JmxPrivilegeTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * CDDL HEADER START
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms of the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Common Development and Distribution License, Version 1.0 only
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the "License"). You may not use this file except in compliance
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * or http://forgerock.org/license/CDDLv1.0.html.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing permissions
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL HEADER in each
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * file and include the License file at legal-notices/CDDLv1_0.txt.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below this CDDL HEADER, with the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * fields enclosed by brackets "[]" replaced with your own identifying
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Portions Copyright [yyyy] [name of copyright owner]
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * CDDL HEADER END
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright 2008-2010 Sun Microsystems, Inc.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Portions Copyright 2011-2015 ForgeRock AS
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.opendj.ldap.ModificationType;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.backends.task.TaskBackend;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.backends.task.TaskState;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.controls.ProxiedAuthV1Control;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.controls.ProxiedAuthV2Control;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.core.AddOperationBasis;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.core.CompareOperationBasis;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.core.DeleteOperationBasis;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.core.ModifyDNOperationBasis;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.core.ModifyOperationBasis;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.core.SchemaConfigManager;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.protocols.internal.InternalClientConnection;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.protocols.internal.InternalSearchOperation;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.opends.server.protocols.internal.SearchRequest;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport static org.opends.messages.ProtocolMessages.*;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport static org.opends.server.protocols.internal.InternalClientConnection.*;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport static org.opends.server.protocols.internal.Requests.*;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This class provides a set of test cases for the Directory Server JMX
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * privilege subsystem.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic class JmxPrivilegeTestCase extends JmxTestCase
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * An array of boolean values that indicates whether config read operations
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * should be successful for users in the corresponding slots of the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * connections array.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster private boolean[] successful;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The set of client connections that should be used when performing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * operations.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Make sure that the server is running and that an appropriate set of
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * structures are in place.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @throws Exception If an unexpected problem occurs.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=Unprivileged Root,cn=Root DNs,cn=config",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: ds-cfg-root-dn-user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: Unprivileged Root",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: Unprivileged",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "uid: unprivileged.root",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userPassword: password",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: config-read",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: config-write",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: password-reset",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: update-schema",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: ldif-import",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: ldif-export",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: backend-backup",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: backend-restore",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: unindexed-search",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: -jmx-read",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: -jmx-write",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=Unprivileged JMX Root,cn=Root DNs,cn=config",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: ds-cfg-root-dn-user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: Unprivileged Root",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: Unprivileged",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "uid: unprivileged.root",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userPassword: password",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=Proxy Root,cn=Root DNs,cn=config",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: ds-cfg-root-dn-user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: Proxy Root",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: Proxy",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "uid: proxy.root",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userPassword: password",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: proxied-auth",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: jmx-read",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: jmx-write",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=Privileged User,o=test",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: Privileged User",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: Privileged",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "uid: privileged.user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userPassword: password",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: config-read",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: config-write",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: password-reset",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: update-schema",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: ldif-import",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: ldif-export",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: backend-backup",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: backend-restore",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: proxied-auth",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: bypass-acl",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: unindexed-search",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: jmx-read",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: jmx-write",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: subentry-write",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn=Password Policies,cn=config",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=Unprivileged User,o=test",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: Unprivileged User",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: Unprivileged",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "uid: unprivileged.user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-privilege-name: bypass-acl",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userPassword: password",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn=Password Policies,cn=config",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=PWReset Target,o=test",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: PWReset Target",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: PWReset",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "sn: Target",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "uid: pwreset.target",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userPassword: password");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: o=test",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "changetype: modify",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "aci: (version 3.0; acl \"Proxy Root\"; allow (proxy) " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userdn=\"ldap:///cn=Proxy Root,cn=Root DNs,cn=config\";)",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "aci: (version 3.0; acl \"Unprivileged Root\"; allow (proxy) " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userdn=\"ldap:///cn=Unprivileged Root,cn=Root DNs,cn=config\";)",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "aci: (version 3.0; acl \"Privileged User\"; allow (proxy) " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "userdn=\"ldap:///cn=Privileged User,o=test\";)",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "aci: (targetattr=\"*\")(version 3.0; acl \"PWReset Target\"; " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "allow (all) userdn=\"ldap:///cn=PWReset Target,o=test\";)");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Build the array of connections we will use to perform the tests.