knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject [3/5] knox git commit: KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK version issues. Renabled remainder of func tests.
Date Mon, 09 Nov 2015 21:10:51 GMT
http://git-wip-us.apache.org/repos/asf/knox/blob/56cedc0a/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java
index bd0b548..29f60b5 100755
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/Knox242FuncTest.java
@@ -68,265 +68,265 @@ import com.mycila.xmltool.XMLTag;
  */
 public class Knox242FuncTest {
 
-//  private static final long SHORT_TIMEOUT = 1000L;
-//  private static final long MEDIUM_TIMEOUT = 10 * SHORT_TIMEOUT;
-//
-//  private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class;
-//  private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class );
-//
-//  public static Enumeration<Appender> appenders;
-//  public static GatewayConfig config;
-//  public static GatewayServer gateway;
-//  public static String gatewayUrl;
-//  public static String clusterUrl;
-//  public static SimpleLdapDirectoryServer ldap;
-//  public static TcpTransport ldapTransport;
-//
-//  @BeforeClass
-//  public static void setupSuite() throws Exception {
-//    LOG_ENTER();
-//    //appenders = NoOpAppender.setUp();
-//    int port = setupLdap();
-//    setupGateway(port);
-//    LOG_EXIT();
-//  }
-//
-//  @AfterClass
-//  public static void cleanupSuite() throws Exception {
-//    LOG_ENTER();
-//    gateway.stop();
-//    ldap.stop( true );
-//    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
-//    //NoOpAppender.tearDown( appenders );
-//    LOG_EXIT();
-//  }
-//
-//  public static int setupLdap() throws Exception {
-//    URL usersUrl = getResourceUrl( "users.ldif" );
-//    int port = findFreePort();
-//    ldapTransport = new TcpTransport( port );
-//    ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport );
-//    ldap.start();
-//    LOG.info( "LDAP port = " + ldapTransport.getPort() );
-//    return port;
-//  }
-//
-//  public static void setupGateway(int ldapPort) throws IOException, Exception {
-//
-//    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
-//    File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
-//    gatewayDir.mkdirs();
-//
-//    GatewayTestConfig testConfig = new GatewayTestConfig();
-//    config = testConfig;
-//    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
-//
-//    File topoDir = new File( testConfig.getGatewayTopologyDir() );
-//    topoDir.mkdirs();
-//
-//    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
-//    deployDir.mkdirs();
-//
-//    File descriptor = new File( topoDir, "testdg-cluster.xml" );
-//    FileOutputStream stream = new FileOutputStream( descriptor );
-//    createTopology(ldapPort).toStream( stream );
-//    stream.close();
-//
-//    DefaultGatewayServices srvcs = new DefaultGatewayServices();
-//    Map<String,String> options = new HashMap<String,String>();
-//    options.put( "persist-master", "false" );
-//    options.put( "master", "password" );
-//    try {
-//      srvcs.init( testConfig, options );
-//    } catch ( ServiceLifecycleException e ) {
-//      e.printStackTrace(); // I18N not required.
-//    }
-//
-//    gateway = GatewayServer.startGateway( testConfig, srvcs );
-//    MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
-//
-//    LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
-//
-//    gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
-//    clusterUrl = gatewayUrl + "/testdg-cluster";
-//
-//    GatewayServices services = GatewayServer.getGatewayServices();
-//    AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE);
-//    aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password");
-//
-//    char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword");
-//    //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1)));
-//
-//    descriptor = new File( topoDir, "testdg-cluster.xml" );
-//    stream = new FileOutputStream( descriptor );
-//    createTopology(ldapPort).toStream( stream );
-//    stream.close();
-//
-//    try {
-//      Thread.sleep(5000);
-//    } catch (Exception e) {
-//
-//    }
-//  }
-//
-//  private static XMLTag createTopology(int ldapPort) {
-//    XMLTag xml = XMLDoc.newDocument( true )
-//        .addRoot( "topology" )
-//        .addTag( "gateway" )
-//
-//        .addTag( "provider" )
-//        .addTag( "role" ).addText( "authentication" )
-//        .addTag( "name" ).addText( "ShiroProvider" )
-//        .addTag( "enabled" ).addText( "true" )
-//        .addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm" )
-//        .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapGroupContextFactory" )
-//        .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory" )
-//        .addTag( "value" ).addText( "$ldapGroupContextFactory" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
-//        .addTag( "value" ).addText( "simple" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
-//        .addTag( "value" ).addText( "ldap://localhost:"  + ldapPort)
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
-//        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
-//
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.searchBase" )
-//        .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
-//
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" )
-//        .addTag( "value" ).addText( "uid" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" )
-//        .addTag( "value" ).addText( "person" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" )
-//        .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" )
-//        .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" )
-//
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" )
-//        .addTag( "value" ).addText( "true" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" )
-//        .addTag( "value" ).addText( "simple" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" )
-//        .addTag( "value" ).addText( "groupofurls" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" )
-//        .addTag( "value" ).addText( "memberurl" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" )
-//        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" )
-//        .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" )
-//        .addTag( "value" ).addText( "testdg-cluster" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" )
-//        .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" )
-//        // .addTag( "value" ).addText( "guest-password" )
-//        .gotoParent().addTag( "param" )
-//        .addTag( "name" ).addText( "urls./**" )
-//        .addTag( "value" ).addText( "authcBasic" )
-//
-//        .gotoParent().gotoParent().addTag( "provider" )
-//        .addTag( "role" ).addText( "authorization" )
-//        .addTag( "name" ).addText( "AclsAuthz" )
-//        .addTag( "enabled" ).addText( "true" )
-//        .addTag( "param" )
-//        .addTag( "name" ).addText( "test-service-role.acl" )
-//        .addTag( "value" ).addText( "*;directors;*" )
-//
-//        .gotoParent().gotoParent().addTag( "provider" )
-//        .addTag( "role" ).addText( "identity-assertion" )
-//        .addTag( "enabled" ).addText( "true" )
-//        .addTag( "name" ).addText( "Default" ).gotoParent()
-//
-//        .gotoRoot()
