mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupConfiguration.xml
File was deleted opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupPluginConfiguration.xml
File was deleted opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootConfiguration.xml
@@ -427,18 +427,6 @@ </cli:relation> </adm:profile> </adm:relation> <adm:relation name="network-group" hidden="true"> <adm:one-to-many /> <adm:profile name="ldap"> <ldap:rdn-sequence>cn=Network Groups,cn=config</ldap:rdn-sequence> </adm:profile> <adm:profile name="cli"> <cli:relation> <cli:default-property name="enabled" /> <cli:default-property name="priority" /> </cli:relation> </adm:profile> </adm:relation> <adm:relation name="administration-connector"> <adm:one-to-one /> <adm:profile name="ldap"> opendj-server2x-adapter/src/test/resources/config/config.ldif
@@ -1877,27 +1877,6 @@ ds-cfg-type: uid ds-cfg-invoke-for-internal-operations: true dn: cn=Network Group,cn=Plugins,cn=config objectClass: top objectClass: ds-cfg-plugin objectClass: ds-cfg-network-group-plugin cn: Network Group ds-cfg-java-class: org.opends.server.core.networkgroups.NetworkGroupPlugin ds-cfg-enabled: true ds-cfg-invoke-for-internal-operations: false ds-cfg-plugin-type: postConnect ds-cfg-plugin-type: preParseAdd ds-cfg-plugin-type: preParseBind ds-cfg-plugin-type: preParseCompare ds-cfg-plugin-type: preParseDelete ds-cfg-plugin-type: preParseExtended ds-cfg-plugin-type: preParseModify ds-cfg-plugin-type: preParseModifyDn ds-cfg-plugin-type: preParseSearch ds-cfg-plugin-type: preParseUnbind ds-cfg-plugin-type: postResponseBind ds-cfg-plugin-type: postResponseExtended dn: cn=Change Number Control,cn=Plugins,cn=config objectClass: top objectClass: ds-cfg-plugin @@ -2614,19 +2593,3 @@ objectClass: top objectClass: ds-cfg-branch cn: Extensions dn: cn=Network Groups,cn=config objectClass: top objectClass: ds-cfg-branch cn: Network Groups dn: cn=Workflows,cn=config objectClass: top objectClass: ds-cfg-branch cn: Workflows dn: cn=Workflow Elements,cn=config objectClass: top objectClass: ds-cfg-branch cn: Workflow Elements
@@ -1897,27 +1897,6 @@ ds-cfg-type: uid ds-cfg-invoke-for-internal-operations: true dn: cn=Network Group,cn=Plugins,cn=config objectClass: top objectClass: ds-cfg-plugin objectClass: ds-cfg-network-group-plugin cn: Network Group ds-cfg-java-class: org.opends.server.core.networkgroups.NetworkGroupPlugin ds-cfg-enabled: true ds-cfg-invoke-for-internal-operations: false ds-cfg-plugin-type: postConnect ds-cfg-plugin-type: preParseAdd ds-cfg-plugin-type: preParseBind ds-cfg-plugin-type: preParseCompare ds-cfg-plugin-type: preParseDelete ds-cfg-plugin-type: preParseExtended ds-cfg-plugin-type: preParseModify ds-cfg-plugin-type: preParseModifyDn ds-cfg-plugin-type: preParseSearch ds-cfg-plugin-type: preParseUnbind ds-cfg-plugin-type: postResponseBind ds-cfg-plugin-type: postResponseExtended dn: cn=Change Number Control,cn=Plugins,cn=config objectClass: top objectClass: ds-cfg-plugin opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml
File was deleted opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupPluginConfiguration.xml
File was deleted opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RootConfiguration.xml
@@ -427,18 +427,6 @@ </cli:relation> </adm:profile> </adm:relation> <adm:relation name="network-group" hidden="true"> <adm:one-to-many /> <adm:profile name="ldap"> <ldap:rdn-sequence>cn=Network Groups,cn=config</ldap:rdn-sequence> </adm:profile> <adm:profile name="cli"> <cli:relation> <cli:default-property name="enabled" /> <cli:default-property name="priority" /> </cli:relation> </adm:profile> </adm:relation> <adm:relation name="administration-connector"> <adm:one-to-one /> <adm:profile name="ldap"> opendj3-server-dev/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteria.java
File was deleted opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
