package org.opendaylight.controller.usermanager.internal;
import java.io.Serializable;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.opendaylight.controller.sal.authorization.AuthResultEnum;
+import org.opendaylight.controller.sal.utils.Status;
+import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.usermanager.AuthResponse;
/**
- * Configuration Java Object which represents a Local AAA user
- * configuration information for User Manager.
+ * Configuration Java Object which represents a Local AAA user configuration
+ * information for User Manager.
*/
public class UserConfig implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
- /*
- * Clear text password as we are moving to some MD5 digest
- * for when saving configurations
- */
- protected String user;
- protected String role;
- private String password;
+ /*
+ * Clear text password as we are moving to some MD5 digest for when saving
+ * configurations
+ */
+ protected String user;
+ protected String role;
+ private String password;
+ private static final int USERNAME_MAXLENGTH = 32;
+ private static final int PASSWORD_MINLENGTH = 5;
+ private static final int PASSWORD_MAXLENGTH = 256;
+ private static final Pattern INVALID_USERNAME_CHARACTERS = Pattern
+ .compile("([/\\s\\.\\?#%;\\\\]+)");
- public UserConfig() {
- }
+ public UserConfig() {
+ }
- public UserConfig(String user, String password, String role) {
- this.user = user;
- this.password = password;
- this.role = role;
- }
+ public UserConfig(String user, String password, String role) {
+ this.user = user;
+ this.password = password;
+ this.role = role;
+ }
- public String getUser() {
- return user;
- }
+ public String getUser() {
+ return user;
+ }
- public String getPassword() {
- return password;
- }
+ public String getPassword() {
+ return password;
+ }
- public String getRole() {
- return role;
- }
+ public String getRole() {
+ return role;
+ }
@Override
public int hashCode() {
public boolean equals(Object obj) {
return EqualsBuilder.reflectionEquals(this, obj);
}
-
+
@Override
public String toString() {
- return "UserConfig[user="+ user + ", password=" + password + "]";
+ return "UserConfig[user=" + user + ", password=" + password + "]";
+ }
+
+ public Status validate() {
+ Status validCheck = new Status(StatusCode.SUCCESS, null);
+ validCheck = isRoleValid();
+
+ if (validCheck.isSuccess())
+ validCheck = isUsernameValid();
+ if (validCheck.isSuccess())
+ validCheck = isPasswordValid();
+
+ return validCheck;
+ }
+
+ protected Status isUsernameValid() {
+ if (user == null || user.isEmpty()) {
+ return new Status(StatusCode.BADREQUEST, "Username cannot be empty");
+ }
+
+ Matcher mUser = UserConfig.INVALID_USERNAME_CHARACTERS.matcher(user);
+ if (user.length() > UserConfig.USERNAME_MAXLENGTH
+ || mUser.find() == true) {
+ return new Status(StatusCode.BADREQUEST,
+ "Username can have 1-32 non-whitespace "
+ + "alphanumeric characters and any special "
+ + "characters except ./#%;?\\");
+ }
+
+ return new Status(StatusCode.SUCCESS, null);
+ }
+
+ private Status isPasswordValid() {
+ if (password == null || password.isEmpty()) {
+ return new Status(StatusCode.BADREQUEST, "Password cannot be empty");
+ }
+
+ if (password.length() < UserConfig.PASSWORD_MINLENGTH
+ || password.length() > UserConfig.PASSWORD_MAXLENGTH) {
+ return new Status(StatusCode.BADREQUEST,
+ "Password should have 5-256 characters");
+ }
+ return new Status(StatusCode.SUCCESS, null);
}
- public boolean isValid() {
- return (user != null && !user.isEmpty() && role != null
- && !role.isEmpty() && password != null && !password.isEmpty());
- }
-
- public boolean update(String currentPassword, String newPassword,
- String newRole) {
- // To make any changes to a user configured profile, current password
- // must always be provided
- if (!this.password.equals(currentPassword)) {
- return false;
- }
- if (newPassword != null) {