-//        .addTag( "service" )
-//        .addTag( "role" ).addText( "test-service-role" )
-//        .gotoRoot();
-//         // System.out.println( "GATEWAY=" + xml.toString() );
-//    return xml;
-//  }
-//
-//  private static int findFreePort() throws IOException {
-//    ServerSocket socket = new ServerSocket(0);
-//    int port = socket.getLocalPort();
-//    socket.close();
-//    return port;
-//  }
-//
-//  public static InputStream getResourceStream( String resource ) throws IOException {
-//    return getResourceUrl( resource ).openStream();
-//  }
-//
-//  public static URL getResourceUrl( String resource ) {
-//    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
-//    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
-//    return url;
-//  }
-//
-//  public static String getResourceName( String resource ) {
-//    return getResourceBaseName() + resource;
-//  }
-//
-//  public static String getResourceBaseName() {
-//    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
-//  }
-//
-//  @Ignore
-//  // @Test
-//  public void waitForManualTesting() throws IOException {
-//    System.in.read();
-//  }
-//
-//  @Test( timeout = MEDIUM_TIMEOUT )
-//  public void testGroupMember() throws ClassNotFoundException, Exception {
-//    LOG_ENTER();
-//    String username = "joe";
-//    String password = "joe-password";
-//    String serviceUrl =  clusterUrl + "/test-service-path/test-service-resource";
-//    given()
-//        //.log().all()
-//        .auth().preemptive().basic( username, password )
-//        .expect()
-//        //.log().all()
-//        .statusCode( HttpStatus.SC_OK )
-//        .contentType( "text/plain" )
-//        .body( is( "test-service-response" ) )
-//        .when().get( serviceUrl );
-//    LOG_EXIT();
-//  }
-//
-//  @Test( timeout = MEDIUM_TIMEOUT )
-//  public void testNonGroupMember() throws ClassNotFoundException {
-//    LOG_ENTER();
-//    String username = "guest";
-//    String password = "guest-password";
-//    String serviceUrl =  clusterUrl + "/test-service-path/test-service-resource";
-//    given()
-//        //.log().all()
-//        .auth().preemptive().basic( username, password )
-//        .expect()
-//        //.log().all()
-//        .statusCode( HttpStatus.SC_FORBIDDEN )
-//        .when().get( serviceUrl );
-//    LOG_EXIT();
-//  }
+  private static final long SHORT_TIMEOUT = 1000L;
+  private static final long MEDIUM_TIMEOUT = 10 * SHORT_TIMEOUT;
+
+  private static Class RESOURCE_BASE_CLASS = Knox242FuncTest.class;
+  private static Logger LOG = LoggerFactory.getLogger( Knox242FuncTest.class );
+
+  public static Enumeration<Appender> appenders;
+  public static GatewayConfig config;
+  public static GatewayServer gateway;
+  public static String gatewayUrl;
+  public static String clusterUrl;
+  public static SimpleLdapDirectoryServer ldap;
+  public static TcpTransport ldapTransport;
+
+  @BeforeClass
+  public static void setupSuite() throws Exception {
+    LOG_ENTER();
+    //appenders = NoOpAppender.setUp();
+    int port = setupLdap();
+    setupGateway(port);
+    LOG_EXIT();
+  }
+
+  @AfterClass
+  public static void cleanupSuite() throws Exception {
+    LOG_ENTER();
+    gateway.stop();
+    ldap.stop( true );
+    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+    //NoOpAppender.tearDown( appenders );
+    LOG_EXIT();
+  }
+
+  public static int setupLdap() throws Exception {
+    URL usersUrl = getResourceUrl( "users.ldif" );
+    int port = findFreePort();
+    ldapTransport = new TcpTransport( port );
+    ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport );
+    ldap.start();
+    LOG.info( "LDAP port = " + ldapTransport.getPort() );
+    return port;
+  }
+
+  public static void setupGateway(int ldapPort) throws IOException, Exception {
+
+    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+    File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+    gatewayDir.mkdirs();
+
+    GatewayTestConfig testConfig = new GatewayTestConfig();
+    config = testConfig;
+    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+    File topoDir = new File( testConfig.getGatewayTopologyDir() );
+    topoDir.mkdirs();
+
+    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+    deployDir.mkdirs();
+
+    File descriptor = new File( topoDir, "testdg-cluster.xml" );
+    FileOutputStream stream = new FileOutputStream( descriptor );
+    createTopology(ldapPort).toStream( stream );
+    stream.close();
+
+    DefaultGatewayServices srvcs = new DefaultGatewayServices();
+    Map<String,String> options = new HashMap<String,String>();
+    options.put( "persist-master", "false" );
+    options.put( "master", "password" );
+    try {
+      srvcs.init( testConfig, options );
+    } catch ( ServiceLifecycleException e ) {
+      e.printStackTrace(); // I18N not required.
+    }
+
+    gateway = GatewayServer.startGateway( testConfig, srvcs );
+    MatcherAssert.assertThat( "Failed to start gateway.", gateway, notNullValue() );
+
+    LOG.info( "Gateway port = " + gateway.getAddresses()[ 0 ].getPort() );
+
+    gatewayUrl = "http://localhost:" + gateway.getAddresses()[0].getPort() + "/" + config.getGatewayPath();
+    clusterUrl = gatewayUrl + "/testdg-cluster";
+
+    GatewayServices services = GatewayServer.getGatewayServices();
+    AliasService aliasService = (AliasService)services.getService(GatewayServices.ALIAS_SERVICE);
+    aliasService.addAliasForCluster("testdg-cluster", "ldcSystemPassword", "guest-password");
+
+    char[] password1 = aliasService.getPasswordFromAliasForCluster( "testdg-cluster", "ldcSystemPassword");
+    //System.err.println("SETUP password 10: " + ((password1 == null) ? "NULL" : new String(password1)));
+
+    descriptor = new File( topoDir, "testdg-cluster.xml" );
+    stream = new FileOutputStream( descriptor );
+    createTopology(ldapPort).toStream( stream );
+    stream.close();
+
+    try {
+      Thread.sleep(5000);
+    } catch (Exception e) {
+
+    }
+  }
+
+  private static XMLTag createTopology(int ldapPort) {
+    XMLTag xml = XMLDoc.newDocument( true )
+        .addRoot( "topology" )
+        .addTag( "gateway" )
+
+        .addTag( "provider" )
+        .addTag( "role" ).addText( "authentication" )
+        .addTag( "name" ).addText( "ShiroProvider" )
+        .addTag( "enabled" ).addText( "true" )
+        .addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm" )
+        .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapGroupContextFactory" )
+        .addTag( "value" ).addText( "org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory" )
+        .addTag( "value" ).addText( "$ldapGroupContextFactory" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.authenticationMechanism" )
+        .addTag( "value" ).addText( "simple" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.url" )
+        .addTag( "value" ).addText( "ldap://localhost:"  + ldapPort)
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.userDnTemplate" )
+        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
+
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.searchBase" )
+        .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
+
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.userSearchAttributeName" )
+        .addTag( "value" ).addText( "uid" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.userObjectClass" )
