private void authenticateUserAndCheckSearchIsClosed(String user) throws IOException { auth = new LdapAuthenticationProviderImpl(conf, factory); try { auth.Authenticate(user, "password doesn't matter"); } finally { verify(search, atLeastOnce()).close(); } } }
@Test public void testAuthenticateNoUserOrGroupFilter() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "cn=%s,ou=Users,dc=mycorp,dc=com:cn=%s,ou=PowerUsers,dc=mycorp,dc=com"); DirSearchFactory factory = mock(DirSearchFactory.class); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(factory.getInstance(conf, "cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "Blah")).thenReturn(search); when(factory.getInstance(conf, "cn=user1,ou=Users,dc=mycorp,dc=com", "Blah")).thenThrow(AuthenticationException.class); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); verify(factory, times(2)).getInstance(isA(HiveConf.class), anyString(), eq("Blah")); verify(search, atLeastOnce()).close(); }
@Test public void testAuthenticateWhenUserMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); String groupDn = "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"; when(search.findGroupDn("HIVE-USERS")).thenReturn(groupDn); when(search.isUserMemberOfGroup("user1", groupDn)).thenReturn(true); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); verify(factory, times(1)).getInstance(isA(HiveConf.class), anyString(), eq("Blah")); verify(search, times(1)).findGroupDn(anyString()); verify(search, times(1)).isUserMemberOfGroup(anyString(), anyString()); verify(search, atLeastOnce()).close(); }
@Test public void testAuthenticateWhenUserMembershipKeyFilter2x2PatternsPasses() throws NamingException, AuthenticationException, IOException { conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS1,HIVE-USERS2"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "cn=%s,ou=Groups,ou=branch1,dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "cn=%s,ou=Userss,ou=branch1,dc=mycorp,dc=com"); conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf"); when(search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com"); when(search.findGroupDn("HIVE-USERS1")) .thenReturn("cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com"); when(search.findGroupDn("HIVE-USERS2")) .thenReturn("cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com"); when(search.isUserMemberOfGroup("user1", "cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com")).thenThrow(NamingException.class); when(search.isUserMemberOfGroup("user1", "cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com")).thenReturn(true); auth = new LdapAuthenticationProviderImpl(conf, factory); auth.Authenticate("user1", "Blah"); verify(factory, times(1)).getInstance(isA(HiveConf.class), anyString(), eq("Blah")); verify(search, times(2)).findGroupDn(anyString()); verify(search, times(2)).isUserMemberOfGroup(anyString(), anyString()); verify(search, atLeastOnce()).close(); }