@@ -29,7 +29,6 @@ import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.Collection; import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.TreeMap; @@ -40,11 +39,7 @@ import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.ResultCode; import org.opends.server.admin.ClassPropertyDefinition; import org.opends.server.admin.server.ConfigurationAddListener; import org.opends.server.admin.server.ConfigurationChangeListener; import org.opends.server.admin.server.ConfigurationDeleteListener; import org.opends.server.admin.std.meta.QOSPolicyCfgDefn; import org.opends.server.admin.std.server.NetworkGroupCfg; import org.opends.server.admin.std.server.QOSPolicyCfg; import org.opends.server.api.ClientConnection; import org.opends.server.api.QOSPolicy; @@ -55,7 +50,6 @@ import org.opends.server.core.WorkflowImpl; import org.opends.server.core.WorkflowTopologyNode; import org.opends.server.types.AuthenticationType; import org.opends.server.types.ConfigChangeResult; import org.opends.server.types.DN; import org.opends.server.types.DirectoryException; import org.opends.server.types.InitializationException; @@ -78,153 +72,6 @@ */ public class NetworkGroup { /** * Configuration change listener for user network groups. */ private final class ChangeListener implements ConfigurationChangeListener<NetworkGroupCfg> { /** * {@inheritDoc} */ @Override public ConfigChangeResult applyConfigurationChange( NetworkGroupCfg configuration) { ResultCode resultCode = ResultCode.SUCCESS; boolean adminActionRequired = false; List<LocalizableMessage> messages = new ArrayList<LocalizableMessage>(); // Update the priority. setNetworkGroupPriority(configuration.getPriority()); try { criteria = decodeConnectionCriteriaConfiguration(configuration); } catch (ConfigException e) { resultCode = DirectoryServer.getServerErrorResultCode(); messages.add(e.getMessageObject()); } // Update the configuration. NetworkGroup.this.configuration = configuration; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } /** * {@inheritDoc} */ @Override public boolean isConfigurationChangeAcceptable( NetworkGroupCfg configuration, List<LocalizableMessage> unacceptableReasons) { return isConfigurationAcceptable(configuration, unacceptableReasons); } } /** * Configuration change listener for user network group QOS policies. */ private final class QOSPolicyListener implements ConfigurationAddListener<QOSPolicyCfg>, ConfigurationDeleteListener<QOSPolicyCfg> { /** * {@inheritDoc} */ @Override public ConfigChangeResult applyConfigurationAdd( QOSPolicyCfg configuration) { ResultCode resultCode = ResultCode.SUCCESS; boolean adminActionRequired = false; List<LocalizableMessage> messages = new ArrayList<LocalizableMessage>(); try { createNetworkGroupQOSPolicy(configuration); } catch (ConfigException e) { messages.add(e.getMessageObject()); resultCode = DirectoryServer.getServerErrorResultCode(); } catch (InitializationException e) { messages.add(e.getMessageObject()); resultCode = DirectoryServer.getServerErrorResultCode(); } return new ConfigChangeResult(resultCode, adminActionRequired, messages); } /** * {@inheritDoc} */ @Override public ConfigChangeResult applyConfigurationDelete( QOSPolicyCfg configuration) { QOSPolicy policy = policies.remove(configuration.dn()); if (policy != null) { if (requestFilteringPolicy == policy) { requestFilteringPolicy = null; } else if (resourceLimitsPolicy == policy) { resourceLimitsPolicy = null; } policy.finalizeQOSPolicy(); } return new ConfigChangeResult(ResultCode.SUCCESS, false); } /** * {@inheritDoc} */ @Override public boolean isConfigurationAddAcceptable( QOSPolicyCfg configuration, List<LocalizableMessage> unacceptableReasons) { return isNetworkGroupQOSPolicyConfigurationAcceptable( configuration, unacceptableReasons); } /** * {@inheritDoc} */ @Override public boolean isConfigurationDeleteAcceptable( QOSPolicyCfg configuration, List<LocalizableMessage> unacceptableReasons) { // Always ok. return true; } } // The admin network group has no criterion, no policy, // and gives access to all the workflows. @@ -398,264 +245,6 @@ return registeredNetworkGroups.get(networkGroupID); } /** * Initializes this network group as a user network group using the * provided