+        .addTag( "value" ).addText( "person" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.userSearchBase" )
+        .addTag( "value" ).addText( "dc=hadoop,dc=apache,dc=org" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.groupSearchBase" )
+        .addTag( "value" ).addText( "ou=groups,dc=hadoop,dc=apache,dc=org" )
+
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.authorizationEnabled" )
+        .addTag( "value" ).addText( "true" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemAuthenticationMechanism" )
+        .addTag( "value" ).addText( "simple" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.groupObjectClass" )
+        .addTag( "value" ).addText( "groupofurls" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.memberAttribute" )
+        .addTag( "value" ).addText( "memberurl" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.memberAttributeValueTemplate" )
+        .addTag( "value" ).addText( "uid={0},ou=people,dc=hadoop,dc=apache,dc=org" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemUsername" )
+        .addTag( "value" ).addText( "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.clusterName" )
+        .addTag( "value" ).addText( "testdg-cluster" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "main.ldapRealm.contextFactory.systemPassword" )
+        .addTag( "value" ).addText( "S{ALIAS=ldcSystemPassword}" )
+        // .addTag( "value" ).addText( "guest-password" )
+        .gotoParent().addTag( "param" )
+        .addTag( "name" ).addText( "urls./**" )
+        .addTag( "value" ).addText( "authcBasic" )
+
+        .gotoParent().gotoParent().addTag( "provider" )
+        .addTag( "role" ).addText( "authorization" )
+        .addTag( "name" ).addText( "AclsAuthz" )
+        .addTag( "enabled" ).addText( "true" )
+        .addTag( "param" )
+        .addTag( "name" ).addText( "test-service-role.acl" )
+        .addTag( "value" ).addText( "*;directors;*" )
+
+        .gotoParent().gotoParent().addTag( "provider" )
+        .addTag( "role" ).addText( "identity-assertion" )
+        .addTag( "enabled" ).addText( "true" )
+        .addTag( "name" ).addText( "Default" ).gotoParent()
+
+        .gotoRoot()
+        .addTag( "service" )
+        .addTag( "role" ).addText( "test-service-role" )
+        .gotoRoot();
+         // System.out.println( "GATEWAY=" + xml.toString() );
+    return xml;
+  }
+
+  private static int findFreePort() throws IOException {
+    ServerSocket socket = new ServerSocket(0);
+    int port = socket.getLocalPort();
+    socket.close();
+    return port;
+  }
+
+  public static InputStream getResourceStream( String resource ) throws IOException {
+    return getResourceUrl( resource ).openStream();
+  }
+
+  public static URL getResourceUrl( String resource ) {
+    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
+    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
+    return url;
+  }
+
+  public static String getResourceName( String resource ) {
+    return getResourceBaseName() + resource;
+  }
+
+  public static String getResourceBaseName() {
+    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
+  }
+
+  @Ignore
+  // @Test
+  public void waitForManualTesting() throws IOException {
+    System.in.read();
+  }
+
+  @Test( timeout = MEDIUM_TIMEOUT )
+  public void testGroupMember() throws ClassNotFoundException, Exception {
+    LOG_ENTER();
+    String username = "joe";
+    String password = "joe-password";
+    String serviceUrl =  clusterUrl + "/test-service-path/test-service-resource";
+    given()
+        //.log().all()
+        .auth().preemptive().basic( username, password )
+        .expect()
+        //.log().all()
+        .statusCode( HttpStatus.SC_OK )
+        .contentType( "text/plain" )
+        .body( is( "test-service-response" ) )
+        .when().get( serviceUrl );
+    LOG_EXIT();
+  }
+
+  @Test( timeout = MEDIUM_TIMEOUT )
+  public void testNonGroupMember() throws ClassNotFoundException {
+    LOG_ENTER();
+    String username = "guest";
+    String password = "guest-password";
+    String serviceUrl =  clusterUrl + "/test-service-path/test-service-resource";
+    given()
+        //.log().all()
+        .auth().preemptive().basic( username, password )
+        .expect()
+        //.log().all()
+        .statusCode( HttpStatus.SC_FORBIDDEN )
+        .when().get( serviceUrl );
+    LOG_EXIT();
+  }
   
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/56cedc0a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java
index 10ab41d..a79e613 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestNegative.java
@@ -53,284 +53,284 @@ import static org.junit.Assert.assertThat;
 
 public class KnoxCliLdapFuncTestNegative {
 
-//  private static final long SHORT_TIMEOUT = 1000L;
-//
-//  private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
-//  private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
-//
-//  public static Enumeration<Appender> appenders;
-//  public static GatewayTestConfig config;
-//  public static GatewayServer gateway;
-//  public static String gatewayUrl;
-//  public static String clusterUrl;
-//  public static SimpleLdapDirectoryServer ldap;
-//  public static TcpTransport ldapTransport;
-//
-//  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-//  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
-//  private static final String uuid = UUID.randomUUID().toString();
-//
-//  @BeforeClass
-//  public static void setupSuite() throws Exception {
-//    LOG_ENTER();
-//    System.setOut(new PrintStream(outContent));
-//    System.setErr(new PrintStream(errContent));
-//    setupLdap();
-//    setupGateway();
-//    LOG_EXIT();
-//  }
-//
-//  @AfterClass
-//  public static void cleanupSuite() throws Exception {
-//    LOG_ENTER();
-//    ldap.stop( true );
-//
-//    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
-//    //NoOpAppender.tearDown( appenders );
-//    LOG_EXIT();
-//  }
-//
-//  public static void setupLdap( ) throws Exception {
-//    URL usersUrl = getResourceUrl( "users.ldif" );
-//    int port = findFreePort();
-//    ldapTransport = new TcpTransport( port );
-//    ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport );
-//    ldap.start();
-//    LOG.info( "LDAP port = " + ldapTransport.getPort() );
-//  }
-//
-//  public static void setupGateway() throws Exception {
-//
-//    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
-//    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
-//    gatewayDir.mkdirs();
-//
-//    GatewayTestConfig testConfig = new GatewayTestConfig();
-//    config = testConfig;
-//    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
-//
-//    File topoDir = new File( testConfig.getGatewayTopologyDir() );
-//    topoDir.mkdirs();
-//
-//    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
-//    deployDir.mkdirs();
-//
-//    createTopology(topoDir, "test-cluster.xml", true);
-//    createTopology(topoDir, "bad-cluster.xml", false);
-//
-//    DefaultGatewayServices srvcs = new DefaultGatewayServices();
-//    Map<String,String> options = new HashMap<String,String>();
-//    options.put( "persist-master", "false" );
-//    options.put( "master", "password" );
-//    try {
-//      srvcs.init( testConfig, options );
-//    } catch ( ServiceLifecycleException e ) {
-//      e.printStackTrace(); // I18N not required.
