"userPassword: password",
"ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
LDAPReader reader = new LDAPReader(s);
LDAPWriter writer = new LDAPWriter(s);
// Bind as the proxy user and use the "Who Am I?" operation, but without the
// proxied auth control.
AtomicInteger nextMessageID = new AtomicInteger(1);
LDAPAuthenticationHandler authHandler =
new LDAPAuthenticationHandler(reader, writer, "localhost",
nextMessageID);
authHandler.doSimpleBind(3,
ByteString.valueOf("uid=cantproxy.user,o=test"),
ByteString.valueOf("password"),
new ArrayList<Control>(),
new ArrayList<Control>());
ByteString authzID = authHandler.requestAuthorizationIdentity();
assertNotNull(authzID);
assertEquals(authzID.toString(), "dn:uid=cantproxy.user,o=test");
// Use the "Who Am I?" operation again, this time with the proxy control.
ExtendedRequestProtocolOp extendedRequest =
new ExtendedRequestProtocolOp(OID_WHO_AM_I_REQUEST);
ArrayList<Control> requestControls = new ArrayList<Control>(1);
requestControls.add(new ProxiedAuthV2Control(
ByteString.valueOf("dn:uid=test.user,o=test")));
LDAPMessage message = new LDAPMessage(nextMessageID.getAndIncrement(),
extendedRequest, requestControls);
writer.writeMessage(message);
message = reader.readMessage();
ExtendedResponseProtocolOp extendedResponse =
message.getExtendedResponseProtocolOp();
assertEquals(extendedResponse.getResultCode(),
LDAPResultCode.AUTHORIZATION_DENIED);
assertNull(extendedResponse.getValue());