knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject [58/64] knox git commit: Merge branch 'master' into KNOX-998-Package_Restructuring
Date Fri, 01 Sep 2017 13:17:56 GMT
http://git-wip-us.apache.org/repos/asf/knox/blob/912c5360/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
index ea19962,0000000..7df6b7a
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySampleFuncTest.java
@@@ -1,219 -1,0 +1,203 @@@
 +/**
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.knox.gateway;
 +
 +import com.mycila.xmltool.XMLDoc;
 +import com.mycila.xmltool.XMLTag;
 +import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 +import org.apache.knox.gateway.config.GatewayConfig;
 +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
 +import org.apache.knox.gateway.services.DefaultGatewayServices;
 +import org.apache.knox.gateway.services.ServiceLifecycleException;
 +import org.apache.hadoop.test.TestUtils;
 +import org.apache.http.HttpStatus;
 +import org.apache.log4j.Appender;
 +import org.hamcrest.MatcherAssert;
 +import org.hamcrest.Matchers;
 +import org.junit.AfterClass;
 +import org.junit.BeforeClass;
 +import org.junit.Test;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import java.io.File;
 +import java.io.FileOutputStream;
 +import java.io.IOException;
 +import java.io.InputStream;
 +import java.net.URL;
- import java.nio.file.FileSystems;
- import java.nio.file.Path;
 +import java.util.Enumeration;
 +import java.util.HashMap;
 +import java.util.Map;
 +import java.util.UUID;
 +
 +import static com.jayway.restassured.RestAssured.given;
 +import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
 +import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
 +import static org.hamcrest.CoreMatchers.is;
 +import static org.hamcrest.CoreMatchers.notNullValue;
 +import static org.junit.Assert.assertThat;
 +
 +public class GatewaySampleFuncTest {
 +
 +  private static Class RESOURCE_BASE_CLASS = GatewaySampleFuncTest.class;
 +  private static Logger LOG = LoggerFactory.getLogger( GatewaySampleFuncTest.class );
 +
 +  public static Enumeration<Appender> appenders;
 +  public static GatewayConfig config;
 +  public static GatewayServer gateway;
 +  public static String gatewayUrl;
 +  public static String clusterUrl;
-   public static SimpleLdapDirectoryServer ldap;
-   public static TcpTransport ldapTransport;
++  private static GatewayTestDriver driver = new GatewayTestDriver();
 +
 +  @BeforeClass
 +  public static void setupSuite() throws Exception {
 +    LOG_ENTER();
 +    //appenders = NoOpAppender.setUp();
-     setupLdap();
++    driver.setupLdap(0);
 +    setupGateway();
 +    LOG_EXIT();
 +  }
 +
 +  @AfterClass
 +  public static void cleanupSuite() throws Exception {
 +    LOG_ENTER();
 +    gateway.stop();
-     ldap.stop( true );
++    driver.cleanup();
 +    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
 +    //NoOpAppender.tearDown( appenders );
 +    LOG_EXIT();
 +  }
 +
-   public static void setupLdap() throws Exception {
-     String basedir = System.getProperty("basedir");
-     if (basedir == null) {
-       basedir = new File(".").getCanonicalPath();
-     }
-     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users.ldif");
- 
-     ldapTransport = new TcpTransport( 0 );
-     ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", path.toFile(), ldapTransport );
-     ldap.start();
-     LOG.info( "LDAP port = " + ldapTransport.getAcceptor().getLocalAddress().getPort() );
-   }
- 
 +  public static void setupGateway() throws Exception {
 +
 +    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
 +    File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
 +    gatewayDir.mkdirs();
 +
 +    GatewayTestConfig testConfig = new GatewayTestConfig();
 +    config = testConfig;
 +    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
 +
 +    File topoDir = new File( testConfig.getGatewayTopologyDir() );
 +    topoDir.mkdirs();
 +
 +    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
 +    deployDir.mkdirs();
 +
 +    File descriptor = new File( topoDir, "test-cluster.xml" );
 +    FileOutputStream stream = new FileOutputStream( descriptor );
 +    createTopology().toStream( stream );
 +    stream.close();
 +
 +    DefaultGatewayServices srvcs = new DefaultGatewayServices();
 +    Map<String,String> options = new HashMap<>();
 +    options.put( "persist-master", "false" );
 +    options.put( "master", "password" );
 +    try {
 +      srvcs.init( testConfig, options );
 +    } catch ( ServiceLifecycleException e ) {
 +      e.printStackTrace(); // I18N not required.
 +    }
 +
 +    gateway = GatewayServer.startGateway( testConfig, srvcs );
 +    MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
 +
 +    LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
 +
 +    gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
 +    clusterUrl = gatewayUrl + "/test-cluster";
 +  }
 +
 +  private static XMLTag createTopology() {
 +    XMLTag xml = XMLDoc.newDocument( true )
 +        .addRoot( "topology" )
 +        .addTag( "gateway" )
 +        .addTag( "provider" )
 +        .addTag( "role" ).addText( "authentication" )
 +        .addTag( "name" ).addText( "ShiroProvider" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm" )
-         .addTag( "value" ).addText( "KnoxLdapRealm" ).gotoParent()
++        .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" ).gotoParent()
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
 +        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" ).gotoParent()
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
-         .addTag( "value" ).addText( "ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort() ).gotoParent()
++        .addTag( "value" ).addText( driver.getLdapUrl() ).gotoParent()
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
 +        .addTag( "value" ).addText( "simple" ).gotoParent()
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "urls./**" )
 +        .addTag( "value" ).addText( "authcBasic" ).gotoParent().gotoParent()
 +        .addTag( "provider" )
 +        .addTag( "role" ).addText( "identity-assertion" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "name" ).addText( "Default" ).gotoParent()
 +        .addTag( "provider" )
 +        .gotoRoot()
 +        .addTag( "service" )
 +        .addTag( "role" ).addText( "test-service-role" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  public static InputStream getResourceStream( String resource ) throws IOException {
 +    return getResourceUrl( resource ).openStream();
 +  }
 +
 +  public static URL getResourceUrl( String resource ) {
 +    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
 +    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
 +    return url;
 +  }
 +
 +  public static String getResourceName( String resource ) {
 +    return getResourceBaseName() + resource;
 +  }
 +
 +  public static String getResourceBaseName() {
 +    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
 +  }
 +
 +  //@Test
 +  public void waitForManualTesting() throws IOException {
 +    System.in.read();
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testTestService() throws ClassNotFoundException {
 +    LOG_ENTER();
