RolePreprocessingMapperTests.java

/*
 * This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General
 * Public License, version 2.1 as published by the Free Software Foundation. You should have received a copy of the GNU
 * Lesser General Public License along with this program; if not, you can obtain a copy at
 * http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html or from the Free Software Foundation, Inc., 51 Franklin
 * Street, Fifth Floor, Boston, MA 02110-1301 USA. This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
 * the GNU Lesser General Public License for more details. Copyright 2005 - 2009 Pentaho Corporation. All rights
 * reserved.
 */
package org.pentaho.test.platform.plugin.services.security.userrole.ldap;

import static org.junit.Assert.assertTrue;

import java.util.Arrays;
import java.util.Set;

import org.junit.Test;
import org.pentaho.platform.plugin.services.security.userrole.ldap.RolePreprocessingMapper;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.userdetails.UserDetails;

/**
 * Tests for <code>RolePreprocessingMapper</code>. Essentially mimics the steps taken by
 * <code>LdapAuthenticationProvider</code>.
 * 
 * @author mlowery
 */
public class RolePreprocessingMapperTests extends AbstractPentahoLdapIntegrationTests {

  @SuppressWarnings("unchecked")
  @Test
  public void testMapUserFromContext() throws Exception {
    RolePreprocessingMapper mapper = new RolePreprocessingMapper();
    mapper.setTokenName("cn"); //$NON-NLS-1$
    mapper.setRolePrefix(""); //$NON-NLS-1$
    mapper.setRoleAttributes(new String[] { "uniqueMember" }); //$NON-NLS-1$

    // get the user record
    DirContextOperations ctx = new SpringSecurityLdapTemplate(getContextSource()).retrieveEntry("uid=suzy,ou=users", //$NON-NLS-1$
        null);

    // get any roles that aren't in the user record
    Set<String> extraRoles = new SpringSecurityLdapTemplate(getContextSource()).searchForSingleAttributeValues(
        "ou=roles", "roleoccupant={0}", new String[] { "uid=suzy,ou=users,dc=pentaho,dc=org", "suzy" }, "cn"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$

    GrantedAuthority[] authorities = new GrantedAuthority[extraRoles.size()];
    int i = 0;
    for (String extraRole : extraRoles) {
      authorities[i++] = new GrantedAuthorityImpl(extraRole);
    }

    // use the mapper to create a UserDetails instance
    UserDetails userDetails = mapper.mapUserFromContext(ctx, "suzy", authorities); //$NON-NLS-1$
    System.out.println(userDetails);

    // this asserts the ordering too; not strictly necessary
    GrantedAuthority[] expected = new GrantedAuthority[] { new GrantedAuthorityImpl("A"), new GrantedAuthorityImpl("cto"), //$NON-NLS-1$ //$NON-NLS-2$
        new GrantedAuthorityImpl("is"), new GrantedAuthorityImpl("Authenticated") }; //$NON-NLS-1$//$NON-NLS-2$
    assertTrue(Arrays.equals(expected, userDetails.getAuthorities()));
  }
}