-//    }
-//  }
-//
-//  private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
-//    File descriptor = new File(topoDir, name);
-//
-//    if(descriptor.exists()){
-//      descriptor.delete();
-//      descriptor = new File(topoDir, name);
-//    }
-//
-//    FileOutputStream stream = new FileOutputStream( descriptor, false );
-//    if(goodTopology){
-//      createTopology().toStream( stream );
-//    } else {
-//      createBadTopology().toStream( stream );
-//    }
-//    stream.close();
-//
-//  }
-//
-//  private static int findFreePort() throws IOException {
-//    ServerSocket socket = new ServerSocket(0);
-//    int port = socket.getLocalPort();
-//    socket.close();
-//    return port;
-//  }
-//
-//  public static InputStream getResourceStream( String resource ) throws IOException {
-//    return getResourceUrl( resource ).openStream();
-//  }
-//
-//  public static URL getResourceUrl( String resource ) {
-//    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
-//    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
-//    return url;
-//  }
-//
-//  public static String getResourceName( String resource ) {
-//    return getResourceBaseName() + resource;
-//  }
-//
-//  public static String getResourceBaseName() {
-//    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
-//  }
-//
-//  private static XMLTag createBadTopology(){
-//    XMLTag xml = XMLDoc.newDocument(true)
-//        .addRoot("topology")
-//        .addTag("gateway")
-//        .addTag( "provider" )
-//        .addTag("role").addText("authentication")
-//        .addTag( "name" ).addText( "ShiroProvider" )
-//        .addTag( "enabled" ).addText( "true" )
-//        .addTag("param")
-//        .addTag( "name" ).addText("main.ldapRealm")
-//        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
-//        .addTag("param")
-//        .addTag( "name" ).addText("main.ldapRealm.userDnTemplate")
-//        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag( "name" ).addText("main.ldapRealm.contextFactory.url")
-//        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
-//        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
-//        .addTag( "value" ).addText("guest-password").gotoParent()
-//        .addTag("param")
-//        .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism")
-//        .addTag("value").addText("simple").gotoParent()
-//        .addTag("param")
-//        .addTag( "name" ).addText("urls./**")
-//        .addTag("value").addText("authcBasic").gotoParent().gotoParent()
-//        .addTag("provider")
-//        .addTag( "role" ).addText("identity-assertion")
-//        .addTag("enabled").addText("true")
-//        .addTag("name").addText("Default").gotoParent()
-//        .addTag("provider")
-//        .gotoRoot()
-//        .addTag( "service" )
-//        .addTag( "role" ).addText( "KNOX" )
-//        .gotoRoot();
-//    // System.out.println( "GATEWAY=" + xml.toString() );
-//    return xml;
-//  }
-//
-//  private static XMLTag createTopology() {
-//
-//    XMLTag xml = XMLDoc.newDocument(true)
-//        .addRoot("topology")
-//        .addTag("gateway" )
-//        .addTag("provider")
-//        .addTag("role").addText("authentication")
-//        .addTag("name").addText("ShiroProvider")
-//        .addTag("enabled").addText("true")
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm")
-//        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
-//        .addTag("param" )
-//        .addTag("name").addText("main.ldapGroupContextFactory")
-//        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.searchBase")
-//        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.groupObjectClass")
-//        .addTag("value").addText("groupOfNames").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
-//        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param" )
-//        .addTag("name").addText("main.ldapRealm.memberAttribute")
-//        .addTag("value").addText("member").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
-//        .addTag("value").addText("true").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
-//        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
-//        .addTag( "value" ).addText("guest-password").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.userDnTemplate")
-//        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-//        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
-//        .addTag("value").addText("simple").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.cachingEnabled")
-//        .addTag("value").addText("false").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("com.sun.jndi.ldap.connect.pool")
-//        .addTag("value").addText("false").gotoParent()
-//        .addTag("param")
-//        .addTag("name" ).addText("urls./**")
-//        .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
-//        .addTag("provider" )
-//        .addTag("role").addText( "identity-assertion" )
-//        .addTag( "enabled").addText( "true" )
-//        .addTag("name").addText( "Default" ).gotoParent()
-//        .gotoRoot()
-//        .addTag( "service" )
-//        .addTag( "role" ).addText( "test-service-role" )
-//        .gotoRoot();
-//    // System.out.println( "GATEWAY=" + xml.toString() );
-//    return xml;
-//  }
-//
-//  @Test( timeout = SHORT_TIMEOUT )
-//  public void testBadTopology() throws Exception {
-//    LOG_ENTER();
-//
-//    //    Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology
-//    outContent.reset();
-//    String username = "tom";
-//    String password = "tom-password";
-//    KnoxCLI cli = new KnoxCLI();
-//    cli.setConf(config);
-//
-//    String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
-//        "--u", username, "--p", password, "--g" };
-//    cli.run( args1 );
-//
-//    assertThat(outContent.toString(), containsString("LDAP authentication successful"));
-//    assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
-//    assertThat(outContent.toString(), containsString("Warn: "));
-//    assertFalse(outContent.toString().contains("analyst"));
-//
-//
-//    outContent.reset();
-//    username = "bad-name";
-//    password = "bad-password";
-//    cli = new KnoxCLI();
-//    cli.setConf( config );
-//
-//    String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
-//        "--u", username, "--p", password, "--g" };
-//    cli.run( args2 );
-//
-//    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
-//    assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS"));
-//
-//    outContent.reset();
-//    username = "sam";
-//    password = "sam-password";
-//    cli = new KnoxCLI();
-//    cli.setConf( config );
-//
-//    String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
-//        "--u", username, "--p", password, "--g" };
-//    cli.run( args3 );
-//
-//    assertThat(outContent.toString(), containsString("LDAP authentication successful"));
-//    assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
-//    assertThat(outContent.toString(), containsString("Warn:"));
-//    assertFalse(outContent.toString().contains("analyst"));
-//    assertFalse(outContent.toString().contains("scientist"));
-//
-//    LOG_EXIT();
-//  }
+  private static final long SHORT_TIMEOUT = 1000L;
+
+  private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
+  private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
+
+  public static Enumeration<Appender> appenders;
+  public static GatewayTestConfig config;
+  public static GatewayServer gateway;
+  public static String gatewayUrl;
+  public static String clusterUrl;
+  public static SimpleLdapDirectoryServer ldap;
+  public static TcpTransport ldapTransport;
+
+  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
+  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
+  private static final String uuid = UUID.randomUUID().toString();
+
+  @BeforeClass
+  public static void setupSuite() throws Exception {
+    LOG_ENTER();
+    System.setOut(new PrintStream(outContent));
+    System.setErr(new PrintStream(errContent));
+    setupLdap();
+    setupGateway();
+    LOG_EXIT();
+  }
+
+  @AfterClass
+  public static void cleanupSuite() throws Exception {
+    LOG_ENTER();
+    ldap.stop( true );
+
+    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+    //NoOpAppender.tearDown( appenders );
+    LOG_EXIT();
+  }
+
+  public static void setupLdap( ) throws Exception {
+    URL usersUrl = getResourceUrl( "users.ldif" );
+    int port = findFreePort();
+    ldapTransport = new TcpTransport( port );
+    ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport );
+    ldap.start();
+    LOG.info( "LDAP port = " + ldapTransport.getPort() );
+  }
+
+  public static void setupGateway() throws Exception {
+
+    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
+    gatewayDir.mkdirs();
+
+    GatewayTestConfig testConfig = new GatewayTestConfig();
+    config = testConfig;
+    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+    File topoDir = new File( testConfig.getGatewayTopologyDir() );
+    topoDir.mkdirs();
+
+    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+    deployDir.mkdirs();
+
+    createTopology(topoDir, "test-cluster.xml", true);
+    createTopology(topoDir, "bad-cluster.xml", false);
+
+    DefaultGatewayServices srvcs = new DefaultGatewayServices();
+    Map<String,String> options = new HashMap<String,String>();
+    options.put( "persist-master", "false" );
+    options.put( "master", "password" );
+    try {
+      srvcs.init( testConfig, options );
+    } catch ( ServiceLifecycleException e ) {
+      e.printStackTrace(); // I18N not required.