 +    String username = "guest";
 +    String password = "guest-password";
 +    String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
 +    given()
 +        //.log().all()
 +        .auth().preemptive().basic( username, password )
 +        .expect()
 +        //.log().all()
 +        .statusCode( HttpStatus.SC_OK )
 +        .contentType( "text/plain" )
 +        .body( is( "test-service-response" ) )
 +        .when().get( serviceUrl );
 +    LOG_EXIT();
 +  }
 +
 +}

http://git-wip-us.apache.org/repos/asf/knox/blob/912c5360/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
index 3404eab,0000000..69b5c1c
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewaySslFuncTest.java
@@@ -1,319 -1,0 +1,304 @@@
 +/**
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.knox.gateway;
 +
 +import java.io.File;
 +import java.nio.file.FileSystems;
 +import java.nio.file.Path;
 +import java.security.KeyManagementException;
 +import java.security.NoSuchAlgorithmException;
 +import java.security.SecureRandom;
 +import java.security.cert.CertificateException;
 +import java.security.cert.X509Certificate;
 +import java.util.Arrays;
 +import java.util.Enumeration;
 +import java.util.HashMap;
 +import java.util.Iterator;
 +import java.util.Map;
 +import java.util.Properties;
 +import java.util.ServiceLoader;
 +import java.util.UUID;
 +import javax.net.ssl.HostnameVerifier;
 +import javax.net.ssl.SSLContext;
 +import javax.net.ssl.SSLHandshakeException;
 +import javax.net.ssl.SSLSession;
 +import javax.net.ssl.TrustManager;
 +import javax.net.ssl.X509TrustManager;
 +import javax.xml.transform.stream.StreamSource;
 +
 +import org.apache.commons.io.FileUtils;
 +import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
 +import org.apache.knox.gateway.services.DefaultGatewayServices;
 +import org.apache.knox.gateway.services.GatewayServices;
 +import org.apache.knox.gateway.services.ServiceLifecycleException;
 +import org.apache.knox.gateway.services.topology.TopologyService;
 +import org.apache.hadoop.test.TestUtils;
 +import org.apache.hadoop.test.category.ReleaseTest;
 +import org.apache.hadoop.test.mock.MockServer;
 +import org.apache.http.HttpHost;
 +import org.apache.http.auth.AuthScope;
 +import org.apache.http.auth.UsernamePasswordCredentials;
 +import org.apache.http.client.AuthCache;
 +import org.apache.http.client.CredentialsProvider;
 +import org.apache.http.client.methods.CloseableHttpResponse;
 +import org.apache.http.client.methods.HttpGet;
 +import org.apache.http.client.protocol.HttpClientContext;
 +import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 +import org.apache.http.impl.auth.BasicScheme;
 +import org.apache.http.impl.client.BasicAuthCache;
 +import org.apache.http.impl.client.BasicCredentialsProvider;
 +import org.apache.http.impl.client.CloseableHttpClient;
 +import org.apache.http.impl.client.HttpClients;
 +import org.apache.log4j.Appender;
 +import org.hamcrest.MatcherAssert;
 +import org.junit.After;
 +import org.junit.AfterClass;
 +import org.junit.BeforeClass;
 +import org.junit.Test;
 +import org.junit.experimental.categories.Category;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
 +import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
 +import static org.hamcrest.CoreMatchers.notNullValue;
 +import static org.junit.Assert.assertThat;
 +import static org.junit.Assert.fail;
 +import static org.xmlmatchers.transform.XmlConverters.the;
 +import static org.xmlmatchers.xpath.HasXPath.hasXPath;
 +
 +@Category( ReleaseTest.class )
 +public class GatewaySslFuncTest {
 +
 +  private static Logger LOG = LoggerFactory.getLogger( GatewaySslFuncTest.class );
 +  private static Class DAT = GatewaySslFuncTest.class;
 +
 +  private static Enumeration<Appender> appenders;
 +  private static GatewayTestConfig config;
 +  private static DefaultGatewayServices services;
 +  private static GatewayServer gateway;
 +  private static String gatewayScheme;
 +  private static int gatewayPort;
 +  private static String gatewayUrl;
-   private static SimpleLdapDirectoryServer ldap;
-   private static TcpTransport ldapTransport;
-   private static int ldapPort;
 +  private static Properties params;
 +  private static TopologyService topos;
 +  private static MockServer mockWebHdfs;
++  private static GatewayTestDriver driver = new GatewayTestDriver();
 +
 +  @BeforeClass
 +  public static void setupSuite() throws Exception {
 +    LOG_ENTER();
 +    //appenders = NoOpAppender.setUp();
-     setupLdap();
++    driver.setupLdap(0);
 +    setupGateway();
 +    LOG_EXIT();
 +  }
 +
 +  @AfterClass
 +  public static void cleanupSuite() throws Exception {
 +    LOG_ENTER();
 +    gateway.stop();
-     ldap.stop( true );
++    driver.cleanup();
 +    FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
 +    //NoOpAppender.tearDown( appenders );
 +    LOG_EXIT();
 +  }
 +
 +  @After
 +  public void cleanupTest() throws Exception {
 +    FileUtils.cleanDirectory( new File( config.getGatewayTopologyDir() ) );
 +    FileUtils.cleanDirectory( new File( config.getGatewayDeploymentDir() ) );
 +  }
 +
-   public static void setupLdap() throws Exception {
-     String basedir = System.getProperty("basedir");
-     if (basedir == null) {
-       basedir = new File(".").getCanonicalPath();
-     }
-     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users.ldif");
- 
-     ldapTransport = new TcpTransport( 0 );
-     ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", path.toFile(), ldapTransport );
-     ldap.start();
-     LOG.info( "LDAP port = " + ldapTransport.getAcceptor().getLocalAddress().getPort() );
-   }
- 
 +  public static void setupGateway() throws Exception {
 +
 +    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
 +    File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
 +    gatewayDir.mkdirs();
 +
 +    config = new GatewayTestConfig();
 +    config.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
 +
 +    File topoDir = new File( config.getGatewayTopologyDir() );
 +    topoDir.mkdirs();
 +
 +    File deployDir = new File( config.getGatewayDeploymentDir() );
 +    deployDir.mkdirs();
 +
 +    File securityDir = new File( config.getGatewaySecurityDir() );
 +    securityDir.mkdirs();
 +
 +    config.setSSLEnabled( true );
 +
 +    setupMockServers();
 +    startGatewayServer();
 +  }
 +
 +  public static void setupMockServers() throws Exception {
 +    mockWebHdfs = new MockServer( "WEBHDFS", true );
 +  }
 +
 +  private static GatewayServices instantiateGatewayServices() {
 +    ServiceLoader<GatewayServices> loader = ServiceLoader.load( GatewayServices.class );
 +    Iterator<GatewayServices> services = loader.iterator();
 +    if (services.hasNext()) {
 +      return services.next();
 +    }
 +    return null;
 +  }
 +
 +  public static void startGatewayServer() throws Exception {
 +    instantiateGatewayServices();
 +    services = new DefaultGatewayServices();
 +    Map<String,String> options = new HashMap<>();
 +    options.put( "persist-master", "false" );
 +    options.put( "master", "password" );
 +    try {
 +      services.init( config, options );
 +    } catch ( ServiceLifecycleException e ) {
 +      e.printStackTrace(); // I18N not required.