- this.password = newPassword;
- }
- if (newRole != null) {
- this.role = newRole;
- }
- return true;
- }
-
- public AuthResponse authenticate(String clearTextPass) {
- AuthResponse locResponse = new AuthResponse();
- if (password.equals(clearTextPass)) {
- locResponse.setStatus(AuthResultEnum.AUTH_ACCEPT_LOC);
- locResponse.addData(role.replace(",", " "));
- } else {
- locResponse.setStatus(AuthResultEnum.AUTH_REJECT_LOC);
- }
- return locResponse;
- }
+ protected Status isRoleValid() {
+ if (role == null || role.isEmpty()) {
+ return new Status(StatusCode.BADREQUEST,
+ "Role name cannot be empty");
+ }
+ return new Status(StatusCode.SUCCESS, null);
+ }
+
+ public boolean update(String currentPassword, String newPassword,
+ String newRole) {
+ // To make any changes to a user configured profile, current password
+ // must always be provided
+ if (!this.password.equals(currentPassword)) {
+ return false;
+ }
+ if (newPassword != null) {
+ this.password = newPassword;
+ }
+ if (newRole != null) {
+ this.role = newRole;
+ }
+ return true;
+ }
+
+ public AuthResponse authenticate(String clearTextPass) {
+ AuthResponse locResponse = new AuthResponse();
+ if (password.equals(clearTextPass)) {
+ locResponse.setStatus(AuthResultEnum.AUTH_ACCEPT_LOC);
+ locResponse.addData(role.replace(",", " "));
+ } else {
+ locResponse.setStatus(AuthResultEnum.AUTH_REJECT_LOC);
+ }
+ return locResponse;
+ }
}
private static final String authFileName = ROOT + "authorization.conf";
private ConcurrentMap<String, UserConfig> localUserConfigList;
private ConcurrentMap<String, ServerConfig> remoteServerConfigList;
- private ConcurrentMap<String, AuthorizationConfig> authorizationConfList; // local authorization info for remotely authenticated users
+ private ConcurrentMap<String, AuthorizationConfig> authorizationConfList; // local
+ // authorization
+ // info
+ // for
+ // remotely
+ // authenticated
+ // users
private ConcurrentMap<String, AuthenticatedUser> activeUsers;
private ConcurrentMap<String, IAAAProvider> authProviders;
private ConcurrentMap<Long, String> localUserListSaveConfigEvent,
private ISessionManager sessionMgr = new SessionManager();
public boolean addAAAProvider(IAAAProvider provider) {
- if (provider == null
- || provider.getName() == null
+ if (provider == null || provider.getName() == null
|| provider.getName().trim().isEmpty()) {
return false;
}
this.applicationAuthorizationClients = Collections
.synchronizedSet(new HashSet<IResourceAuthorization>());
if (clusterGlobalService == null) {
- logger
- .error("un-initialized clusterGlobalService, can't create cache");
+ logger.error("un-initialized clusterGlobalService, can't create cache");
return;
}
EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
clusterGlobalService.createCache(
- "usermanager.remoteServerConfigList", EnumSet
- .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
+ "usermanager.remoteServerConfigList",
+ EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
clusterGlobalService.createCache(
- "usermanager.authorizationConfList", EnumSet
- .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
+ "usermanager.authorizationConfList",
+ EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
- clusterGlobalService.createCache("usermanager.activeUsers", EnumSet
- .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
+ clusterGlobalService.createCache("usermanager.activeUsers",
+ EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
clusterGlobalService.createCache(
- "usermanager.localUserSaveConfigEvent", EnumSet
- .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
+ "usermanager.localUserSaveConfigEvent",
+ EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
clusterGlobalService.createCache(
- "usermanager.remoteServerSaveConfigEvent", EnumSet
- .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
+ "usermanager.remoteServerSaveConfigEvent",
+ EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
clusterGlobalService.createCache(
- "usermanager.authorizationSaveConfigEvent", EnumSet
- .of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
+ "usermanager.authorizationSaveConfigEvent",
+ EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL));
} catch (CacheConfigException cce) {
logger.error("\nCache configuration invalid - check cache mode");
} catch (CacheExistException ce) {
- logger
- .error("\nCache already exits - destroy and recreate if needed");
+ logger.error("\nCache already exits - destroy and recreate if needed");
}
}
- @SuppressWarnings( { "unchecked", "deprecation" })
+ @SuppressWarnings({ "unchecked", "deprecation" })
private void retrieveCaches() {
if (clusterGlobalService == null) {
logger.error("un-initialized clusterService, can't retrieve cache");
remoteServerSaveConfigEvent = (ConcurrentMap<Long, String>) clusterGlobalService
.getCache("usermanager.remoteServerSaveConfigEvent");
if (remoteServerSaveConfigEvent == null) {
- logger
- .error("\nFailed to get cache for remoteServerSaveConfigEvent");
+ logger.error("\nFailed to get cache for remoteServerSaveConfigEvent");
}
authorizationSaveConfigEvent = (ConcurrentMap<Long, String>) clusterGlobalService
.getCache("usermanager.authorizationSaveConfigEvent");
if (authorizationSaveConfigEvent == null) {
- logger
- .error("\nFailed to get cache for authorizationSaveConfigEvent");
+ logger.error("\nFailed to get cache for authorizationSaveConfigEvent");
}
}
private void loadConfigurations() {
- // To encode and decode user and server configuration objects
- loadSecurityKeys();
-
+ // To encode and decode user and server configuration objects
+ loadSecurityKeys();
+
/*
- * Do not load local startup file if we already got the
- * configurations synced from another cluster node
+ * Do not load local startup file if we already got the configurations
+ * synced from another cluster node
*/
if (localUserConfigList.isEmpty()) {
loadUserConfig();
}
private void loadSecurityKeys() {
-
- }
- private void checkDefaultNetworkAdmin() {
- // If startup config is not there, it's old or it was deleted,
- // need to add Default Admin
+ }
+
+ private void checkDefaultNetworkAdmin() {
+ // If startup config is not there, it's old or it was deleted,
+ // need to add Default Admin
if (!localUserConfigList.containsKey(defaultAdmin)) {
- localUserConfigList.put(defaultAdmin,
- new UserConfig(defaultAdmin,
- defaultAdminPassword,
- defaultAdminRole));
+ localUserConfigList.put(defaultAdmin, new UserConfig(defaultAdmin,
+ defaultAdminPassword, defaultAdminRole));
}
}
rcResponse = aaaClient.authService(userName, password,
aaaServer.getAddress(), aaaServer.getSecret());
if (rcResponse.getStatus() == AuthResultEnum.AUTH_ACCEPT) {
- logger
- .info(
- "Remote Authentication Succeeded for User: \"{}\", by Server: {}",
- userName, aaaServer.getAddress());
+ logger.info(
+ "Remote Authentication Succeeded for User: \"{}\", by Server: {}",
+ userName, aaaServer.getAddress());
remotelyAuthenticated = true;
break;
} else if (rcResponse.getStatus() == AuthResultEnum.AUTH_REJECT) {
}
rcResponse = localUser.authenticate(password);
if (rcResponse.getStatus() != AuthResultEnum.AUTH_ACCEPT_LOC) {
- logger.info("Local Authentication Failed for User: \"{}\", Reason: {}",
- userName, rcResponse.getStatus().toString());
-
+ logger.info(
+ "Local Authentication Failed for User: \"{}\", Reason: {}",
+ userName, rcResponse.getStatus().toString());
+
return (rcResponse.getStatus());
}
logger.info("Local Authentication Succeeded for User: \"{}\"",
result = new AuthenticatedUser(userName);
/*
- * Extract attributes from response
- * All the information we are interested in is in the first Cisco VSA (vendor specific attribute).
+ * Extract attributes from response All the information we are
+ * interested in is in the first Cisco VSA (vendor specific attribute).