+    }
+  }
+
+  private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
+    File descriptor = new File(topoDir, name);
+
+    if(descriptor.exists()){
+      descriptor.delete();
+      descriptor = new File(topoDir, name);
+    }
+
+    FileOutputStream stream = new FileOutputStream( descriptor, false );
+    if(goodTopology){
+      createTopology().toStream( stream );
+    } else {
+      createBadTopology().toStream( stream );
+    }
+    stream.close();
+
+  }
+
+  private static int findFreePort() throws IOException {
+    ServerSocket socket = new ServerSocket(0);
+    int port = socket.getLocalPort();
+    socket.close();
+    return port;
+  }
+
+  public static InputStream getResourceStream( String resource ) throws IOException {
+    return getResourceUrl( resource ).openStream();
+  }
+
+  public static URL getResourceUrl( String resource ) {
+    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
+    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
+    return url;
+  }
+
+  public static String getResourceName( String resource ) {
+    return getResourceBaseName() + resource;
+  }
+
+  public static String getResourceBaseName() {
+    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
+  }
+
+  private static XMLTag createBadTopology(){
+    XMLTag xml = XMLDoc.newDocument(true)
+        .addRoot("topology")
+        .addTag("gateway")
+        .addTag( "provider" )
+        .addTag("role").addText("authentication")
+        .addTag( "name" ).addText( "ShiroProvider" )
+        .addTag( "enabled" ).addText( "true" )
+        .addTag("param")
+        .addTag( "name" ).addText("main.ldapRealm")
+        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+        .addTag("param")
+        .addTag( "name" ).addText("main.ldapRealm.userDnTemplate")
+        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag( "name" ).addText("main.ldapRealm.contextFactory.url")
+        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
+        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
+        .addTag( "value" ).addText("guest-password").gotoParent()
+        .addTag("param")
+        .addTag( "name" ).addText("main.ldapRealm.contextFactory.authenticationMechanism")
+        .addTag("value").addText("simple").gotoParent()
+        .addTag("param")
+        .addTag( "name" ).addText("urls./**")
+        .addTag("value").addText("authcBasic").gotoParent().gotoParent()
+        .addTag("provider")
+        .addTag( "role" ).addText("identity-assertion")
+        .addTag("enabled").addText("true")
+        .addTag("name").addText("Default").gotoParent()
+        .addTag("provider")
+        .gotoRoot()
+        .addTag( "service" )
+        .addTag( "role" ).addText( "KNOX" )
+        .gotoRoot();
+    // System.out.println( "GATEWAY=" + xml.toString() );
+    return xml;
+  }
+
+  private static XMLTag createTopology() {
+
+    XMLTag xml = XMLDoc.newDocument(true)
+        .addRoot("topology")
+        .addTag("gateway" )
+        .addTag("provider")
+        .addTag("role").addText("authentication")
+        .addTag("name").addText("ShiroProvider")
+        .addTag("enabled").addText("true")
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm")
+        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+        .addTag("param" )
+        .addTag("name").addText("main.ldapGroupContextFactory")
+        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.searchBase")
+        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.groupObjectClass")
+        .addTag("value").addText("groupOfNames").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
+        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param" )
+        .addTag("name").addText("main.ldapRealm.memberAttribute")
+        .addTag("value").addText("member").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
+        .addTag("value").addText("true").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
+        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
+        .addTag( "value" ).addText("guest-password").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.userDnTemplate")
+        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.url")
+        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
+        .addTag("value").addText("simple").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.cachingEnabled")
+        .addTag("value").addText("false").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("com.sun.jndi.ldap.connect.pool")
+        .addTag("value").addText("false").gotoParent()
+        .addTag("param")
+        .addTag("name" ).addText("urls./**")
+        .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
+        .addTag("provider" )
+        .addTag("role").addText( "identity-assertion" )
+        .addTag( "enabled").addText( "true" )
+        .addTag("name").addText( "Default" ).gotoParent()
+        .gotoRoot()
+        .addTag( "service" )
+        .addTag( "role" ).addText( "test-service-role" )
+        .gotoRoot();
+    // System.out.println( "GATEWAY=" + xml.toString() );
+    return xml;
+  }
+
+  @Test( timeout = SHORT_TIMEOUT )
+  public void testBadTopology() throws Exception {
+    LOG_ENTER();
+
+    //    Test 4: Authenticate a user with a bad topology configured with nothing required for group lookup in the topology
+    outContent.reset();
+    String username = "tom";
+    String password = "tom-password";
+    KnoxCLI cli = new KnoxCLI();
+    cli.setConf(config);
+
+    String args1[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
+        "--u", username, "--p", password, "--g" };
+    cli.run( args1 );
+
+    assertThat(outContent.toString(), containsString("LDAP authentication successful"));
+    assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
+    assertThat(outContent.toString(), containsString("Warn: "));
+    assertFalse(outContent.toString().contains("analyst"));
+
+
+    outContent.reset();
+    username = "bad-name";
+    password = "bad-password";
+    cli = new KnoxCLI();
+    cli.setConf( config );
+
+    String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
+        "--u", username, "--p", password, "--g" };
+    cli.run( args2 );
+
+    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
+    assertThat(outContent.toString(), containsString("INVALID_CREDENTIALS"));
+
+    outContent.reset();
+    username = "sam";
+    password = "sam-password";
+    cli = new KnoxCLI();
+    cli.setConf( config );
+
+    String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "bad-cluster",
+        "--u", username, "--p", password, "--g" };
+    cli.run( args3 );
+
+    assertThat(outContent.toString(), containsString("LDAP authentication successful"));
+    assertThat(outContent.toString(), containsString("Your topology file may be incorrectly configured for group lookup"));
+    assertThat(outContent.toString(), containsString("Warn:"));
+    assertFalse(outContent.toString().contains("analyst"));
+    assertFalse(outContent.toString().contains("scientist"));
+
+    LOG_EXIT();
+  }
 
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/56cedc0a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java
index 54da5f5..fb08531 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/KnoxCliLdapFuncTestPositive.java
@@ -53,288 +53,288 @@ import static org.junit.Assert.assertThat;
 
 public class KnoxCliLdapFuncTestPositive {
 
-//  private static final long SHORT_TIMEOUT = 1000L;
-//
-//  private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
-//  private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
-//
-//  public static Enumeration<Appender> appenders;
-//  public static GatewayTestConfig config;
-//  public static GatewayServer gateway;
-//  public static String gatewayUrl;
-//  public static String clusterUrl;
-//  public static SimpleLdapDirectoryServer ldap;
-//  public static TcpTransport ldapTransport;
-//
-//  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