 +    }
 +    topos = services.getService(GatewayServices.TOPOLOGY_SERVICE);
 +
 +    gateway = GatewayServer.startGateway( config, services );
 +    MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
 +
 +    gatewayScheme = config.isSSLEnabled() ? "https" : "http";
 +    gatewayPort = gateway.getAddresses()[0].getPort();
 +    gatewayUrl = gatewayScheme + "://localhost:" + gatewayPort + "/" + config.getGatewayPath();
 +
 +    LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
 +
 +    params = new Properties();
-     params.put( "LDAP_URL", "ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort() );
++    params.put( "LDAP_URL", driver.getLdapUrl() );
 +    params.put( "WEBHDFS_URL", "http://localhost:" + mockWebHdfs.getPort() );
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testKnox674SslCipherSuiteConfig() throws Exception {
 +    LOG_ENTER();
 +
 +    String topoStr = TestUtils.merge( DAT, "test-admin-topology.xml", params );
 +    File topoFile = new File( config.getGatewayTopologyDir(), "test-topology.xml" );
 +    FileUtils.writeStringToFile( topoFile, topoStr );
 +
 +    topos.reloadTopologies();
 +
 +    String username = "guest";
 +    String password = "guest-password";
 +    String serviceUrl = gatewayUrl + "/test-topology/api/v1/version";
 +
 +    HttpHost targetHost = new HttpHost( "localhost", gatewayPort, gatewayScheme );
 +    CredentialsProvider credsProvider = new BasicCredentialsProvider();
 +    credsProvider.setCredentials(
 +        new AuthScope( targetHost.getHostName(), targetHost.getPort() ),
 +        new UsernamePasswordCredentials( username, password ) );
 +
 +    AuthCache authCache = new BasicAuthCache();
 +    BasicScheme basicAuth = new BasicScheme();
 +    authCache.put( targetHost, basicAuth );
 +
 +    HttpClientContext context = HttpClientContext.create();
 +    context.setCredentialsProvider( credsProvider );
 +    context.setAuthCache( authCache );
 +
 +    CloseableHttpClient client = HttpClients.custom()
 +        .setSSLSocketFactory(
 +            new SSLConnectionSocketFactory(
 +                createInsecureSslContext(),
 +                new String[]{"TLSv1.2"},
 +                new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
 +                new TrustAllHosts() ) )
 +        .build();
 +    HttpGet request = new HttpGet( serviceUrl );
 +    CloseableHttpResponse response = client.execute( request, context );
 +    assertThat( the( new StreamSource( response.getEntity().getContent() ) ), hasXPath( "/ServerVersion/version" ) );
 +    response.close();
 +    client.close();
 +
 +    gateway.stop();
 +    config.setExcludedSSLCiphers( Arrays.asList( new String[]{ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } ) );
 +    config.setIncludedSSLCiphers( Arrays.asList( new String[]{ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" } ) );
 +
 +    startGatewayServer();
 +    serviceUrl = gatewayUrl + "/test-topology/api/v1/version";
 +
 +    try {
 +      client = HttpClients.custom()
 +          .setSSLSocketFactory(
 +              new SSLConnectionSocketFactory(
 +                  createInsecureSslContext(),
 +                  new String[]{ "TLSv1.2" },
 +                  new String[]{ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
 +                  new TrustAllHosts() ) ).build();
 +      request = new HttpGet( serviceUrl );
 +      client.execute( request, context );
 +      fail( "Expected SSLHandshakeException" );
 +    } catch ( SSLHandshakeException e ) {
 +      // Expected.
 +      client.close();
 +    }
 +
 +    client = HttpClients.custom()
 +        .setSSLSocketFactory(
 +            new SSLConnectionSocketFactory(
 +                createInsecureSslContext(),
 +                new String[]{ "TLSv1.2" },
 +                new String[]{ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
 +                new TrustAllHosts() ) ).build();
 +    request = new HttpGet( serviceUrl );
 +    response = client.execute( request, context );
 +    assertThat( the( new StreamSource( response.getEntity().getContent() ) ), hasXPath( "/ServerVersion/version" ) );
 +    response.close();
 +    client.close();
 +
 +    LOG_EXIT();
 +  }
 +
 +  public static class TrustAllHosts implements HostnameVerifier {
 +    @Override
 +    public boolean verify( String host, SSLSession sslSession ) {
 +      // Trust all hostnames.
 +      return true;
 +    }
 +  }
 +
 +  public static class TrustAllCerts implements X509TrustManager {
 +
 +    public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException {
 +      // Trust all certificates.
 +    }
 +
 +    public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException {
 +      // Trust all certificates.
 +    }
 +
 +    public X509Certificate[] getAcceptedIssuers() {
 +      return null;
 +    }
 +
 +  }
 +
 +  public static SSLContext createInsecureSslContext() throws NoSuchAlgorithmException, KeyManagementException {
 +    SSLContext sslContext = SSLContext.getInstance( "SSL" );
 +    sslContext.init( null, new TrustManager[]{ new TrustAllCerts() }, new SecureRandom() );
 +    return sslContext;
 +  }
 +
 +}

http://git-wip-us.apache.org/repos/asf/knox/blob/912c5360/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
index eaaaf5e,0000000..ecbb09c
mode 100755,000000..100755
--- a/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/Knox242FuncTest.java
@@@ -1,318 -1,0 +1,307 @@@
 +/**
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.knox.gateway;
 +
 +import static com.jayway.restassured.RestAssured.given;
 +import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
 +import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
 +import static org.hamcrest.CoreMatchers.is;
 +import static org.hamcrest.CoreMatchers.notNullValue;
 +import static org.junit.Assert.assertThat;
 +
 +import java.io.File;
 +import java.io.FileOutputStream;
 +import java.io.IOException;
 +import java.io.InputStream;
 +import java.net.InetSocketAddress;
 +import java.net.URL;
 +import java.nio.file.FileSystems;
 +import java.nio.file.Path;
 +import java.util.Enumeration;
 +import java.util.HashMap;
 +import java.util.Map;
 +import java.util.UUID;
 +
 +import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 +import org.apache.knox.gateway.config.GatewayConfig;
 +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
 +import org.apache.knox.gateway.services.DefaultGatewayServices;
 +import org.apache.knox.gateway.services.GatewayServices;
 +import org.apache.knox.gateway.services.ServiceLifecycleException;
 +import org.apache.knox.gateway.services.security.AliasService;
 +import org.apache.hadoop.test.TestUtils;
 +import org.apache.http.HttpStatus;
 +import org.apache.log4j.Appender;
 +import org.hamcrest.MatcherAssert;
 +import org.hamcrest.Matchers;
 +import org.junit.AfterClass;
 +import org.junit.BeforeClass;
 +import org.junit.Ignore;
 +import org.junit.Test;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import com.mycila.xmltool.XMLDoc;
 +import com.mycila.xmltool.XMLTag;
 +
 +/**
 + * Functional test to verify : KNOX-242 LDAP Enhancements
 + * Please see
 + * https://issues.apache.org/jira/browse/KNOX-242
 + *
 + */
 +public class Knox242FuncTest {
 +
 +  private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class;
 +  private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class );
 +
 +  public static Enumeration<Appender> appenders;
 +  public static GatewayConfig config;
 +  public static GatewayServer gateway;
 +  public static String gatewayUrl;
 +  public static String clusterUrl;
 +  public static String serviceUrl;
-   public static SimpleLdapDirectoryServer ldap;
-   public static TcpTransport ldapTransport;
++  private static GatewayTestDriver driver = new GatewayTestDriver();
 +
 +  @BeforeClass
 +  public static void setupSuite() throws Exception {
 +    LOG_ENTER();
 +    //appenders = NoOpAppender.setUp();
-     int port = setupLdap();
-     setupGateway(port);
-     TestUtils.awaitPortOpen( new InetSocketAddress( "localhost", port ), 10000, 100 );
++    String basedir = System.getProperty("basedir");
++    if (basedir == null) {
++      basedir = new File(".").getCanonicalPath();
++    }
++    Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users-dynamic.ldif");
++    driver.setupLdap( 0 , path.toFile() );
++    setupGateway();
 +    TestUtils.awaitNon404HttpStatus( new URL( serviceUrl ), 10000, 100 );
 +    LOG_EXIT();
 +  }
 +
 +  @AfterClass
 +  public static void cleanupSuite() throws Exception {
 +    LOG_ENTER();
 +    gateway.stop();
-     ldap.stop( true );
++    driver.cleanup();
 +    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
 +    //NoOpAppender.tearDown( appenders );
 +    LOG_EXIT();
 +  }
 +
-   public static int setupLdap() throws Exception {
-     String basedir = System.getProperty("basedir");
-     if (basedir == null) {
-       basedir = new File(".").getCanonicalPath();
-     }
-     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users-dynamic.ldif");
- 
-     ldapTransport = new TcpTransport( 0 );
-     ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", path.toFile(), ldapTransport );
-     ldap.start();
-     LOG.info( "LDAP port = " + ldapTransport.getPort() );
-     return ldapTransport.getAcceptor().getLocalAddress().getPort();
-   }
- 
-   public static void setupGateway(int ldapPort) throws IOException, Exception {
++  public static void setupGateway() throws IOException, Exception {
 +
 +    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
 +    File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
 +    gatewayDir.mkdirs();
 +
 +    GatewayTestConfig testConfig = new GatewayTestConfig();
 +    config = testConfig;
 +    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
 +
 +    File topoDir = new File( testConfig.getGatewayTopologyDir() );
 +    topoDir.mkdirs();
 +
 +    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
 +    deployDir.mkdirs();
 +
 +    DefaultGatewayServices srvcs = new DefaultGatewayServices();
 +    Map<String,String> options = new HashMap<>();
 +    options.put( "persist-master", "false" );
 +    options.put( "master", "password" );
 +    try {
 +      srvcs.init( testConfig, options );
 +    } catch ( ServiceLifecycleException e ) {
 +      e.printStackTrace(); // I18N not required.
