@Test public void testAuthenticateWhenUserFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com"); authenticateUserAndCheckSearchIsClosed("user1"); authenticateUserAndCheckSearchIsClosed("user2"); }
@Test public void authenticateGivenBlankPassword() throws Exception { auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory()); expectAuthenticationExceptionForInvalidPassword(); auth.Authenticate("user", ""); }
@Test public void authenticateGivenNullForPassword() throws Exception { auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory()); expectAuthenticationExceptionForInvalidPassword(); auth.Authenticate("user", null); }
@Test public void testAuthenticateWhenGroupMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group1,group2"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")) .thenReturn(Arrays.asList( "cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group1,ou=Groups,dc=mycorp,dc=com")); when(search.findGroupsForUser("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")) .thenReturn(Arrays.asList( "cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group2,ou=Groups,dc=mycorp,dc=com")); authenticateUserAndCheckSearchIsClosed("user1"); authenticateUserAndCheckSearchIsClosed("user2"); }
@Test public void authenticateGivenStringWithNullCharacterForPassword() throws Exception { auth = new LdapAuthenticationProviderImpl(conf, new LdapSearchFactory()); expectAuthenticationExceptionForInvalidPassword(); auth.Authenticate("user", "\0"); }
@Test public void testAuthenticateWhenLoginWithDomainAndUserFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); authenticateUserAndCheckSearchIsClosed("user1@mydomain.com"); }
@Test public void testAuthenticateWhenCustomQueryFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY, "(&(objectClass=person)(|(memberOf=CN=Domain Admins,CN=Users,DC=apache,DC=org)(memberOf=CN=Administrators,CN=Builtin,DC=apache,DC=org)))"); when(search.executeCustomQuery(anyString())).thenReturn(Arrays.asList( "cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "cn=user2,ou=PowerUsers,dc=mycorp,dc=com")); authenticateUserAndCheckSearchIsClosed("user1"); }
@Test public void testAuthenticateWhenLoginWithDnAndUserFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1"); when(search.findUserDn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); authenticateUserAndCheckSearchIsClosed("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); }
@Test public void testAuthenticateWhenUserAndGroupMembershipKeyFiltersPass() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group1,group2"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")) .thenReturn(Arrays.asList( "cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group1,ou=Groups,dc=mycorp,dc=com")); when(search.findGroupsForUser("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")) .thenReturn(Arrays.asList( "cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group2,ou=Groups,dc=mycorp,dc=com")); authenticateUserAndCheckSearchIsClosed("user1"); authenticateUserAndCheckSearchIsClosed("user2"); }
@Test public void testAuthenticateWhenUserFilterFailsAndGroupMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException { thrown.expect(AuthenticationException.class); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group3"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2"); when(search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findGroupsForUser("cn=user3,ou=PowerUsers,dc=mycorp,dc=com")) .thenReturn(Arrays.asList( "cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group3,ou=Groups,dc=mycorp,dc=com")); authenticateUserAndCheckSearchIsClosed("user3"); }
@Test public void testAuthenticateWhenUserSearchFails() throws NamingException, AuthenticationException, IOException { thrown.expect(AuthenticationException.class); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2"); when(search.findUserDn("user1")).thenReturn(null); authenticateUserAndCheckSearchIsClosed("user1"); }
@Test public void testAuthenticateWhenUserFilterFails() throws NamingException, AuthenticationException, IOException { thrown.expect(AuthenticationException.class); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2"); when(search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com"); authenticateUserAndCheckSearchIsClosed("user3"); }
@Test public void testAuthenticateWhenCustomQueryFilterFailsAndUserFilterPasses() throws NamingException, AuthenticationException, IOException { thrown.expect(AuthenticationException.class); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY, "(&(objectClass=person)(|(memberOf=CN=Domain Admins,CN=Users,DC=apache,DC=org)(memberOf=CN=Administrators,CN=Builtin,DC=apache,DC=org)))"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user3"); when(search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com"); when(search.executeCustomQuery(anyString())).thenReturn(Arrays.asList( "cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "cn=user2,ou=PowerUsers,dc=mycorp,dc=com")); authenticateUserAndCheckSearchIsClosed("user3"); }
@Test public void testAuthenticateWhenUserFilterPassesAndGroupMembershipKeyFilterFails() throws NamingException, AuthenticationException, IOException { thrown.expect(AuthenticationException.class); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group1,group2"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")) .thenReturn(Arrays.asList( "cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=OtherGroup,ou=Groups,dc=mycorp,dc=com")); authenticateUserAndCheckSearchIsClosed("user1"); }