* Just process the first VSA and return
*/
String attributes = (rcResponse.getData() != null && !rcResponse
authorizationInfoIsPresent = checkAuthorizationInfo(attributes);
/*
- * The AAA server was only used to perform the authentication
- * Look for locally stored authorization info for this user
- * If found, add the data to the rcResponse
+ * The AAA server was only used to perform the authentication Look for
+ * locally stored authorization info for this user If found, add the
+ * data to the rcResponse
*/
if (remotelyAuthenticated && !authorizationInfoIsPresent) {
- logger
- .info(
- "No Remote Authorization Info provided by Server for User: \"{}\"",
- userName);
+ logger.info(
+ "No Remote Authorization Info provided by Server for User: \"{}\"",
+ userName);
logger.info(
"Looking for Local Authorization Info for User: \"{}\"",
userName);
}
/*
- * Common response parsing for local & remote authenticated user
- * Looking for authorized resources, detecting attributes' validity
+ * Common response parsing for local & remote authenticated user Looking
+ * for authorized resources, detecting attributes' validity
*/
if (authorizationInfoIsPresent) {
- // Identifying the administrative role
+ // Identifying the administrative role
adminRoles = attributes.split(" ");
result.setRoleList(adminRoles);
authorized = true;
return rcResponse.getStatus();
}
- // Check in the attributes string whether or not authorization information is present
+ // Check in the attributes string whether or not authorization information
+ // is present
private boolean checkAuthorizationInfo(String attributes) {
return (attributes != null && !attributes.isEmpty());
}
private void removeUserFromActiveList(String user) {
if (!activeUsers.containsKey(user)) {
- // as cookie persists in cache, we can get logout for unexisting active users
+ // as cookie persists in cache, we can get logout for unexisting
+ // active users
return;
}
activeUsers.remove(user);
@Override
public Object readObject(ObjectInputStream ois)
throws FileNotFoundException, IOException, ClassNotFoundException {
- // Perform the class deserialization locally, from inside the package where the class is defined
+ // Perform the class deserialization locally, from inside the package
+ // where the class is defined
return ois.readObject();
}
* Interaction with GUI START
*/
public Status addRemoveLocalUser(UserConfig AAAconf, boolean delete) {
- // Validation check
- if (!AAAconf.isValid()) {
- String msg = "Invalid Local User configuration";
- logger.warn(msg);
- return new Status(StatusCode.BADREQUEST, msg);
+ // UserConfig Validation check
+ Status validCheck = AAAconf.validate();
+ if (!validCheck.isSuccess()) {
+ return validCheck;
}
// Update Config database
if (delete) {
- if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) {
- String msg = "Invalid Request: Default Network Admin User " +
- "cannot be deleted";
- logger.debug(msg);
- return new Status(StatusCode.NOTALLOWED, msg);
- }
+ if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) {
+ String msg = "Invalid Request: Default Network Admin User "
+ + "cannot be deleted";
+ logger.debug(msg);
+ return new Status(StatusCode.NOTALLOWED, msg);
+ }
localUserConfigList.remove(AAAconf.getUser());
} else {
- if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) {
- String msg = "Invalid Request: Default Network Admin User " +
- "cannot be added";
- logger.debug(msg);
- return new Status(StatusCode.NOTALLOWED, msg);
- }
+ if (AAAconf.getUser().equals(UserManagerImpl.defaultAdmin)) {
+ String msg = "Invalid Request: Default Network Admin User "
+ + "cannot be added";
+ logger.debug(msg);
+ return new Status(StatusCode.NOTALLOWED, msg);
+ }
localUserConfigList.put(AAAconf.getUser(), AAAconf);
}
private Status addRemoveAAAServer(ServerConfig AAAconf, boolean delete) {
// Validation check
if (!AAAconf.isValid()) {
- String msg = "Invalid Server configuration";
+ String msg = "Invalid Server configuration";
logger.warn(msg);
return new Status(StatusCode.BADREQUEST, msg);
}
return new Status(StatusCode.SUCCESS, null);
}
- private Status addRemoveAuthInfo(AuthorizationConfig AAAconf,
- boolean delete) {
- if (!AAAconf.isValid()) {
- String msg = "Invalid Authorization configuration";
+ private Status addRemoveAuthInfo(AuthorizationConfig AAAconf, boolean delete) {