 +    }
 +
 +    gateway = GatewayServer.startGateway( testConfig, srvcs );
 +    MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
 +
 +    LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
 +
 +    gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
 +    clusterUrl = gatewayUrl + "/testdg-cluster";
 +    serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
 +
 +    GatewayServices services = GatewayServer.getGatewayServices();
 +    AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE);
 +    aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password");
 +
 +    char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword");
 +    //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1)));
 +
 +    File descriptor = new File( topoDir, "testdg-cluster.xml" );
 +    FileOutputStream stream = new FileOutputStream( descriptor );
-     createTopology(ldapPort).toStream( stream );
++    createTopology().toStream( stream );
 +    stream.close();
 +  }
 +
-   private static XMLTag createTopology(int ldapPort) {
++  private static XMLTag createTopology() {
 +    XMLTag xml = XMLDoc.newDocument( true )
 +        .addRoot( "topology" )
 +        .addTag( "gateway" )
 +
 +        .addTag( "provider" )
 +        .addTag( "role" ).addText( "authentication" )
 +        .addTag( "name" ).addText( "ShiroProvider" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm" )
-         .addTag( "value" ).addText( "KnoxLdapRealm" )
++        .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapRealm" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapGroupContextFactory" )
-         .addTag( "value" ).addText( "KnoxLdapContextFactory" )
++        .addTag( "value" ).addText( "org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory" )
 +        .addTag( "value" ).addText( "$ldapGroupContextFactory" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
 +        .addTag( "value" ).addText( "simple" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
-         .addTag( "value" ).addText( "ldap://localhost:"  + ldapPort)
++        .addTag( "value" ).addText( driver.getLdapUrl())
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
 +        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
 +
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.searchBase" )
 +        .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
 +
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" )
 +        .addTag( "value" ).addText( "uid" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" )
 +        .addTag( "value" ).addText( "person" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" )
 +        .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" )
 +        .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" )
 +
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" )
 +        .addTag( "value" ).addText( "true" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" )
 +        .addTag( "value" ).addText( "simple" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" )
 +        .addTag( "value" ).addText( "groupofurls" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" )
 +        .addTag( "value" ).addText( "memberurl" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" )
 +        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" )
 +        .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" )
 +        .addTag( "value" ).addText( "testdg-cluster" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" )
 +        .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" )
 +        // .addTag( "value" ).addText( "guest-password" )
 +        .gotoParent().addTag( "param" )
 +        .addTag( "name" ).addText( "urls./**" )
 +        .addTag( "value" ).addText( "authcBasic" )
 +
 +        .gotoParent().gotoParent().addTag( "provider" )
 +        .addTag( "role" ).addText( "authorization" )
 +        .addTag( "name" ).addText( "AclsAuthz" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "param" )
 +        .addTag( "name" ).addText( "test-service-role.acl" )
 +        .addTag( "value" ).addText( "*;directors;*" )
 +
 +        .gotoParent().gotoParent().addTag( "provider" )
 +        .addTag( "role" ).addText( "identity-assertion" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "name" ).addText( "Default" ).gotoParent()
 +
 +        .gotoRoot()
 +        .addTag( "service" )
 +        .addTag( "role" ).addText( "test-service-role" )
 +        .gotoRoot();
 +         // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  public static InputStream getResourceStream( String resource ) throws IOException {
 +    return getResourceUrl( resource ).openStream();
 +  }
 +
 +  public static URL getResourceUrl( String resource ) {
 +    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
 +    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
 +    return url;
 +  }
 +
 +  public static String getResourceName( String resource ) {
 +    return getResourceBaseName() + resource;
 +  }
 +
 +  public static String getResourceBaseName() {
 +    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
 +  }
 +
 +  @Ignore
 +  // @Test
 +  public void waitForManualTesting() throws IOException {
 +    System.in.read();
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testGroupMember() throws ClassNotFoundException, Exception {
 +    LOG_ENTER();
 +    String username = "joe";
 +    String password = "joe-password";
 +    String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
 +    given()
 +        //.log().all()
 +        .auth().preemptive().basic( username, password )
 +        .expect()
 +        //.log().all()
 +        .statusCode( HttpStatus.SC_OK )
 +        .contentType( "text/plain" )
 +        .body( is( "test-service-response" ) )
 +        .when().get( serviceUrl );
 +    LOG_EXIT();
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testNonGroupMember() throws ClassNotFoundException {
 +    LOG_ENTER();
 +    String username = "guest";
 +    String password = "guest-password";
 +    String serviceUrl = clusterUrl + "/test-service-path/test-service-resource";
 +    given()
 +        //.log().all()
 +        .auth().preemptive().basic( username, password )
 +        .expect()
 +        //.log().all()
 +        .statusCode( HttpStatus.SC_FORBIDDEN )
 +        .when().get( serviceUrl );
 +    LOG_EXIT();
 +  }
-   
++
 +}

http://git-wip-us.apache.org/repos/asf/knox/blob/912c5360/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
index ee42658,0000000..cdd5c8e
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestNegative.java
@@@ -1,339 -1,0 +1,323 @@@
 +/**
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.knox.gateway;
 +
 +import com.mycila.xmltool.XMLDoc;
 +import com.mycila.xmltool.XMLTag;
 +import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
 +import org.apache.knox.gateway.services.DefaultGatewayServices;
 +import org.apache.knox.gateway.services.ServiceLifecycleException;
 +import org.apache.knox.gateway.util.KnoxCLI;
 +import org.apache.hadoop.test.TestUtils;
 +import org.apache.hadoop.test.log.NoOpAppender;
 +import org.apache.log4j.Appender;
 +import org.hamcrest.Matchers;
 +import org.junit.BeforeClass;
 +import org.junit.AfterClass;
 +import org.junit.Test;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import java.io.PrintStream;
 +import java.io.InputStream;
 +import java.io.File;
 +import java.io.FileOutputStream;
 +import java.io.IOException;
 +import java.io.ByteArrayOutputStream;
 +import java.net.URL;
- import java.nio.file.FileSystems;
- import java.nio.file.Path;
 +import java.util.Enumeration;
 +import java.util.HashMap;
 +import java.util.Map;
 +import java.util.UUID;
 +
 +import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
 +import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
 +import static org.hamcrest.CoreMatchers.containsString;
 +import static org.junit.Assert.assertFalse;
 +import static org.junit.Assert.assertThat;
 +
 +public class KnoxCliLdapFuncTestNegative {
 +
 +  private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
 +  private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
 +
 +  public static Enumeration<Appender> appenders;
 +  public static GatewayTestConfig config;
 +  public static GatewayServer gateway;
 +  public static String gatewayUrl;
 +  public static String clusterUrl;
-   public static SimpleLdapDirectoryServer ldap;
-   public static TcpTransport ldapTransport;
++  private static GatewayTestDriver driver = new GatewayTestDriver();
 +
 +  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
 +  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
 +  private static final String uuid = UUID.randomUUID().toString();
 +
 +  @BeforeClass
 +  public static void setupSuite() throws Exception {
 +    LOG_ENTER();
 +    System.setOut(new PrintStream(outContent));
 +    System.setErr(new PrintStream(errContent));
-     setupLdap();
++    driver.setupLdap(0);
 +    setupGateway();
 +    LOG_EXIT();
 +  }
 +
 +  @AfterClass
 +  public static void cleanupSuite() throws Exception {
 +    LOG_ENTER();
-     ldap.stop( true );
++    driver.cleanup();
 +
 +    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
 +    //NoOpAppender.tearDown( appenders );
 +    LOG_EXIT();
 +  }
 +