-//  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
-//  private static final String uuid = UUID.randomUUID().toString();
-//
-//  @BeforeClass
-//  public static void setupSuite() throws Exception {
-//    LOG_ENTER();
-//    System.setOut(new PrintStream(outContent));
-//    System.setErr(new PrintStream(errContent));
-//    setupLdap();
-//    setupGateway();
-//    LOG_EXIT();
-//  }
-//
-//  @AfterClass
-//  public static void cleanupSuite() throws Exception {
-//    LOG_ENTER();
-//    ldap.stop( true );
-//
-//    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
-//    //NoOpAppender.tearDown( appenders );
-//    LOG_EXIT();
-//  }
-//
-//  public static void setupLdap( ) throws Exception {
-//    URL usersUrl = getResourceUrl( "users.ldif" );
-//    int port = findFreePort();
-//    ldapTransport = new TcpTransport( port );
-//    ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport );
-//    ldap.start();
-//    LOG.info( "LDAP port = " + ldapTransport.getPort() );
-//  }
-//
-//  public static void setupGateway() throws Exception {
-//
-//    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
-//    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
-//    gatewayDir.mkdirs();
-//
-//    GatewayTestConfig testConfig = new GatewayTestConfig();
-//    config = testConfig;
-//    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
-//
-//    File topoDir = new File( testConfig.getGatewayTopologyDir() );
-//    topoDir.mkdirs();
-//
-//    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
-//    deployDir.mkdirs();
-//
-//    createTopology(topoDir, "test-cluster.xml", true);
-//    createTopology(topoDir, "bad-cluster.xml", false);
-//
-//    DefaultGatewayServices srvcs = new DefaultGatewayServices();
-//    Map<String,String> options = new HashMap<String,String>();
-//    options.put( "persist-master", "false" );
-//    options.put( "master", "password" );
-//    try {
-//      srvcs.init( testConfig, options );
-//    } catch ( ServiceLifecycleException e ) {
-//      e.printStackTrace(); // I18N not required.
-//    }
-//  }
-//
-//  private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
-//    File descriptor = new File(topoDir, name);
-//
-//    if(descriptor.exists()){
-//      descriptor.delete();
-//      descriptor = new File(topoDir, name);
-//    }
-//
-//    FileOutputStream stream = new FileOutputStream( descriptor, false );
-//    if(goodTopology){
-//      createTopology().toStream( stream );
-//    } else {
-//      createBadTopology().toStream( stream );
-//    }
-//    stream.close();
-//
-//  }
-//
-//  private static int findFreePort() throws IOException {
-//    ServerSocket socket = new ServerSocket(0);
-//    int port = socket.getLocalPort();
-//    socket.close();
-//    return port;
-//  }
-//
-//  public static InputStream getResourceStream( String resource ) throws IOException {
-//    return getResourceUrl( resource ).openStream();
-//  }
-//
-//  public static URL getResourceUrl( String resource ) {
-//    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
-//    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
-//    return url;
-//  }
-//
-//  public static String getResourceName( String resource ) {
-//    return getResourceBaseName() + resource;
-//  }
-//
-//  public static String getResourceBaseName() {
-//    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
-//  }
-//
-//  private static XMLTag createBadTopology(){
-//    XMLTag xml = XMLDoc.newDocument(true)
-//        .addRoot("topology")
-//        .addTag( "gateway" )
-//        .addTag("provider")
-//        .addTag("role").addText("authentication")
-//        .addTag("name").addText("ShiroProvider")
-//        .addTag("enabled").addText("true")
-//        .addTag( "param" )
-//        .addTag("name").addText("main.ldapRealm")
-//        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
-//        .addTag( "param" )
-//        .addTag("name").addText("main.ldapRealm.userDnTemplate")
-//        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag( "param" )
-//        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-//        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
-//        .addTag( "param" )
-//        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
-//        .addTag("value").addText("simple").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
-//        .addTag("value").addText("true").gotoParent()
-//        .addTag("param")
-//        .addTag( "name").addText( "urls./**")
-//        .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent()
-//        .addTag( "provider" )
-//        .addTag( "role" ).addText( "identity-assertion" )
-//        .addTag( "enabled" ).addText( "true" )
-//        .addTag( "name" ).addText( "Default" ).gotoParent()
-//        .gotoRoot()
-//        .addTag( "service")
-//        .addTag("role").addText( "KNOX" )
-//        .gotoRoot();
-//    // System.out.println( "GATEWAY=" + xml.toString() );
-//    return xml;
-//  }
-//
-//  private static XMLTag createTopology() {
-//
-//    XMLTag xml = XMLDoc.newDocument(true)
-//        .addRoot("topology")
-//        .addTag("gateway")
-//        .addTag("provider")
-//        .addTag("role").addText("authentication")
-//        .addTag("name").addText("ShiroProvider")
-//        .addTag("enabled").addText("true")
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm")
-//        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
-//        .addTag("param" )
-//        .addTag("name").addText("main.ldapGroupContextFactory")
-//        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.searchBase")
-//        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.groupObjectClass")
-//        .addTag("value").addText("groupOfNames").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
-//        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param" )
-//        .addTag("name").addText("main.ldapRealm.memberAttribute")
-//        .addTag("value").addText("member").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
-//        .addTag("value").addText("true").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
-//        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
-//        .addTag( "value" ).addText("guest-password").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.userDnTemplate")
-//        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.url")
-//        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
-//        .addTag("param")
-//        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
-//        .addTag("value").addText("simple").gotoParent()
-//        .addTag("param")
-//        .addTag("name" ).addText("urls./**")
-//        .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
-//        .addTag("provider" )
-//        .addTag("role").addText( "identity-assertion" )
-//        .addTag( "enabled").addText( "true" )
-//        .addTag("name").addText( "Default" ).gotoParent()
-//        .gotoRoot()
-//        .addTag( "service" )
-//        .addTag( "role" ).addText( "test-service-role" )
-//        .gotoRoot();
-//    // System.out.println( "GATEWAY=" + xml.toString() );
-//    return xml;
-//  }
-//
-//  @Test( timeout = SHORT_TIMEOUT )
-//  public void testLDAPAuth() throws Exception {
-//    LOG_ENTER();
-//
-////    Test 1: Make sure authenication is successful and return groups
-//    outContent.reset();
-//    String username = "sam";
-//    String password = "sam-password";
-//    String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password,
-//        "--g"};
-//    KnoxCLI cli = new KnoxCLI();
-//    cli.setConf(config);
-//    cli.run(args);
-//    assertThat(outContent.toString(), containsString("success"));
-//    assertThat(outContent.toString(), containsString("analyst"));
-//    assertThat(outContent.toString(), containsString("scientist"));
-//
-////    Test 2: Give an invalid name and password combinatinon.