+ Status configCheck = AAAconf.validate();
+ if (!configCheck.isSuccess()) {
+ String msg = "Invalid Authorization configuration: "
+ + configCheck.getDescription();
logger.warn(msg);
return new Status(StatusCode.BADREQUEST, msg);
}
@Override
public Status removeLocalUser(String userName) {
- if (userName == null || userName.trim().isEmpty()) {
- return new Status(StatusCode.BADREQUEST, "Invalid user name");
- }
- if (!localUserConfigList.containsKey(userName)) {
- return new Status(StatusCode.NOTFOUND, "User does not exist");
- }
+ if (userName == null || userName.trim().isEmpty()) {
+ return new Status(StatusCode.BADREQUEST, "Invalid user name");
+ }
+ if (!localUserConfigList.containsKey(userName)) {
+ return new Status(StatusCode.NOTFOUND, "User does not exist");
+ }
return addRemoveLocalUser(localUserConfigList.get(userName), true);
}
+
@Override
public Status addAAAServer(ServerConfig AAAconf) {
return addRemoveAAAServer(AAAconf, false);
@Override
public List<AuthorizationConfig> getAuthorizationList() {
- return new ArrayList<AuthorizationConfig>(authorizationConfList
- .values());
+ return new ArrayList<AuthorizationConfig>(
+ authorizationConfList.values());
}
@Override
// update configuration entry
targetConfigEntry = localUserConfigList.get(user);
if (targetConfigEntry == null) {
- return new Status(StatusCode.NOTFOUND, "User not found");
+ return new Status(StatusCode.NOTFOUND, "User not found");
}
if (false == targetConfigEntry.update(curPassword, newPassword, null)) {
- return new Status(StatusCode.BADREQUEST, "Current password is incorrect");
+ return new Status(StatusCode.BADREQUEST,
+ "Current password is incorrect");
}
- localUserConfigList.put(user, targetConfigEntry); // trigger cluster update
+ localUserConfigList.put(user, targetConfigEntry); // trigger cluster
+ // update
logger.info("Password changed for User \"{}\"", user);
@Override
public void userLogout(String userName) {
- // TODO: if user was authenticated through AAA server, send Acct-Status-Type=stop message to server with logout as reason
+ // TODO: if user was authenticated through AAA server, send
+ // Acct-Status-Type=stop message to server with logout as reason
removeUserFromActiveList(userName);
logger.info("User \"{}\" logged out", userName);
}
*/
@Override
public void userTimedOut(String userName) {
- // TODO: if user was authenticated through AAA server, send Acct-Status-Type=stop message to server with timeout as reason
+ // TODO: if user was authenticated through AAA server, send
+ // Acct-Status-Type=stop message to server with timeout as reason
removeUserFromActiveList(userName);
logger.info("User \"{}\" timed out", userName);
}
ci.println(conf.getUser() + " " + conf.getRole());
}
}
-
- public void _addAAAServer (CommandInterpreter ci) {
+
+ public void _addAAAServer(CommandInterpreter ci) {
String server = ci.nextArgument();
String secret = ci.nextArgument();
String protocol = ci.nextArgument();
-
+
if (server == null || secret == null || protocol == null) {
- ci.println("Usage : addAAAServer <server> <secret> <protocol>");
- return;
+ ci.println("Usage : addAAAServer <server> <secret> <protocol>");
+ return;
}
ServerConfig s = new ServerConfig(server, secret, protocol);
addAAAServer(s);
}
-
- public void _removeAAAServer (CommandInterpreter ci) {
+
+ public void _removeAAAServer(CommandInterpreter ci) {
String server = ci.nextArgument();
String secret = ci.nextArgument();
String protocol = ci.nextArgument();
-
+
if (server == null || secret == null || protocol == null) {
- ci.println("Usage : addAAAServer <server> <secret> <protocol>");
- return;
+ ci.println("Usage : addAAAServer <server> <secret> <protocol>");
+ return;
}
ServerConfig s = new ServerConfig(server, secret, protocol);
removeAAAServer(s);
}
- public void _printAAAServers (CommandInterpreter ci) {
+ public void _printAAAServers(CommandInterpreter ci) {
for (ServerConfig aaaServer : remoteServerConfigList.values()) {
String protocol = aaaServer.getProtocol();
ci.println(aaaServer.getAddress() + "-" + aaaServer.getProtocol());
/**
* Function called by the dependency manager when all the required
* dependencies are satisfied
- *
+ *
*/
void init() {
}
/**
- * Function called by the dependency manager when at least one
- * dependency become unsatisfied or when the component is shutting
- * down because for example bundle is being stopped.