-   public static void setupLdap( ) throws Exception {
-     String basedir = System.getProperty("basedir");
-     if (basedir == null) {
-       basedir = new File(".").getCanonicalPath();
-     }
-     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users.ldif");
- 
-     ldapTransport = new TcpTransport( 0 );
-     ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", path.toFile(), ldapTransport );
-     ldap.start();
-     LOG.info( "LDAP port = " + ldapTransport.getAcceptor().getLocalAddress().getPort() );
-   }
- 
 +  public static void setupGateway() throws Exception {
 +
 +    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
 +    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
 +    gatewayDir.mkdirs();
 +
 +    GatewayTestConfig testConfig = new GatewayTestConfig();
 +    config = testConfig;
 +    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
 +
 +    File topoDir = new File( testConfig.getGatewayTopologyDir() );
 +    topoDir.mkdirs();
 +
 +    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
 +    deployDir.mkdirs();
 +
 +    createTopology(topoDir, "test-cluster.xml", true);
 +    createTopology(topoDir, "bad-cluster.xml", false);
 +
 +    DefaultGatewayServices srvcs = new DefaultGatewayServices();
 +    Map<String,String> options = new HashMap<>();
 +    options.put( "persist-master", "false" );
 +    options.put( "master", "password" );
 +    try {
 +      srvcs.init( testConfig, options );
 +    } catch ( ServiceLifecycleException e ) {
 +      e.printStackTrace(); // I18N not required.
 +    }
 +  }
 +
 +  private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
 +    File descriptor = new File(topoDir, name);
 +
 +    if(descriptor.exists()){
 +      descriptor.delete();
 +      descriptor = new File(topoDir, name);
 +    }
 +
 +    FileOutputStream stream = new FileOutputStream( descriptor, false );
 +    if(goodTopology){
 +      createTopology().toStream( stream );
 +    } else {
 +      createBadTopology().toStream( stream );
 +    }
 +    stream.close();
 +
 +  }
 +
 +  public static InputStream getResourceStream( String resource ) throws IOException {
 +    return getResourceUrl( resource ).openStream();
 +  }
 +
 +  public static URL getResourceUrl( String resource ) {
 +    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
 +    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
 +    return url;
 +  }
 +
 +  public static String getResourceName( String resource ) {
 +    return getResourceBaseName() + resource;
 +  }
 +
 +  public static String getResourceBaseName() {
 +    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
 +  }
 +
 +  private static XMLTag createBadTopology(){
 +    XMLTag xml = XMLDoc.newDocument(true)
 +        .addRoot("topology")
 +        .addTag("gateway")
 +        .addTag( "provider" )
 +        .addTag("role").addText("authentication")
 +        .addTag( "name" ).addText( "ShiroProvider" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag("param")
 +        .addTag( "name" ).addText("main.ldapRealm")
-         .addTag("value").addText("KnoxLdapRealm").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
 +        .addTag("param")
 +        .addTag( "name" ).addText("main.ldapRealm.userDnTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag( "name" ).addText("main.ldapRealm.contextFactory.url")
-         .addTag("value").addText("ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()).gotoParent()
++        .addTag("value").addText(driver.getLdapUrl()).gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
 +        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
 +        .addTag( "value" ).addText("guest-password").gotoParent()
 +        .addTag("param")
 +        .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism")
 +        .addTag("value").addText("simple").gotoParent()
 +        .addTag("param")
 +        .addTag( "name" ).addText("urls./**")
 +        .addTag("value").addText("authcBasic").gotoParent().gotoParent()
 +        .addTag("provider")
 +        .addTag( "role" ).addText("identity-assertion")
 +        .addTag("enabled").addText("true")
 +        .addTag("name").addText("Default").gotoParent()
 +        .addTag("provider")
 +        .gotoRoot()
 +        .addTag( "service" )
 +        .addTag( "role" ).addText( "KNOX" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  private static XMLTag createTopology() {
 +
 +    XMLTag xml = XMLDoc.newDocument(true)
 +        .addRoot("topology")
 +        .addTag("gateway" )
 +        .addTag("provider")
 +        .addTag("role").addText("authentication")
 +        .addTag("name").addText("ShiroProvider")
 +        .addTag("enabled").addText("true")
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm")
-         .addTag("value").addText("KnoxLdapRealm").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
 +        .addTag("param" )
 +        .addTag("name").addText("main.ldapGroupContextFactory")
-         .addTag("value").addText("KnoxLdapContextFactory").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.searchBase")
 +        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.groupObjectClass")
 +        .addTag("value").addText("groupOfNames").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param" )
 +        .addTag("name").addText("main.ldapRealm.memberAttribute")
 +        .addTag("value").addText("member").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
 +        .addTag("value").addText("true").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
 +        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
 +        .addTag( "value" ).addText("guest-password").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.userDnTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-         .addTag("value").addText("ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()).gotoParent()
++        .addTag("value").addText(driver.getLdapUrl()).gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
 +        .addTag("value").addText("simple").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.cachingEnabled")
 +        .addTag("value").addText("false").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("com.sun.jndi.ldap.connect.pool")
 +        .addTag("value").addText("false").gotoParent()
 +        .addTag("param")
 +        .addTag("name" ).addText("urls./**")
 +        .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
 +        .addTag("provider" )
 +        .addTag("role").addText( "identity-assertion" )
 +        .addTag( "enabled").addText( "true" )
 +        .addTag("name").addText( "Default" ).gotoParent()
 +        .gotoRoot()
 +        .addTag( "service" )
 +        .addTag( "role" ).addText( "test-service-role" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testBadTopology() throws Exception {
 +    LOG_ENTER();
 +
 +    //    Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology
 +    outContent.reset();
 +    String username = "tom";
 +    String password = "tom-password";
 +    KnoxCLI cli = new KnoxCLI();
 +    cli.setConf(config);
 +
 +    String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
 +        "--u", username, "--p", password, "--g" };
 +    cli.run( args1 );
 +
 +    assertThat(outContent.toString(), containsString("LDAP authentication successful"));
 +    assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
 +    assertThat(outContent.toString(), containsString("Warn: "));
 +    assertFalse(outContent.toString().contains("analyst"));
 +
 +
 +    outContent.reset();
 +    username = "bad-name";
 +    password = "bad-password";
 +    cli = new KnoxCLI();
 +    cli.setConf( config );
 +
 +    String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
 +        "--u", username, "--p", password, "--g" };
 +    Enumeration<Appender> before = NoOpAppender.setUp();
 +    try {
 +      cli.run( args2 );
 +    } finally {
 +      NoOpAppender.tearDown( before );
 +    }
 +
 +    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
 +    assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS"));
 +
 +    outContent.reset();
 +    username = "sam";
 +    password = "sam-password";
 +    cli = new KnoxCLI();
 +    cli.setConf( config );
 +
 +    String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
 +        "--u", username, "--p", password, "--g" };
 +    cli.run( args3 );
 +
 +    assertThat(outContent.toString(), containsString("LDAP authentication successful"));
 +    assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
 +    assertThat(outContent.toString(), containsString("Warn:"));
 +    assertFalse(outContent.toString().contains("analyst"));
 +    assertFalse(outContent.toString().contains("scientist"));
 +
 +    LOG_EXIT();
 +  }
 +
 +}

http://git-wip-us.apache.org/repos/asf/knox/blob/912c5360/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
index 2d50799,0000000..1783a7f
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliLdapFuncTestPositive.java
@@@ -1,343 -1,0 +1,327 @@@
 +/**
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.knox.gateway;
 +
 +import com.mycila.xmltool.XMLDoc;
 +import com.mycila.xmltool.XMLTag;
 +import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
 +import org.apache.knox.gateway.services.DefaultGatewayServices;