-//    outContent.reset();
-//    cli = new KnoxCLI();
-//    cli.setConf(config);
-//    username = "bad-name";
-//    password = "bad-password";
-//    String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password};
-//    cli.run(args2);
-//    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
-//
-////    Test 3: Authenticate a user who belongs to no groups, but specify groups with --g
-//    outContent.reset();
-//    cli = new KnoxCLI();
-//    cli.setConf(config);
-//    username = "guest";
-//    password = "guest-password";
-//    String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
-//        "--u", username, "--p", password, "--g" };
-//    cli.run(args3);
-//    assertThat(outContent.toString(), containsString("LDAP authentication success"));
-//    assertThat(outContent.toString(), containsString("does not belong to any groups"));
-//
-//    //    Test 4: Pass a non-existent topology
-//    outContent.reset();
-//    cli = new KnoxCLI();
-//    cli.setConf(config);
-//    username = "guest";
-//    password = "guest-password";
-//    String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne",
-//        "--u", username, "--p", password };
-//    cli.run(args4);
-//    assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist"));
-//
-//
-//    //    Test 5: Authenticate a user who belongs to no groups, but specify groups with --g
-//    outContent.reset();
-//    cli = new KnoxCLI();
-//    cli.setConf(config);
-//    username = "guest";
-//    password = "guest-password";
-//    String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
-//        "--u", username, "--p", password };
-//    cli.run( args5 );
-//    assertThat(outContent.toString(), containsString("LDAP authentication success"));
-//    assertThat(outContent.toString(), not(containsString("does not belong to any groups")));
-//
-//    LOG_EXIT();
-//  }
+  private static final long SHORT_TIMEOUT = 1000L;
+
+  private static Class RESOURCE_BASE_CLASS = KnoxCliLdapFuncTestPositive.class;
+  private static Logger LOG = LoggerFactory.getLogger( KnoxCliLdapFuncTestPositive.class );
+
+  public static Enumeration<Appender> appenders;
+  public static GatewayTestConfig config;
+  public static GatewayServer gateway;
+  public static String gatewayUrl;
+  public static String clusterUrl;
+  public static SimpleLdapDirectoryServer ldap;
+  public static TcpTransport ldapTransport;
+
+  private static final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
+  private static final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
+  private static final String uuid = UUID.randomUUID().toString();
+
+  @BeforeClass
+  public static void setupSuite() throws Exception {
+    LOG_ENTER();
+    System.setOut(new PrintStream(outContent));
+    System.setErr(new PrintStream(errContent));
+    setupLdap();
+    setupGateway();
+    LOG_EXIT();
+  }
+
+  @AfterClass
+  public static void cleanupSuite() throws Exception {
+    LOG_ENTER();
+    ldap.stop( true );
+
+    //FileUtils.deleteQuietly( new File( config.getGatewayHomeDir() ) );
+    //NoOpAppender.tearDown( appenders );
+    LOG_EXIT();
+  }
+
+  public static void setupLdap( ) throws Exception {
+    URL usersUrl = getResourceUrl( "users.ldif" );
+    int port = findFreePort();
+    ldapTransport = new TcpTransport( port );
+    ldap = new SimpleLdapDirectoryServer( "dc=hadoop,dc=apache,dc=org", new File( usersUrl.toURI() ), ldapTransport );
+    ldap.start();
+    LOG.info( "LDAP port = " + ldapTransport.getPort() );
+  }
+
+  public static void setupGateway() throws Exception {
+
+    File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+    File gatewayDir = new File( targetDir, "gateway-home-" + uuid );
+    gatewayDir.mkdirs();
+
+    GatewayTestConfig testConfig = new GatewayTestConfig();
+    config = testConfig;
+    testConfig.setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+
+    File topoDir = new File( testConfig.getGatewayTopologyDir() );
+    topoDir.mkdirs();
+
+    File deployDir = new File( testConfig.getGatewayDeploymentDir() );
+    deployDir.mkdirs();
+
+    createTopology(topoDir, "test-cluster.xml", true);
+    createTopology(topoDir, "bad-cluster.xml", false);
+
+    DefaultGatewayServices srvcs = new DefaultGatewayServices();
+    Map<String,String> options = new HashMap<String,String>();
+    options.put( "persist-master", "false" );
+    options.put( "master", "password" );
+    try {
+      srvcs.init( testConfig, options );
+    } catch ( ServiceLifecycleException e ) {
+      e.printStackTrace(); // I18N not required.