- *
+ * Function called by the dependency manager when at least one dependency
+ * become unsatisfied or when the component is shutting down because for
+ * example bundle is being stopped.
+ *
*/
void destroy() {
}
/**
- * Function called by dependency manager after "init ()" is called
- * and after the services provided by the class are registered in
- * the service registry
- *
+ * Function called by dependency manager after "init ()" is called and after
+ * the services provided by the class are registered in the service registry
+ *
*/
void start() {
authProviders = new ConcurrentHashMap<String, IAAAProvider>();
}
/**
- * Function called by the dependency manager before the services
- * exported by the component are unregistered, this will be
- * followed by a "destroy ()" calls
- *
+ * Function called by the dependency manager before the services exported by
+ * the component are unregistered, this will be followed by a "destroy ()"
+ * calls
+ *
*/
void stop() {
}
@Override
public UserLevel getUserLevel(String username) {
// Returns the controller well-know user level for the passed user
- String roleName = null;
+ String roleName = null;
- // First check in active users then in local configured users
+ // First check in active users then in local configured users
if (activeUsers.containsKey(username)) {
- roleName = activeUsers.get(username).getUserRoles().get(0);
+ roleName = activeUsers.get(username).getUserRoles().get(0);
} else if (localUserConfigList.containsKey(username)) {
- roleName = localUserConfigList.get(username).getRole();
+ roleName = localUserConfigList.get(username).getRole();
}
-
+
if (roleName == null) {
- return UserLevel.NOUSER;
+ return UserLevel.NOUSER;
}
-
+
// For now only one role per user is allowed
if (roleName.equals(UserLevel.SYSTEMADMIN.toString())) {
return UserLevel.SYSTEMADMIN;
}
return new Status(StatusCode.INTERNALERROR,
- "Failed to save user configurations");
+ "Failed to save user configurations");
}
@Override
return new User(username, localUserConfigList.get(username)
.getPassword(), enabled, accountNonExpired,
- credentialsNonExpired, accountNonLocked, user
- .getGrantedAuthorities(getUserLevel(username)));
+ credentialsNonExpired, accountNonLocked,
+ user.getGrantedAuthorities(getUserLevel(username)));
} else
throw new UsernameNotFoundException("User not found " + username);
}
"Username or credentials did not match");
}
- AuthResultEnum result = authenticate((String) authentication
- .getPrincipal(), (String) authentication.getCredentials());
+ AuthResultEnum result = authenticate(
+ (String) authentication.getPrincipal(),
+ (String) authentication.getCredentials());
if (result.equals(AuthResultEnum.AUTHOR_PASS)
|| result.equals(AuthResultEnum.AUTH_ACCEPT_LOC)
|| result.equals(AuthResultEnum.AUTH_ACCEPT)) {
}
authentication = new UsernamePasswordAuthenticationToken(
- authentication.getPrincipal(), authentication
- .getCredentials(), user
- .getGrantedAuthorities(getUserLevel(authentication
- .getName())));
+ authentication.getPrincipal(),
+ authentication.getCredentials(),
+ user.getGrantedAuthorities(getUserLevel(authentication
+ .getName())));
return authentication;
} else
}
- //following are setters for use in unit testing
+ // following are setters for use in unit testing
void setLocalUserConfigList(ConcurrentMap<String, UserConfig> ucl) {
- if (ucl != null) { this.localUserConfigList = ucl; }
+ if (ucl != null) {
+ this.localUserConfigList = ucl;