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster JmxConnectionHandler jmxCtx = getJmxConnectionHandler();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster ArrayList<Boolean> successList = new ArrayList<Boolean>();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster connList.add(new JmxClientConnection(jmxCtx,new AuthenticationInfo()));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster userDN = "cn=Unprivileged Root,cn=Root DNs,cn=config";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster userEntry = DirectoryServer.getEntry(DN.valueOf(userDN));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster authInfo = new AuthenticationInfo(userEntry, true);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster connList.add(new JmxClientConnection(jmxCtx,authInfo));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster userDN = "cn=Proxy Root,cn=Root DNs,cn=config";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster userEntry = DirectoryServer.getEntry(DN.valueOf(userDN));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster authInfo = new AuthenticationInfo(userEntry, true);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster connList.add(new JmxClientConnection(jmxCtx,authInfo));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster userEntry = DirectoryServer.getEntry(DN.valueOf(userDN));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster authInfo = new AuthenticationInfo(userEntry, false);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster connList.add(new JmxClientConnection(jmxCtx,authInfo));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster userEntry = DirectoryServer.getEntry(DN.valueOf(userDN));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster authInfo = new AuthenticationInfo(userEntry, false);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster connList.add(new JmxClientConnection(jmxCtx,authInfo));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster connections = new JmxClientConnection[connList.size()];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: dc=unindexed,dc=jeb",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: domain",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=test1 user,dc=unindexed,dc=jeb",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: test1 user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "sn: test1",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "dn: cn=test2 user,dc=unindexed,dc=jeb",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: top",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: person",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: organizationalPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "objectClass: inetOrgPerson",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "cn: test2 user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "givenName: user",
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Cleans up anything that might be left around after running the tests in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * this class.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @throws Exception If an unexpected problem occurs.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public void cleanUp()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster InternalClientConnection conn = InternalClientConnection
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster DeleteOperation deleteOperation = conn.processDelete(DN
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster .valueOf("cn=Unprivileged Root,cn=Root DNs,cn=config"));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster .valueOf("cn=Unprivileged JMX Root,cn=Root DNs,cn=config"));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster .valueOf("cn=Proxy Root,cn=Root DNs,cn=config"));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster .valueOf("cn=test1 user,dc=unindexed,dc=jeb"));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster .valueOf("cn=test2 user,dc=unindexed,dc=jeb"));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster deleteOperation = conn.processDelete(DN.valueOf("dc=unindexed,dc=jeb"));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster for (int i = 0; connections != null && i < connections.length; i++)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Retrieves a set of data that can be used for performing the tests. The
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * arguments generated for each method will be:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <LI>A client connection to use to perform the operation</LI>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <LI>A flag indicating whether or not the operation should succeed</LI>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @return A set of data that can be used for performing the tests.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Object[][] returnArray = new Object[connections.length][2];
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Check that simple connection to the JMX service are
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * accepted only if JMX_READ privilege is set.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @throws Exception If an unexpected problem occurs.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster public void simpleConnectJmxPrivilege() throws Exception
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster int jmxPort = TestCaseUtils.getServerJmxPort() ;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster HashMap<String, Object> env = new HashMap<String, Object>();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String user = "cn=Unprivileged JMX Root,cn=Root DNs,cn=config";
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster String[] credentials = new String[] { user, password };
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster env.put("jmx.remote.credentials", credentials);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster env.put("jmx.remote.x.client.connection.check.period", 0);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Try connection withoutJMX_READ privilege
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Expected result: failed
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster opendsConnector = new OpendsJmxConnector("localhost", jmxPort, env);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster fail("User \"cn=Unprivileged JMX Root,cn=Root "+
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "DNs,cn=config\" doesn't have JMX_READ privilege but he's able " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "to connect, which is not the correct behavior");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster LocalizableMessage message = ERR_JMX_INSUFFICIENT_PRIVILEGES.get();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(message.toString(), e.getMessage());
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Add JMX_READ privilege
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster InternalClientConnection rootConnection = getRootConnection();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster ArrayList<Modification> mods = new ArrayList<Modification>();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster mods.add(new Modification(ModificationType.ADD, Attributes.create(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster rootConnection.processModify(DN.valueOf(user), mods);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Try connection withoutJMX_READ privilege
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Expected result: success
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster opendsConnector = new OpendsJmxConnector("localhost", jmxPort, env);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster fail("User \"cn=Unprivileged JMX Root,cn=Root " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "DNs,cn=config\" has JMX_READ privilege and he's NOT able " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "to connect, which is NOT the correct behavior.");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // remove JMX_READ privilege
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster mods.add(new Modification(ModificationType.DELETE,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Attributes.create("ds-privilege-name", "jmx-read")));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster rootConnection.processModify(DN.valueOf(user), mods);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Try connection withoutJMX_READ privilege
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster // Expected result: failed
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster opendsConnector = new OpendsJmxConnector("localhost", jmxPort, env);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster fail("User \"cn=Unprivileged JMX Root,cn=Root "+
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "DNs,cn=config\" doesn't have JMX_READ privilege but he's able " +
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster "to connect, which is not the correct behavior");
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster LocalizableMessage message = ERR_JMX_INSUFFICIENT_PRIVILEGES.get();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster assertEquals(message.toString(), e.getMessage());
boolean hasPrivilege)
throws Exception
if (hasPrivilege)
boolean hasPrivilege)
throws Exception
if (hasProxyPrivilege)
mods);
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
mods);
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
if (hasProxyPrivilege)
@Test
@Test
public void testUpdateRootPrivileges()
throws Exception
return task;