 +import org.apache.knox.gateway.services.ServiceLifecycleException;
 +import org.apache.knox.gateway.util.KnoxCLI;
 +import org.apache.hadoop.test.TestUtils;
 +import org.apache.hadoop.test.log.NoOpAppender;
 +import org.apache.log4j.Appender;
 +import org.hamcrest.Matchers;
 +import org.junit.BeforeClass;
 +import org.junit.AfterClass;
 +import org.junit.Test;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import java.io.PrintStream;
 +import java.io.InputStream;
 +import java.io.File;
 +import java.io.FileOutputStream;
 +import java.io.IOException;
 +import java.io.ByteArrayOutputStream;
 +import java.net.URL;
- import java.nio.file.FileSystems;
- import java.nio.file.Path;
 +import java.util.Enumeration;
 +import java.util.HashMap;
 +import java.util.Map;
 +import java.util.UUID;
 +
 +import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
 +import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
 +import static org.hamcrest.CoreMatchers.containsString;
 +import static org.hamcrest.CoreMatchers.not;
 +import static org.junit.Assert.assertThat;
 +
 +public class KnoxCliLdapFuncTestPositive {
 +
 +  private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
 +  private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
 +
 +  public static Enumeration<Appender> appenders;
 +  public static GatewayTestConfig config;
 +  public static GatewayServer gateway;
 +  public static String gatewayUrl;
 +  public static String clusterUrl;
-   public static SimpleLdapDirectoryServer ldap;
-   public static TcpTransport ldapTransport;
++  private static GatewayTestDriver driver = new GatewayTestDriver();
 +
 +  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
 +  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
 +  private static final String uuid = UUID.randomUUID().toString();
 +
 +  @BeforeClass
 +  public static void setupSuite() throws Exception {
 +    LOG_ENTER();
 +    System.setOut(new PrintStream(outContent));
 +    System.setErr(new PrintStream(errContent));
-     setupLdap();
++    driver.setupLdap(0);
 +    setupGateway();
 +    LOG_EXIT();
 +  }
 +
 +  @AfterClass
 +  public static void cleanupSuite() throws Exception {
 +    LOG_ENTER();
-     ldap.stop( true );
++    driver.cleanup();
 +
 +    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
 +    //NoOpAppender.tearDown( appenders );
 +    LOG_EXIT();
 +  }
 +
-   public static void setupLdap( ) throws Exception {
-     String basedir = System.getProperty("basedir");
-     if (basedir == null) {
-       basedir = new File(".").getCanonicalPath();
-     }
-     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users.ldif");
- 
-     ldapTransport = new TcpTransport( 0 );
-     ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", path.toFile(), ldapTransport );
-     ldap.start();
-     LOG.info( "LDAP port = " + ldapTransport.getAcceptor().getLocalAddress().getPort() );
-   }
- 
 +  public static void setupGateway() throws Exception {
 +
 +    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
 +    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
 +    gatewayDir.mkdirs();
 +
 +    GatewayTestConfig testConfig = new GatewayTestConfig();
 +    config = testConfig;
 +    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
 +
 +    File topoDir = new File( testConfig.getGatewayTopologyDir() );
 +    topoDir.mkdirs();
 +
 +    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
 +    deployDir.mkdirs();
 +
 +    createTopology(topoDir, "test-cluster.xml", true);
 +    createTopology(topoDir, "bad-cluster.xml", false);
 +
 +    DefaultGatewayServices srvcs = new DefaultGatewayServices();
 +    Map<String,String> options = new HashMap<>();
 +    options.put( "persist-master", "false" );
 +    options.put( "master", "password" );
 +    try {
 +      srvcs.init( testConfig, options );
 +    } catch ( ServiceLifecycleException e ) {
 +      e.printStackTrace(); // I18N not required.
 +    }
 +  }
 +
 +  private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
 +    File descriptor = new File(topoDir, name);
 +
 +    if(descriptor.exists()){
 +      descriptor.delete();
 +      descriptor = new File(topoDir, name);
 +    }
 +
 +    FileOutputStream stream = new FileOutputStream( descriptor, false );
 +    if(goodTopology){
 +      createTopology().toStream( stream );
 +    } else {
 +      createBadTopology().toStream( stream );
 +    }
 +    stream.close();
 +
 +  }
 +
 +  public static InputStream getResourceStream( String resource ) throws IOException {
 +    return getResourceUrl( resource ).openStream();
 +  }
 +
 +  public static URL getResourceUrl( String resource ) {
 +    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
 +    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
 +    return url;
 +  }
 +
 +  public static String getResourceName( String resource ) {
 +    return getResourceBaseName() + resource;
 +  }
 +
 +  public static String getResourceBaseName() {
 +    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
 +  }
 +
 +  private static XMLTag createBadTopology(){
 +    XMLTag xml = XMLDoc.newDocument(true)
 +        .addRoot("topology")
 +        .addTag( "gateway" )
 +        .addTag("provider")
 +        .addTag("role").addText("authentication")
 +        .addTag("name").addText("ShiroProvider")
 +        .addTag("enabled").addText("true")
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm")
-         .addTag("value").addText("KnoxLdapRealm").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm.userDnTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-         .addTag("value").addText("ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()).gotoParent()
++        .addTag("value").addText(driver.getLdapUrl()).gotoParent()
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
 +        .addTag("value").addText("simple").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
 +        .addTag("value").addText("true").gotoParent()
 +        .addTag("param")
 +        .addTag( "name").addText( "urls./**")
 +        .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent()
 +        .addTag( "provider" )
 +        .addTag( "role" ).addText( "identity-assertion" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "name" ).addText( "Default" ).gotoParent()
 +        .gotoRoot()
 +        .addTag( "service")
 +        .addTag("role").addText( "KNOX" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  private static XMLTag createTopology() {
 +
 +    XMLTag xml = XMLDoc.newDocument(true)
 +        .addRoot("topology")
 +        .addTag("gateway")
 +        .addTag("provider")
 +        .addTag("role").addText("authentication")
 +        .addTag("name").addText("ShiroProvider")
 +        .addTag("enabled").addText("true")
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm")
-         .addTag("value").addText("KnoxLdapRealm").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
 +        .addTag("param" )
 +        .addTag("name").addText("main.ldapGroupContextFactory")
-         .addTag("value").addText("KnoxLdapContextFactory").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.searchBase")
 +        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.groupObjectClass")
 +        .addTag("value").addText("groupOfNames").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param" )
 +        .addTag("name").addText("main.ldapRealm.memberAttribute")
 +        .addTag("value").addText("member").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
 +        .addTag("value").addText("true").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
 +        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
 +        .addTag( "value" ).addText("guest-password").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.userDnTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-         .addTag("value").addText("ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()).gotoParent()
++        .addTag("value").addText(driver.getLdapUrl()).gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
 +        .addTag("value").addText("simple").gotoParent()
 +        .addTag("param")
 +        .addTag("name" ).addText("urls./**")
 +        .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
 +        .addTag("provider" )
 +        .addTag("role").addText( "identity-assertion" )
 +        .addTag( "enabled").addText( "true" )
 +        .addTag("name").addText( "Default" ).gotoParent()
 +        .gotoRoot()
 +        .addTag( "service" )
 +        .addTag( "role" ).addText( "test-service-role" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testLDAPAuth() throws Exception {
 +    LOG_ENTER();
 +
 +//    Test 1: Make sure authenication is successful and return groups
 +    outContent.reset();
 +    String username = "sam";
 +    String password = "sam-password";
 +    String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password,
 +        "--g"};
 +    KnoxCLI cli = new KnoxCLI();
 +    cli.setConf(config);
 +    cli.run(args);
 +    assertThat(outContent.toString(), containsString("success"));
 +    assertThat(outContent.toString(), containsString("analyst"));
 +    assertThat(outContent.toString(), containsString("scientist"));
 +
 +//    Test 2: Give an invalid name and password combinatinon.