+ }
}
- void setRemoteServerConfigList (ConcurrentMap<String, ServerConfig> scl) {
- if (scl != null) { this.remoteServerConfigList = scl; }
+
+ void setRemoteServerConfigList(ConcurrentMap<String, ServerConfig> scl) {
+ if (scl != null) {
+ this.remoteServerConfigList = scl;
+ }
}
- void setAuthorizationConfList (ConcurrentMap<String, AuthorizationConfig> acl) {
- if (acl != null) { this.authorizationConfList = acl; }
+
+ void setAuthorizationConfList(ConcurrentMap<String, AuthorizationConfig> acl) {
+ if (acl != null) {
+ this.authorizationConfList = acl;
+ }
}
- void setActiveUsers (ConcurrentMap<String, AuthenticatedUser> au) {
- if (au != null) { this.activeUsers = au; }
+
+ void setActiveUsers(ConcurrentMap<String, AuthenticatedUser> au) {
+ if (au != null) {
+ this.activeUsers = au;
+ }
}
- void setAuthProviders(ConcurrentMap<String, IAAAProvider> ap ) {
- if (ap != null){
+
+ void setAuthProviders(ConcurrentMap<String, IAAAProvider> ap) {
+ if (ap != null) {
this.authProviders = ap;
}
}
-
+
@Override
public ISessionManager getSessionManager() {
return this.sessionMgr;
}
-
+
public void setSessionMgr(ISessionManager sessionMgr) {
this.sessionMgr = sessionMgr;
}
-
+
public String getPassword(String username) {
return localUserConfigList.get(username).getPassword();
}
*/
public class AuthorizationUserConfigTest {
- @Test
- public void AuthorizationConfigTest() {
- AuthorizationConfig authConfig;
-
- // test isValid
- authConfig = new AuthorizationConfig(null,
- UserLevel.SYSTEMADMIN.toString());
- assertFalse(authConfig.isValid());
- authConfig = new AuthorizationConfig("admin", "");
- assertFalse(authConfig.isValid());
- authConfig = new AuthorizationConfig("admin",
- UserLevel.SYSTEMADMIN.toString());
- assertTrue(authConfig.isValid());
- }
-
- @Test
- public void UserConfigTest() {
- UserConfig userConfig;
-
- userConfig = new UserConfig(null, "cisco",
- UserLevel.NETWORKOPERATOR.toString());
- assertFalse(userConfig.isValid());
-
- userConfig = new UserConfig("uname", "", "cisco");
- assertFalse(userConfig.isValid());
-
- userConfig = new UserConfig("uname", "ciscocisco",
- UserLevel.NETWORKOPERATOR.toString());
- assertTrue(userConfig.isValid());
-
- /* currentPassword mismatch */
- assertFalse(userConfig.update("Cisco", "cisco123",
- UserLevel.NETWORKOPERATOR.toString()));
-
- assertTrue(userConfig.update("ciscocisco", null,
- UserLevel.NETWORKOPERATOR.toString()));
- /* New Password = null, No change in password */
- assertTrue(userConfig.getPassword().equals("ciscocisco"));
-
- /* Password changed successfully, no change in user role */
- assertTrue(userConfig.update("ciscocisco", "cisco123",
- UserLevel.NETWORKOPERATOR.toString()));
- assertTrue(userConfig.getPassword().equals("cisco123"));
- assertTrue(userConfig.getRole().equals(
- UserLevel.NETWORKOPERATOR.toString()));
-
- /* Password not changed, role changed successfully */
- assertTrue(userConfig.update("cisco123", "cisco123",
- UserLevel.SYSTEMADMIN.toString()));
- assertTrue(userConfig.getPassword().equals("cisco123"));
- assertTrue(userConfig.getRole()
- .equals(UserLevel.SYSTEMADMIN.toString()));
-
- /* Password and role changed successfully */
- assertTrue(userConfig.update("cisco123", "ciscocisco",
- UserLevel.SYSTEMADMIN.toString()));
- assertTrue(userConfig.getPassword().equals("ciscocisco"));
- assertTrue(userConfig.getRole()
- .equals(UserLevel.SYSTEMADMIN.toString()));
-
- String username = userConfig.getUser();