configuration. The network group will monitor the * configuration and update its configuration when necessary. * * @param configuration * The network group configuration. * @return The new user network group. * @throws ConfigException * If an unrecoverable problem arises during initialization * of the user network group as a result of the server * configuration. * @throws InitializationException * If a problem occurs during initialization of the user * network group that is not related to the server * configuration. */ static NetworkGroup createUserNetworkGroup( NetworkGroupCfg configuration) throws InitializationException, ConfigException { NetworkGroup networkGroup = new NetworkGroup(configuration); try { // Set the priority. networkGroup.priority = configuration.getPriority(); // Initialize the network group criteria. networkGroup.criteria = decodeConnectionCriteriaConfiguration(configuration); // Initialize the network group policies. for (String policyName : configuration .listNetworkGroupQOSPolicies()) { QOSPolicyCfg policyConfiguration = configuration.getNetworkGroupQOSPolicy(policyName); networkGroup.createNetworkGroupQOSPolicy(policyConfiguration); } // Register the root DSE workflow with the network group. WorkflowImpl rootDSEworkflow = (WorkflowImpl) WorkflowImpl.getWorkflow("__root.dse__#"); networkGroup.registerWorkflow(rootDSEworkflow); // TODO JNR remove CoreMessages.INFO_ERR_WORKFLOW_DOES_NOT_EXIST // Register all configuration change listeners. configuration.addChangeListener(networkGroup.changeListener); configuration .addNetworkGroupQOSPolicyAddListener(networkGroup.policyListener); configuration .addNetworkGroupQOSPolicyDeleteListener(networkGroup.policyListener); // Register the network group with the server. networkGroup.register(); } catch (DirectoryException e) { networkGroup.finalizeNetworkGroup(); throw new InitializationException(e.getMessageObject()); } catch (InitializationException e) { networkGroup.finalizeNetworkGroup(); throw e; } catch (ConfigException e) { networkGroup.finalizeNetworkGroup(); throw e; } return networkGroup; } /** * Indicates whether the provided network group configuration is * acceptable. * * @param configuration * The network group configuration. * @param unacceptableReasons * A list that can be used to hold messages about why the * provided configuration is not acceptable. * @return Returns <code>true</code> if the provided network group * configuration is acceptable, or <code>false</code> if it is * not. */ static boolean isConfigurationAcceptable( NetworkGroupCfg configuration, List<LocalizableMessage> unacceptableReasons) { // The configuration is always acceptable if disabled. if (!configuration.isEnabled()) { return true; } // Check that all the workflows in the network group have a // different base DN. boolean isAcceptable = true; // Validate any policy configurations. for (String policyName : configuration .listNetworkGroupQOSPolicies()) { try { QOSPolicyCfg policyCfg = configuration.getNetworkGroupQOSPolicy(policyName); if (!isNetworkGroupQOSPolicyConfigurationAcceptable(policyCfg, unacceptableReasons)) { isAcceptable = false; } } catch (ConfigException e) { // This is bad - give up immediately. unacceptableReasons.add(e.getMessageObject()); return false; } } // The bind DN patterns may be malformed. if (!configuration.getAllowedBindDN().isEmpty()) { try { BindDNConnectionCriteria.decode(configuration .getAllowedBindDN()); } catch (DirectoryException e) { unacceptableReasons.add(e.getMessageObject()); isAcceptable = false; } } return isAcceptable; } // Decodes connection criteria configuration. private static ConnectionCriteria decodeConnectionCriteriaConfiguration( NetworkGroupCfg configuration) throws ConfigException { List<ConnectionCriteria> filters = new LinkedList<ConnectionCriteria>(); if (!configuration.getAllowedAuthMethod().isEmpty()) { filters.add(new AuthMethodConnectionCriteria(configuration .getAllowedAuthMethod())); } if (!configuration.getAllowedBindDN().isEmpty()) { try { filters.add(BindDNConnectionCriteria.decode(configuration .getAllowedBindDN())); } catch (DirectoryException e) { throw new ConfigException(e.getMessageObject()); } } if (!configuration.getAllowedClient().isEmpty() || !configuration.getDeniedClient().isEmpty()) { filters.add(new IPConnectionCriteria(configuration .getAllowedClient(), configuration.getDeniedClient())); } if (!configuration.getAllowedProtocol().isEmpty()) { filters.add(new ProtocolConnectionCriteria(configuration .getAllowedProtocol())); } if (configuration.isIsSecurityMandatory()) { filters.add(SecurityConnectionCriteria.SECURITY_REQUIRED); } if (filters.isEmpty()) { return ConnectionCriteria.TRUE; } else { return new ANDConnectionCriteria(filters); } } /** * Gets the name of the network group configuration. * * @param configuration * The configuration. * @return The network group name. */ private static String getNameFromConfiguration(NetworkGroupCfg configuration) { DN dn = configuration.dn(); return dn.rdn().getAttributeValue(0).toString(); } // Determines whether or not the new network group configuration's // implementation class is acceptable. private static boolean isNetworkGroupQOSPolicyConfigurationAcceptable( QOSPolicyCfg policyConfiguration, List<LocalizableMessage> unacceptableReasons) { String className = policyConfiguration.getJavaClass(); QOSPolicyCfgDefn d = QOSPolicyCfgDefn.getInstance(); ClassPropertyDefinition pd = d.getJavaClassPropertyDefinition(); // Validate the configuration. try { Class<? extends QOSPolicyFactory> theClass = pd.loadClass(className, QOSPolicyFactory.class); QOSPolicyFactory factory = theClass.newInstance(); return factory.isConfigurationAcceptable(policyConfiguration, unacceptableReasons); } catch (Exception e) { logger.traceException(e); unacceptableReasons .add(ERR_CONFIG_NETWORK_GROUP_POLICY_CANNOT_INITIALIZE.get( className, policyConfiguration.dn(), stackTraceToSingleLineString(e))); return false; } } // Change listener (active for user network groups). private final ChangeListener changeListener; // Current configuration (active for user network groups). private NetworkGroupCfg configuration = null; // The network group connection criteria. private ConnectionCriteria criteria = ConnectionCriteria.TRUE; @@ -674,9 +263,6 @@ private final Map<DN, QOSPolicy> policies = new ConcurrentHashMap<DN, QOSPolicy>(); // Add/delete policy listener (active for user network groups). private final QOSPolicyListener policyListener; // The network group priority. private int priority = 100; @@ -714,29 +300,8 @@ ADMIN_NETWORK_GROUP_NAME.equals(networkGroupID); this.isDefaultNetworkGroup = DEFAULT_NETWORK_GROUP_NAME.equals(networkGroupID); this.configuration = null; this.changeListener = null; this.policyListener = null; } /** * Creates a new user network group using the provided configuration. */ private NetworkGroup(NetworkGroupCfg configuration) { this.networkGroupID = getNameFromConfiguration(configuration); this.isInternalNetworkGroup = false; this.isAdminNetworkGroup = false; this.isDefaultNetworkGroup = false; this.configuration = configuration; this.changeListener = new ChangeListener(); this.policyListener = new QOSPolicyListener(); } /** * Adds a connection to the group. * @@ -938,21 +503,6 @@ */ void finalizeNetworkGroup() { if (configuration != null) { // Finalization specific to user network groups. deregister(); // Remove all change listeners. configuration.removeChangeListener(changeListener); configuration .removeNetworkGroupQOSPolicyAddListener(policyListener); configuration .removeNetworkGroupQOSPolicyDeleteListener(policyListener); configuration = null; } // Clean up policies. for (QOSPolicy policy : policies.values()) { opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroupPlugin.java
File was deleted opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ProtocolConnectionCriteria.java
File was deleted opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteriaTest.java
File was deleted opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/BindDNConnectionCriteriaTest.java