 +    outContent.reset();
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    username = "bad-name";
 +    password = "bad-password";
 +    String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password};
 +    Enumeration<Appender> before = NoOpAppender.setUp();
 +    try {
 +      cli.run( args2 );
 +    } finally {
 +      NoOpAppender.tearDown( before );
 +    }
 +    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
 +
 +//    Test 3: Authenticate a user who belongs to no groups, but specify groups with --g
 +    outContent.reset();
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    username = "guest";
 +    password = "guest-password";
 +    String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
 +        "--u", username, "--p", password, "--g" };
 +    cli.run(args3);
 +    assertThat(outContent.toString(), containsString("LDAP authentication success"));
 +    assertThat(outContent.toString(), containsString("does not belong to any groups"));
 +
 +    //    Test 4: Pass a non-existent topology
 +    outContent.reset();
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    username = "guest";
 +    password = "guest-password";
 +    String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne",
 +        "--u", username, "--p", password };
 +    cli.run(args4);
 +    assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist"));
 +
 +
 +    //    Test 5: Authenticate a user who belongs to no groups, but specify groups with --g
 +    outContent.reset();
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    username = "guest";
 +    password = "guest-password";
 +    String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
 +        "--u", username, "--p", password };
 +    cli.run( args5 );
 +    assertThat(outContent.toString(), containsString("LDAP authentication success"));
 +    assertThat(outContent.toString(), not(containsString("does not belong to any groups")));
 +
 +    LOG_EXIT();
 +  }
 +
 +
 +}

http://git-wip-us.apache.org/repos/asf/knox/blob/912c5360/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliSysBindTest.java
----------------------------------------------------------------------
diff --cc gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliSysBindTest.java
index 073b1ed,0000000..c04d87c
mode 100644,000000..100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliSysBindTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/KnoxCliSysBindTest.java
@@@ -1,332 -1,0 +1,316 @@@
 +/**
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.knox.gateway;
 +
 +import com.mycila.xmltool.XMLDoc;
 +import com.mycila.xmltool.XMLTag;
 +import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 +import org.apache.knox.gateway.security.ldap.SimpleLdapDirectoryServer;
 +import org.apache.knox.gateway.services.DefaultGatewayServices;
 +import org.apache.knox.gateway.services.ServiceLifecycleException;
 +import org.apache.knox.gateway.util.KnoxCLI;
 +import org.apache.hadoop.test.TestUtils;
 +import org.apache.hadoop.test.log.NoOpAppender;
 +import org.apache.log4j.Appender;
 +import org.hamcrest.Matchers;
 +import org.junit.AfterClass;
 +import org.junit.BeforeClass;
 +import org.junit.Test;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import java.io.ByteArrayOutputStream;
 +import java.io.PrintStream;
 +import java.io.File;
 +import java.io.FileOutputStream;
 +import java.io.IOException;
 +import java.io.InputStream;
 +import java.net.URL;
- import java.nio.file.FileSystems;
- import java.nio.file.Path;
 +import java.util.Enumeration;
 +import java.util.HashMap;
 +import java.util.Map;
 +import java.util.UUID;
 +
 +import static org.apache.hadoop.test.TestUtils.LOG_ENTER;
 +import static org.apache.hadoop.test.TestUtils.LOG_EXIT;
 +import static org.hamcrest.CoreMatchers.containsString;
 +import static org.junit.Assert.assertThat;
 +
 +public class KnoxCliSysBindTest {
 +
 +  private static Class RESOURCE_BASE_CLASS = KnoxCliSysBindTest.class;
 +  private static Logger LOG = LoggerFactory.getLogger( KnoxCliSysBindTest.class );
 +
 +  public static Enumeration<Appender> appenders;
 +  public static GatewayTestConfig config;
 +  public static GatewayServer gateway;
 +  public static String gatewayUrl;
 +  public static String clusterUrl;
-   public static SimpleLdapDirectoryServer ldap;
-   public static TcpTransport ldapTransport;
++  private static GatewayTestDriver driver = new GatewayTestDriver();
 +
 +  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
 +  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
 +  private static final String uuid = UUID.randomUUID().toString();
 +
 +  @BeforeClass
 +  public static void setupSuite() throws Exception {
 +    LOG_ENTER();
 +    System.setOut(new PrintStream(outContent));
 +    System.setErr(new PrintStream(errContent));
-     setupLdap();
++    driver.setupLdap(0);
 +    setupGateway();
 +    LOG_EXIT();
 +  }
 +
 +  @AfterClass
 +  public static void cleanupSuite() throws Exception {
 +    LOG_ENTER();
-     ldap.stop( true );
++    driver.cleanup();
 +
 +    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
 +    //NoOpAppender.tearDown( appenders );
 +    LOG_EXIT();
 +  }
 +
-   public static void setupLdap( ) throws Exception {
-     String basedir = System.getProperty("basedir");
-     if (basedir == null) {
-       basedir = new File(".").getCanonicalPath();
-     }
-     Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/users.ldif");
- 
-     ldapTransport = new TcpTransport( 0 );
-     ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", path.toFile(), ldapTransport );
-     ldap.start();
-     LOG.info( "LDAP port = " + ldapTransport.getAcceptor().getLocalAddress().getPort() );
-   }
- 
 +  public static void setupGateway() throws Exception {
 +
 +    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
 +    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
 +    gatewayDir.mkdirs();
 +
 +    GatewayTestConfig testConfig = new GatewayTestConfig();
 +    config = testConfig;
 +    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
 +
 +    File topoDir = new File( testConfig.getGatewayTopologyDir() );
 +    topoDir.mkdirs();
 +
 +    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
 +    deployDir.mkdirs();
 +
 +    writeTopology(topoDir, "test-cluster-1.xml", "guest", "guest-password", true);
 +    writeTopology(topoDir, "test-cluster-2.xml", "sam", "sam-password", true);
 +    writeTopology(topoDir, "test-cluster-3.xml", "admin2", "admin-password", true);
 +    writeTopology(topoDir, "test-cluster-4.xml", "", "", false);
 +
 +
 +    DefaultGatewayServices srvcs = new DefaultGatewayServices();
 +    Map<String,String> options = new HashMap<>();
 +    options.put( "persist-master", "false" );
 +    options.put( "master", "password" );
 +    try {
 +      srvcs.init( testConfig, options );
 +    } catch ( ServiceLifecycleException e ) {
 +      e.printStackTrace(); // I18N not required.
