)",
"uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com",
},
{
"ou=aci branch,o=ACI Tests,dc=example,dc=com",
"(target=\"ldap:///ou=Pe*l*,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com\")(targetattr=\"*\")" +
"(version 3.0; acl \"add_aci3\"; allow" +
"(search,read) userdn=\"ldap:///all\";)",
"uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
"dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///**\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///*\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
};
}
public Object[][] nonApplicableTargets()
{
return new Object[][] {
{
"ou=staff,dc=example,dc=com",
"(target=\"ldap:///uid=bj*,ou=people,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"uid=bjensen,ou=people,dc=example,dc=com",
"(targetattr=\"*\")(targetScope=\"onelevel\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=bjensen,*,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=bjensen*,*\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///uid=*,dc=example,dc=com\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"uid=bjensen,ou=people,dc=example,dc=com",
},
{
"dc=example,dc=com",
"(target=\"ldap:///**\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"",
},
{
"dc=example,dc=com",
"(target=\"ldap:///*\")" +
"(targetattr=\"*\")(targetScope=\"subtree\")" +
"(version 3.0; acl \"example\";" +
" allow (all) userdn=\"ldap:///self\";)",
"",
},
};
}
public void setupClass() throws Exception {
addEntries("o=test");
}
throws Exception
{
}
throws Exception
{
}
expectedExceptions = DirectoryException.class)
throws Exception
{
}
throws Exception
{
aci.getTargets(),
" did not apply to " + entryDN);
}
throws Exception
{
aci.getTargets(),
" incorrectly applied to " + entryDN);
}
/**
* Test entry check ACI. Related to issue 4278.
*
* @throws Exception If a test doesn't pass.
*/
@Test
public void testEntryCheckACI() throws Exception {
try {
}
finally
{
}
}
}