@@ -33,7 +33,6 @@ import org.opends.server.DirectoryServerTestCase; import org.opends.server.TestCaseUtils; import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod; import org.opends.server.api.ClientConnection; import org.opends.server.authorization.dseecompat.PatternDN; import org.opends.server.types.AuthenticationType; @@ -112,9 +111,7 @@ Collection<PatternDN> allowedDNPatterns, boolean expectedResult) throws Exception { ClientConnection client = new MockClientConnection(12345, false, clientBindDN, AllowedAuthMethod.SIMPLE); ClientConnection client = new MockClientConnection(12345, false, clientBindDN); BindDNConnectionCriteria criteria = new BindDNConnectionCriteria(new ArrayList<PatternDN>(allowedDNPatterns)); assertEquals(criteria.matches(client), expectedResult); @@ -139,9 +136,7 @@ Collection<PatternDN> allowedDNPatterns, boolean expectedResult) throws Exception { ClientConnection client = new MockClientConnection(12345, false, DN.rootDN(), AllowedAuthMethod.ANONYMOUS); ClientConnection client = new MockClientConnection(12345, false, null); BindDNConnectionCriteria criteria = new BindDNConnectionCriteria(new ArrayList<PatternDN>(allowedDNPatterns)); assertEquals(criteria.willMatchAfterBind(client, clientBindDN, opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
@@ -34,7 +34,6 @@ import org.forgerock.opendj.ldap.AddressMask; import org.opends.server.DirectoryServerTestCase; import org.opends.server.TestCaseUtils; import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod; import org.opends.server.api.ClientConnection; import org.opends.server.types.AuthenticationType; import org.opends.server.types.DN; @@ -77,9 +76,7 @@ { AddressMask matchAnything = AddressMask.valueOf("*.*.*.*"); AddressMask matchNothing = AddressMask.valueOf("0.0.0.0"); ClientConnection client = new MockClientConnection(12345, false, DN.rootDN(), AllowedAuthMethod.ANONYMOUS); ClientConnection client = new MockClientConnection(12345, false, null); Collection<AddressMask> emptyMasks = Collections.emptySet();
@@ -31,7 +31,6 @@ import java.util.Collection; import org.forgerock.i18n.LocalizableMessage; import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod; import org.opends.server.api.ClientConnection; import org.opends.server.api.ConnectionHandler; import org.opends.server.core.DirectoryServer; @@ -57,30 +56,21 @@ * Is the client using a secure connection. * @param bindDN * The client bind DN. * @param authMethod * The client authentication method. * @throws Exception * If an unexpected exception occurred. */ public MockClientConnection(int clientPort, boolean isSecure, DN bindDN, AllowedAuthMethod authMethod) throws Exception public MockClientConnection(int clientPort, boolean isSecure, DN bindDN) throws Exception { this.clientPort = clientPort; this.isSecure = isSecure; switch (authMethod) if (bindDN != null) { case ANONYMOUS: this.authInfo = new AuthenticationInfo(); break; case SIMPLE: Entry simpleUser = DirectoryServer.getEntry(bindDN); this.authInfo = new AuthenticationInfo(simpleUser, bindDN, true); break; default: // SASL Entry saslUser = DirectoryServer.getEntry(bindDN); this.authInfo = new AuthenticationInfo(saslUser, "external", true); break; } else { this.authInfo = new AuthenticationInfo(); } }
@@ -27,19 +27,25 @@ package org.opends.server.core.networkgroups; import java.util.ArrayList; import java.util.Collections; import org.forgerock.opendj.ldap.ModificationType; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.SearchScope; import org.opends.server.DirectoryServerTestCase; import org.opends.server.TestCaseUtils; import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod; import org.opends.server.api.ClientConnection; import org.opends.server.core.*; import org.opends.server.core.ModifyOperation; import org.opends.server.core.SearchOperation; import org.opends.server.core.Workflow; import org.opends.server.core.WorkflowImpl; import org.opends.server.protocols.internal.InternalClientConnection; import org.opends.server.protocols.internal.SearchRequest; import org.opends.server.types.