+++ /dev/null
-/*
- * Copyright 2005-2010 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.wamblee.security.authorization;
-
-import static org.wamblee.security.authorization.AuthorizationResult.*;
-import junit.framework.TestCase;
-
-import org.wamblee.security.authentication.UserAccessor;
-import org.wamblee.security.authentication.UserAdministration;
-
-/**
- * Tests the authorization service.
- *
- * @author Erik Brakkee
- */
-public class AuthorizationServiceTest extends TestCase {
- private AbstractAuthorizationRule rule1;
-
- private AbstractAuthorizationRule rule2;
-
- private AbstractAuthorizationRule rule3;
-
- private AuthorizationService service;
-
- private TestUserAccessor userAccessor;
-
-
- protected AuthorizationService getService() {
- return service;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see junit.framework.TestCase#setUp()
- */
- @Override
- protected void setUp() throws Exception {
- super.setUp();
-
- userAccessor = new TestUserAccessor();
-
- rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
- rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
- rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
-
- service = createService();
- service.appendRule(rule1);
- service.appendRule(rule2);
- service.appendRule(rule3);
- checkRuleCount(3);
- }
-
- protected void resetTestRules() {
- ((TestAuthorizationRule) rule1).reset();
- ((TestAuthorizationRule) rule2).reset();
- ((TestAuthorizationRule) rule3).reset();
- }
-
- protected UserAccessor getUserAccessor() {
- return userAccessor;
- }
-
- protected UserAdministration getUserAdministration() {
- return userAccessor.getUserAdmin();
- }
-
- /**
- * Creates an authorization service with some rules for testing. .
- *
- * @return Authorization service.
- */
- protected AuthorizationService createService() {
- DefaultAuthorizationService svc = new DefaultAuthorizationService();
- svc.setUserAccessor(getUserAccessor());
- svc.setUserAdministration(getUserAdministration());
- return svc;
- }
-
- protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
- String aGroup, String aPath, Class<? extends Operation> aOperation) {
- return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
- }
-
- protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
- TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
- assertEquals(aCount, testRule.getMatchCount());
- testRule.reset();
- }
-
- protected Object createResource(String aPath) {
- return new TestResource(aPath);
- }
-
- protected void checkRuleCount(int aCount) {
- // Empty
- }
-
- /**
- * Several checks to verify the outcome of matching against the first rule.
- */
- public void testFirstRuleGrants() {
- assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
- new ReadOperation()));
- checkMatchCount(1, service.getRules()[0]);
- assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
- new WriteOperation()));
- checkMatchCount(1, service.getRules()[0]);
- assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
- new DeleteOperation()));
- checkMatchCount(1, service.getRules()[0]);
- assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
- new CreateOperation()));
- checkMatchCount(1, service.getRules()[0]);
- checkMatchCount(0, service.getRules()[1]);
- checkMatchCount(0, service.getRules()[2]);
- }
-
- /**
- * Verify that a match with the second rule leads to a denial of
- * authorization.
- */
- public void testSecondRuleDenies() {
- assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
- new ReadOperation()));
- checkMatchCount(0, service.getRules()[0]);
- checkMatchCount(1, service.getRules()[1]);
- checkMatchCount(0, service.getRules()[2]);
- }
-
- /**
- * Verifies that the third rule is used when appropriate and that it grants
- * access.
- */
- public void testThirdRuleGrants() {
- assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
- new WriteOperation()));
- checkMatchCount(0, service.getRules()[0]);
- checkMatchCount(0, service.getRules()[1]);
- checkMatchCount(1, service.getRules()[2]);
- }
-
- /**
- * Removes a rule and checks it is removed.
- */
- public void testRemoveRule() {
- checkRuleCount(3);
- assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
- new WriteOperation()));
- service.removeRule(2);
- assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
- new WriteOperation()));
- checkRuleCount(2);
- }
-
- /**
- * Inserts a rule and checks it is inserted.
- */
- public void testInsertRule() {
- checkRuleCount(3);
- assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
- new WriteOperation()));
- service.appendRule(createRule(GRANTED, "users", "/janse/",
- WriteOperation.class));
- assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
- new WriteOperation()));
- checkRuleCount(4);
- }
-
- /**
- * Gets the rules. Verifies that all rules are obtained.
- */
- public void testGetRules() {
- AuthorizationRule[] rules = service.getRules();
- assertEquals(3, rules.length);
- }
-
- /**
- * Verifies that when no rules match, access is denied.
- */
- public void testNoRulesSupportResource() {
- assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
- new ReadOperation()));
- checkMatchCount(0, service.getRules()[0]);
- checkMatchCount(0, service.getRules()[1]);
- checkMatchCount(0, service.getRules()[2]);
- }
-}