 +    }
 +  }
 +
 +  private static void writeTopology(File topoDir, String name, String user, String pass, boolean goodTopology) throws Exception {
 +    File descriptor = new File(topoDir, name);
 +
 +    if(descriptor.exists()){
 +      descriptor.delete();
 +      descriptor = new File(topoDir, name);
 +    }
 +
 +    FileOutputStream stream = new FileOutputStream( descriptor, false );
 +
 +    if(goodTopology) {
 +      createTopology(user, pass).toStream( stream );
 +    } else {
 +      createBadTopology().toStream( stream );
 +    }
 +
 +    stream.close();
 +
 +  }
 +
 +  public static InputStream getResourceStream( String resource ) throws IOException {
 +    return getResourceUrl( resource ).openStream();
 +  }
 +
 +  public static URL getResourceUrl( String resource ) {
 +    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
 +    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
 +    return url;
 +  }
 +
 +  public static String getResourceName( String resource ) {
 +    return getResourceBaseName() + resource;
 +  }
 +
 +  public static String getResourceBaseName() {
 +    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
 +  }
 +
 +  private static XMLTag createBadTopology(){
 +    XMLTag xml = XMLDoc.newDocument(true)
 +        .addRoot("topology")
 +        .addTag( "gateway" )
 +        .addTag("provider")
 +        .addTag("role").addText("authentication")
 +        .addTag("name").addText("ShiroProvider")
 +        .addTag("enabled").addText("true")
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm")
-         .addTag("value").addText("KnoxLdapRealm").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm.userDnTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-         .addTag("value").addText("ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()).gotoParent()
++        .addTag("value").addText(driver.getLdapUrl()).gotoParent()
 +        .addTag( "param" )
 +        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
 +        .addTag("value").addText("simple").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
 +        .addTag("value").addText("true").gotoParent()
 +        .addTag("param")
 +        .addTag( "name").addText( "urls./**")
 +        .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent()
 +        .addTag( "provider" )
 +        .addTag( "role" ).addText( "identity-assertion" )
 +        .addTag( "enabled" ).addText( "true" )
 +        .addTag( "name" ).addText( "Default" ).gotoParent()
 +        .gotoRoot()
 +        .addTag( "service")
 +        .addTag("role").addText( "KNOX" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  private static XMLTag createTopology(String username, String password) {
 +
 +    XMLTag xml = XMLDoc.newDocument(true)
 +        .addRoot("topology")
 +        .addTag("gateway")
 +        .addTag("provider")
 +        .addTag("role").addText("authentication")
 +        .addTag("name").addText("ShiroProvider")
 +        .addTag("enabled").addText("true")
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm")
-         .addTag("value").addText("KnoxLdapRealm").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapRealm").gotoParent()
 +        .addTag("param" )
 +        .addTag("name").addText("main.ldapGroupContextFactory")
-         .addTag("value").addText("KnoxLdapContextFactory").gotoParent()
++        .addTag("value").addText("org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.searchBase")
 +        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.groupObjectClass")
 +        .addTag("value").addText("groupOfNames").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param" )
 +        .addTag("name").addText("main.ldapRealm.memberAttribute")
 +        .addTag("value").addText("member").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
 +        .addTag("value").addText("true").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
 +        .addTag("value").addText("uid=" + username + ",ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
 +        .addTag( "value").addText(password).gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.userDnTemplate")
 +        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-         .addTag("value").addText("ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()).gotoParent()
++        .addTag("value").addText(driver.getLdapUrl()).gotoParent()
 +        .addTag("param")
 +        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
 +        .addTag("value").addText("simple").gotoParent()
 +        .addTag("param")
 +        .addTag("name" ).addText("urls./**")
 +        .addTag("value").addText("authcBasic").gotoParent().gotoParent()
 +        .addTag("provider" )
 +        .addTag("role").addText( "identity-assertion" )
 +        .addTag( "enabled").addText( "true" )
 +        .addTag("name").addText( "Default" ).gotoParent()
 +        .gotoRoot()
 +        .addTag( "service" )
 +        .addTag( "role" ).addText( "test-service-role" )
 +        .gotoRoot();
 +    // System.out.println( "GATEWAY=" + xml.toString() );
 +    return xml;
 +  }
 +
 +  @Test( timeout = TestUtils.MEDIUM_TIMEOUT )
 +  public void testLDAPAuth() throws Exception {
 +    LOG_ENTER();
 +
 +//    Test 1: Make sure authentication is successful
 +    outContent.reset();
 +    String args[] = { "system-user-auth-test", "--master", "knox", "--cluster", "test-cluster-1", "--d" };
 +    KnoxCLI cli = new KnoxCLI();
 +    cli.setConf(config);
 +    cli.run(args);
 +    assertThat(outContent.toString(), containsString("System LDAP Bind successful"));
 +
 +    //    Test 2: Make sure authentication fails
 +    outContent.reset();
 +    String args2[] = { "system-user-auth-test", "--master", "knox", "--cluster", "test-cluster-2", "--d" };
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    cli.run(args2);
 +    assertThat(outContent.toString(), containsString("System LDAP Bind successful"));
 +
 +
 +    //    Test 3: Make sure authentication is successful
 +    outContent.reset();
 +    String args3[] = { "system-user-auth-test", "--master", "knox", "--cluster", "test-cluster-3", "--d" };
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    Enumeration<Appender> before = NoOpAppender.setUp();
 +    try {
 +      cli.run( args3 );
 +    } finally {
 +      NoOpAppender.tearDown( before );
 +    }
 +    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
 +    assertThat(outContent.toString(), containsString("Unable to successfully bind to LDAP server with topology credentials"));
 +
 +    //    Test 4: Assert that we get a username/password not present error is printed
 +    outContent.reset();
 +    String args4[] = { "system-user-auth-test", "--master", "knox", "--cluster", "test-cluster-4" };
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    cli.run(args4);
 +    assertThat(outContent.toString(), containsString("Warn: main.ldapRealm.contextFactory.systemUsername is not present"));
 +    assertThat(outContent.toString(), containsString("Warn: main.ldapRealm.contextFactory.systemPassword is not present"));
 +
 +
 +    //    Test 5: Assert that we get a username/password not present error is printed
 +    outContent.reset();
 +    String args5[] = { "system-user-auth-test", "--master", "knox", "--cluster", "not-a-cluster" };
 +    cli = new KnoxCLI();
 +    cli.setConf(config);
 +    cli.run(args5);
 +    assertThat(outContent.toString(), containsString("Topology not-a-cluster does not exist"));
 +
 +    LOG_EXIT();
 +  }
 +
 +
 +}


Mime
View raw message