*; import org.opends.server.types.Attribute; import org.opends.server.types.Attributes; import org.opends.server.types.DN; import org.opends.server.types.DirectoryException; import org.opends.server.types.InitializationException; import org.opends.server.types.Modification; import org.opends.server.util.StaticUtils; import org.opends.server.workflowelement.WorkflowElement; import org.testng.annotations.BeforeClass; @@ -273,42 +279,6 @@ }; } /** Provides the priorities for 3 network groups. */ @DataProvider (name = "PrioritySet_0") public Object[][] initPrioritySet_0() { return new Object[][] { { 1, 2, 3 }, { 1, 3, 2 }, { 2, 1, 3 }, { 2, 3, 1 }, { 3, 1, 2 }, { 3, 2, 1 } }; } /** * Provides a bind DN filter to build network group criteria * and the expected result (true if the connection with * cn=Directory Manager, cn =Root DNs, cn=config should match the * network group, false if it should go into the default network group). */ @DataProvider (name = "BindFilterSet_0") public Object[][] initBindFilterSet_0() { return new Object[][] { { "*, cn=Root DNs, cn=config", true }, { "cn=Dir*, cn=Root DNs, cn=config", true }, { "cn=*", false }, { "uid=*", false }, { "**, cn=config", true }, { "*, cn=config", false } }; } //=========================================================================== // T E S T C A S E S //=========================================================================== @@ -797,168 +767,6 @@ networkGroup2.deregister(); } /** * Tests the mechanism to attribute a network group to a client connection, * based on the authentication method. */ @Test (dataProvider = "PrioritySet_0", groups = "virtual") public void testNetworkGroupAuthenticationMethodCriteria( int prio1, int prio2, int prio3) throws Exception { // Create a AuthMethodCriteria for anonymous connections AuthMethodConnectionCriteria authCriteria1 = new AuthMethodConnectionCriteria(Collections .singleton(AllowedAuthMethod.ANONYMOUS)); // Create a AuthMethodCriteria for simple bind connections AuthMethodConnectionCriteria authCriteria2 = new AuthMethodConnectionCriteria(Collections .singleton(AllowedAuthMethod.SIMPLE)); // Create a AuthMethodCriteria for sasl connections AuthMethodConnectionCriteria authCriteria3 = new AuthMethodConnectionCriteria(Collections .singleton(AllowedAuthMethod.SASL)); // Create and register the network group with the server. NetworkGroup networkGroup1 = new NetworkGroup("anonymous_group"); networkGroup1.register(); networkGroup1.setConnectionCriteria(authCriteria1); networkGroup1.setNetworkGroupPriority(prio1); NetworkGroup networkGroup2 = new NetworkGroup("simplebind_group"); networkGroup2.register(); networkGroup2.setConnectionCriteria(authCriteria2); networkGroup2.setNetworkGroupPriority(prio2); NetworkGroup networkGroup3 = new NetworkGroup("sasl_group"); networkGroup3.register(); networkGroup3.setConnectionCriteria(authCriteria3); networkGroup3.setNetworkGroupPriority(prio3); // Create a new client connection, with anonymous authentication ClientConnection connection1 = new InternalClientConnection(DN.NULL_DN); NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection1); assertEquals(ng, networkGroup1); // Use simple bind on this connection Entry userEntry = DirectoryServer.getEntry( DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config")); ClientConnection connection2 = new InternalClientConnection( new AuthenticationInfo(userEntry, userEntry.getName(), true)); ng = NetworkGroup.findMatchingNetworkGroup(connection2); assertEquals(ng, networkGroup2); // Use SASL on this connection ClientConnection connection3 = new InternalClientConnection( new AuthenticationInfo(userEntry, "external", true)); ng = NetworkGroup.findMatchingNetworkGroup(connection3); assertEquals(ng, networkGroup3); // Clean the network group networkGroup1.deregister(); networkGroup2.deregister(); networkGroup3.deregister(); } /** * Tests the mechanism to attribute a network group to a client connection, * based on the bind dn filter. */ @Test (dataProvider = "BindFilterSet_0", groups = "virtual") public void testNetworkGroupBindDnCriteria( String bindDnFilter, boolean match) throws Exception { // Create a BindDnFilterCriteria BindDNConnectionCriteria bindCriteria = BindDNConnectionCriteria.decode(Collections .singleton(bindDnFilter)); // Create and register the network group with the server. NetworkGroup networkGroup = new NetworkGroup("bindfilter_group"); networkGroup.register(); networkGroup.setConnectionCriteria(bindCriteria); NetworkGroup defaultNg = NetworkGroup.getDefaultNetworkGroup(); // Create a new client connection, with anonymous authentication // It should match the default network group // as it has no bind information ClientConnection connection1 = new InternalClientConnection(DN.NULL_DN); NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection1); assertEquals(ng, defaultNg); // Use simple bind on this connection Entry userEntry = DirectoryServer.getEntry( DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config")); ClientConnection connection2 = new InternalClientConnection( new AuthenticationInfo(userEntry, userEntry.getName(), true)); ng = NetworkGroup.findMatchingNetworkGroup(connection2); if (match) { assertEquals(ng, networkGroup); } else { assertEquals(ng, defaultNg); } // Use SASL on this connection ClientConnection connection3 = new InternalClientConnection( new AuthenticationInfo(userEntry, "external", true)); ng = NetworkGroup.findMatchingNetworkGroup(connection3); if (match) { assertEquals(ng, networkGroup); } else { assertEquals(ng, defaultNg); } // Clean the network group networkGroup.deregister(); } /** * Tests the mechanism to attribute a network group to a client connection, * based on the bind dn filter. */ @Test (groups = "virtual") public void testNetworkGroupSecurityCriteria() throws Exception { // Create a SecurityCriteria SecurityConnectionCriteria secCriteria = SecurityConnectionCriteria.SECURITY_REQUIRED; // Create and register the network group with the server. NetworkGroup networkGroup = new NetworkGroup("secured_group"); networkGroup.register(); networkGroup.setConnectionCriteria(secCriteria); // Create a new client connection, with anonymous authentication // It should match the secured group as internal connections // are secured ClientConnection connection1 = new InternalClientConnection(DN.NULL_DN); NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection1); assertEquals(ng, networkGroup); // now change the criteria (security not mandatory) secCriteria = SecurityConnectionCriteria.SECURITY_NOT_REQUIRED; networkGroup.setConnectionCriteria(secCriteria); // connection1 should match the networkGroup, even though it is not // secured ng = NetworkGroup.findMatchingNetworkGroup(connection1); assertEquals(ng, networkGroup); // Clean the network group networkGroup.deregister(); } /** * This test checks that the network group takes into account the * subordinate naming context defined in the RootDSEBackend. opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/SecurityConnectionCriteriaTest.java
@@ -30,7 +30,6 @@ import org.opends.server.DirectoryServerTestCase; import org.opends.server.TestCaseUtils; import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod; import org.opends.server.api.ClientConnection; import org.opends.server.types.AuthenticationType; import org.opends.server.types.DN; @@ -98,9 +97,7 @@ SecurityConnectionCriteria criteria, boolean expectedResult) throws Exception { ClientConnection client = new MockClientConnection(12345, isSecure, DN.rootDN(), AllowedAuthMethod.ANONYMOUS); ClientConnection client = new MockClientConnection(12345, isSecure, null); Assert.assertEquals(criteria.matches(client), expectedResult); } @@ -124,9 +121,7 @@ SecurityConnectionCriteria criteria, boolean expectedResult) throws Exception { ClientConnection client = new MockClientConnection(12345, false, DN.rootDN(), AllowedAuthMethod.ANONYMOUS); ClientConnection client = new MockClientConnection(12345, false, null); Assert.assertEquals(criteria.willMatchAfterBind(client, DN.rootDN(), AuthenticationType.SIMPLE, isSecure),