+    }
+  }
+
+  private static void createTopology(File topoDir, String name, boolean goodTopology) throws Exception {
+    File descriptor = new File(topoDir, name);
+
+    if(descriptor.exists()){
+      descriptor.delete();
+      descriptor = new File(topoDir, name);
+    }
+
+    FileOutputStream stream = new FileOutputStream( descriptor, false );
+    if(goodTopology){
+      createTopology().toStream( stream );
+    } else {
+      createBadTopology().toStream( stream );
+    }
+    stream.close();
+
+  }
+
+  private static int findFreePort() throws IOException {
+    ServerSocket socket = new ServerSocket(0);
+    int port = socket.getLocalPort();
+    socket.close();
+    return port;
+  }
+
+  public static InputStream getResourceStream( String resource ) throws IOException {
+    return getResourceUrl( resource ).openStream();
+  }
+
+  public static URL getResourceUrl( String resource ) {
+    URL url = ClassLoader.getSystemResource( getResourceName( resource ) );
+    assertThat( "Failed to find test resource " + resource, url, Matchers.notNullValue() );
+    return url;
+  }
+
+  public static String getResourceName( String resource ) {
+    return getResourceBaseName() + resource;
+  }
+
+  public static String getResourceBaseName() {
+    return RESOURCE_BASE_CLASS.getName().replaceAll( "\\.", "/" ) + "/";
+  }
+
+  private static XMLTag createBadTopology(){
+    XMLTag xml = XMLDoc.newDocument(true)
+        .addRoot("topology")
+        .addTag( "gateway" )
+        .addTag("provider")
+        .addTag("role").addText("authentication")
+        .addTag("name").addText("ShiroProvider")
+        .addTag("enabled").addText("true")
+        .addTag( "param" )
+        .addTag("name").addText("main.ldapRealm")
+        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+        .addTag( "param" )
+        .addTag("name").addText("main.ldapRealm.userDnTemplate")
+        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag( "param" )
+        .addTag("name").addText("main.ldapRealm.contextFactory.url")
+        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
+        .addTag( "param" )
+        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
+        .addTag("value").addText("simple").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
+        .addTag("value").addText("true").gotoParent()
+        .addTag("param")
+        .addTag( "name").addText( "urls./**")
+        .addTag("value").addText( "authcBasic" ).gotoParent().gotoParent()
+        .addTag( "provider" )
+        .addTag( "role" ).addText( "identity-assertion" )
+        .addTag( "enabled" ).addText( "true" )
+        .addTag( "name" ).addText( "Default" ).gotoParent()
+        .gotoRoot()
+        .addTag( "service")
+        .addTag("role").addText( "KNOX" )
+        .gotoRoot();
+    // System.out.println( "GATEWAY=" + xml.toString() );
+    return xml;
+  }
+
+  private static XMLTag createTopology() {
+
+    XMLTag xml = XMLDoc.newDocument(true)
+        .addRoot("topology")
+        .addTag("gateway")
+        .addTag("provider")
+        .addTag("role").addText("authentication")
+        .addTag("name").addText("ShiroProvider")
+        .addTag("enabled").addText("true")
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm")
+        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm").gotoParent()
+        .addTag("param" )
+        .addTag("name").addText("main.ldapGroupContextFactory")
+        .addTag("value").addText("org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.searchBase")
+        .addTag("value").addText("ou=groups,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.groupObjectClass")
+        .addTag("value").addText("groupOfNames").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.memberAttributeValueTemplate")
+        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param" )
+        .addTag("name").addText("main.ldapRealm.memberAttribute")
+        .addTag("value").addText("member").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.authorizationEnabled")
+        .addTag("value").addText("true").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.systemUsername")
+        .addTag("value").addText("uid=guest,ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.systemPassword")
+        .addTag( "value" ).addText("guest-password").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.userDnTemplate")
+        .addTag("value").addText("uid={0},ou=people,dc=hadoop,dc=apache,dc=org").gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.url")
+        .addTag("value").addText("ldap://localhost:" + ldapTransport.getPort()).gotoParent()
+        .addTag("param")
+        .addTag("name").addText("main.ldapRealm.contextFactory.authenticationMechanism")
+        .addTag("value").addText("simple").gotoParent()
+        .addTag("param")
+        .addTag("name" ).addText("urls./**")
+        .addTag("value" ).addText("authcBasic").gotoParent().gotoParent()
+        .addTag("provider" )
+        .addTag("role").addText( "identity-assertion" )
+        .addTag( "enabled").addText( "true" )
+        .addTag("name").addText( "Default" ).gotoParent()
+        .gotoRoot()
+        .addTag( "service" )
+        .addTag( "role" ).addText( "test-service-role" )
+        .gotoRoot();
+    // System.out.println( "GATEWAY=" + xml.toString() );
+    return xml;
+  }
+
+  @Test( timeout = SHORT_TIMEOUT )
+  public void testLDAPAuth() throws Exception {
+    LOG_ENTER();
+
+//    Test 1: Make sure authenication is successful and return groups
+    outContent.reset();
+    String username = "sam";
+    String password = "sam-password";
+    String args[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password,
+        "--g"};
+    KnoxCLI cli = new KnoxCLI();
+    cli.setConf(config);
+    cli.run(args);
+    assertThat(outContent.toString(), containsString("success"));
+    assertThat(outContent.toString(), containsString("analyst"));
+    assertThat(outContent.toString(), containsString("scientist"));
+
+//    Test 2: Give an invalid name and password combinatinon.
+    outContent.reset();
+    cli = new KnoxCLI();
+    cli.setConf(config);
+    username = "bad-name";
+    password = "bad-password";
+    String args2[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster", "--u", username, "--p", password};
+    cli.run(args2);
+    assertThat(outContent.toString(), containsString("LDAP authentication failed"));
+
+//    Test 3: Authenticate a user who belongs to no groups, but specify groups with --g
+    outContent.reset();
+    cli = new KnoxCLI();
+    cli.setConf(config);
+    username = "guest";
+    password = "guest-password";
+    String args3[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
+        "--u", username, "--p", password, "--g" };
+    cli.run(args3);
+    assertThat(outContent.toString(), containsString("LDAP authentication success"));
+    assertThat(outContent.toString(), containsString("does not belong to any groups"));
+
+    //    Test 4: Pass a non-existent topology
+    outContent.reset();
+    cli = new KnoxCLI();
+    cli.setConf(config);
+    username = "guest";
+    password = "guest-password";
+    String args4[] = {"user-auth-test", "--master", "knox", "--cluster", "cluster-dne",
+        "--u", username, "--p", password };
+    cli.run(args4);
+    assertThat(outContent.toString(), containsString("Topology cluster-dne does not exist"));
+
+
+    //    Test 5: Authenticate a user who belongs to no groups, but specify groups with --g
+    outContent.reset();
+    cli = new KnoxCLI();
+    cli.setConf(config);
+    username = "guest";
+    password = "guest-password";
+    String args5[] = {"user-auth-test", "--master", "knox", "--cluster", "test-cluster",
+        "--u", username, "--p", password };
+    cli.run( args5 );
+    assertThat(outContent.toString(), containsString("LDAP authentication success"));
+    assertThat(outContent.toString(), not(containsString("does not belong to any groups")));
+
+    LOG_EXIT();
+  }
 
 
 }


Mime
View raw message