AmbariPamAuthenticationProviderTest.java example

Explorer
ambari-master
- ambari-trunk
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.ambari.server.security.authorization;

import static org.easymock.EasyMock.createNiceMock;
import static org.easymock.EasyMock.expect;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;

import org.apache.ambari.server.H2DatabaseCleaner;
import org.apache.ambari.server.audit.AuditLoggerModule;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;

import org.easymock.EasyMock;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.UnixUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.google.inject.Guice;
import com.google.inject.Inject;
import com.google.inject.Injector;

import junit.framework.Assert;

public class AmbariPamAuthenticationProviderTest {

  private static Injector injector;

  @Inject
  PasswordEncoder passwordEncoder;
  @Inject
  private AmbariPamAuthenticationProvider authenticationProvider;
  @Inject
  Configuration configuration;

  private static final String TEST_USER_NAME = "userName";
  private static final String TEST_USER_PASS = "userPass";
  private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass";

  @Before
  public void setUp() {
    injector = Guice.createInjector(new AuditLoggerModule(), new AuthorizationTestModule());
    injector.injectMembers(this);
    injector.getInstance(GuiceJpaInitializer.class);
    configuration.setClientSecurityType(ClientSecurityType.PAM);
    configuration.setProperty(Configuration.PAM_CONFIGURATION_FILE, "ambari-pam");
  }

  @After
  public void tearDown() throws Exception {
    H2DatabaseCleaner.clearDatabaseAndStopPersistenceService(injector);
  }

  @Test(expected = AuthenticationException.class)
  public void testBadCredential() throws Exception {
    UserEntity userEntity = combineUserEntity();
    User user = new User(userEntity);
    Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
    Authentication authentication = new AmbariUserAuthentication("wrong", user, userAuthorities);
    authenticationProvider.authenticate(authentication);
  }

  @Test
  public void testAuthenticate() throws Exception {
    PAM pam = createNiceMock(PAM.class);
    UnixUser unixUser = createNiceMock(UnixUser.class);
    UserEntity userEntity = combineUserEntity();
    User user = new User(userEntity);
    UserDAO userDAO = createNiceMock(UserDAO.class);
    Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
    expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce();
    expect(unixUser.getGroups()).andReturn(new HashSet<>(Arrays.asList("group"))).atLeastOnce();
    EasyMock.replay(unixUser);
    EasyMock.replay(pam);
    Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
    Authentication result = authenticationProvider.authenticateViaPam(pam,authentication);
    expect(userDAO.findUserByName("userName")).andReturn(null).once();
    Assert.assertNotNull(result);
    Assert.assertEquals(true, result.isAuthenticated());
    Assert.assertTrue(result instanceof AmbariUserAuthentication);
  }

  @Test
  public void testDisabled() throws Exception {
    UserEntity userEntity = combineUserEntity();
    User user = new User(userEntity);
    Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
    configuration.setClientSecurityType(ClientSecurityType.LOCAL);
    Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
    Authentication auth = authenticationProvider.authenticate(authentication);
    Assert.assertTrue(auth == null);
  }

  private UserEntity combineUserEntity() {
    PrincipalEntity principalEntity = new PrincipalEntity();
    UserEntity userEntity = new UserEntity();
    userEntity.setUserId(1);
    userEntity.setUserName(UserName.fromString(TEST_USER_NAME));
    userEntity.setUserPassword(passwordEncoder.encode(TEST_USER_PASS));
    userEntity.setUserType(UserType.PAM);
    userEntity.setPrincipal(principalEntity);
    return userEntity;
  }

}