- assertTrue(username.equals("uname"));
-
- // test authenticate
- AuthResponse authresp = userConfig.authenticate("ciscocisco");
- assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_ACCEPT_LOC));
- authresp = userConfig.authenticate("wrongPassword");
- assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_REJECT_LOC));
-
- // test equals()
- userConfig = new UserConfig("uname", "ciscocisco",
- UserLevel.NETWORKOPERATOR.toString());
- assertEquals(userConfig, userConfig);
- UserConfig userConfig2 = new UserConfig("uname",
- "ciscocisco",
- UserLevel.NETWORKOPERATOR.toString());
- assertEquals(userConfig, userConfig2);
- }
+ @Test
+ public void AuthorizationConfigTest() {
+ AuthorizationConfig authConfig;
+
+ // test isValid
+ authConfig = new AuthorizationConfig(null,
+ UserLevel.SYSTEMADMIN.toString());
+ assertFalse(authConfig.validate().isSuccess());
+ authConfig = new AuthorizationConfig("admin", "");
+ assertFalse(authConfig.validate().isSuccess());
+ authConfig = new AuthorizationConfig("admin",
+ UserLevel.SYSTEMADMIN.toString());
+ assertTrue(authConfig.validate().isSuccess());
+ }
+
+ @Test
+ public void UserConfigTest() {
+ UserConfig userConfig;
+
+ userConfig = new UserConfig(null, "cisco",
+ UserLevel.NETWORKOPERATOR.toString());
+ assertFalse(userConfig.validate().isSuccess());
+
+ userConfig = new UserConfig("uname", "", "cisco");
+ assertFalse(userConfig.validate().isSuccess());
+
+ userConfig = new UserConfig("uname", "ciscocisco",
+ UserLevel.NETWORKOPERATOR.toString());
+ assertTrue(userConfig.validate().isSuccess());
+
+ /* currentPassword mismatch */
+ assertFalse(userConfig.update("Cisco", "cisco123",
+ UserLevel.NETWORKOPERATOR.toString()));
+
+ assertTrue(userConfig.update("ciscocisco", null,
+ UserLevel.NETWORKOPERATOR.toString()));
+ /* New Password = null, No change in password */
+ assertTrue(userConfig.getPassword().equals("ciscocisco"));
+
+ /* Password changed successfully, no change in user role */
+ assertTrue(userConfig.update("ciscocisco", "cisco123",
+ UserLevel.NETWORKOPERATOR.toString()));
+ assertTrue(userConfig.getPassword().equals("cisco123"));
+ assertTrue(userConfig.getRole().equals(
+ UserLevel.NETWORKOPERATOR.toString()));
+
+ /* Password not changed, role changed successfully */
+ assertTrue(userConfig.update("cisco123", "cisco123",
+ UserLevel.SYSTEMADMIN.toString()));
+ assertTrue(userConfig.getPassword().equals("cisco123"));
+ assertTrue(userConfig.getRole()
+ .equals(UserLevel.SYSTEMADMIN.toString()));
+
+ /* Password and role changed successfully */
+ assertTrue(userConfig.update("cisco123", "ciscocisco",
+ UserLevel.SYSTEMADMIN.toString()));
+ assertTrue(userConfig.getPassword().equals("ciscocisco"));
+ assertTrue(userConfig.getRole()
+ .equals(UserLevel.SYSTEMADMIN.toString()));
+
+ String username = userConfig.getUser();
+ assertTrue(username.equals("uname"));
+
+ // test authenticate
+ AuthResponse authresp = userConfig.authenticate("ciscocisco");
+ assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_ACCEPT_LOC));
+ authresp = userConfig.authenticate("wrongPassword");
+ assertTrue(authresp.getStatus().equals(AuthResultEnum.AUTH_REJECT_LOC));
+
+ // test equals()
+ userConfig = new UserConfig("uname", "ciscocisco",
+ UserLevel.NETWORKOPERATOR.toString());
+ assertEquals(userConfig, userConfig);
+ UserConfig userConfig2 = new UserConfig("uname", "ciscocisco",
+ UserLevel.NETWORKOPERATOR.toString());
+ assertEquals(userConfig, userConfig2);
+ }
}