--- /dev/null
+/*
+ * Copyright 2005-2010 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wamblee.security.authorization;
+
+import junit.framework.TestCase;
+import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
+import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
+
+import org.wamblee.usermgt.UserAccessor;
+
+/**
+ * Tests the authorization service.
+ *
+ * @author Erik Brakkee
+ */
+public class AuthorizationServiceTest extends TestCase {
+ private AuthorizationRule rule1;
+
+ private AuthorizationRule rule2;
+
+ private AuthorizationRule rule3;
+
+ private AuthorizationService service;
+
+ protected AuthorizationService getService() {
+ return service;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see junit.framework.TestCase#setUp()
+ */
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
+ rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
+ rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
+
+ service = createService();
+ service.appendRule(rule1);
+ service.appendRule(rule2);
+ service.appendRule(rule3);
+ }
+
+ protected void resetTestRules() {
+ ((TestAuthorizationRule) rule1).reset();
+ ((TestAuthorizationRule) rule2).reset();
+ ((TestAuthorizationRule) rule3).reset();
+ }
+
+ protected UserAccessor createUserAccessor() {
+ return new TestUserAccessor();
+ }
+
+ /**
+ * Creates an authorization service with some rules for testing. .
+ *
+ * @return Authorization service.
+ */
+ protected AuthorizationService createService() {
+ DefaultAuthorizationService service = new DefaultAuthorizationService();
+ service.setUserAccessor(createUserAccessor());
+
+ return service;
+ }
+
+ protected AuthorizationRule createRule(AuthorizationResult aResult,
+ String aGroup, String aPath, Class<? extends Operation> aOperation) {
+ return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
+ }
+
+ protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
+ assertEquals(aCount, ((TestAuthorizationRule) aRule).getMatchCount());
+ }
+
+ protected Object createResource(String aPath) {
+ return new TestResource(aPath);
+ }
+
+ protected void checkRuleCount(int aCount) {
+ // Empty
+ }
+
+ /**
+ * Several checks to verify the outcome of matching against the first rule.
+ */
+ public void testFirstRuleGrants() {
+ assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
+ new ReadOperation()));
+ checkMatchCount(1, rule1);
+ assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
+ new WriteOperation()));
+ checkMatchCount(2, rule1);
+ assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
+ new DeleteOperation()));
+ checkMatchCount(3, rule1);
+ assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
+ new CreateOperation()));
+ checkMatchCount(4, rule1);
+ checkMatchCount(0, rule2);
+ checkMatchCount(0, rule3);
+ }
+
+ /**
+ * Verify that a match with the second rule leads to a denial of
+ * authorization.
+ */
+ public void testSecondRuleDenies() {
+ assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
+ new ReadOperation()));
+ checkMatchCount(0, rule1);
+ checkMatchCount(1, rule2);
+ checkMatchCount(0, rule3);
+ }
+
+ /**
+ * Verifies that the third rule is used when appropriate and that it grants
+ * access.
+ */
+ public void testThirdRuleGrants() {
+ assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
+ new WriteOperation()));
+ checkMatchCount(0, rule1);
+ checkMatchCount(0, rule2);
+ checkMatchCount(1, rule3);
+ }
+
+ /**
+ * Removes a rule and checks it is removed.
+ */
+ public void testRemoveRule() {
+ checkRuleCount(3);
+ assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
+ new WriteOperation()));
+ service.removeRule(2);
+ assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
+ new WriteOperation()));
+ checkRuleCount(2);
+ }
+
+ /**
+ * Inserts a rule and checks it is inserted.
+ */
+ public void testInsertRule() {
+ checkRuleCount(3);
+ assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
+ new WriteOperation()));
+ service.appendRule(createRule(GRANTED, "users", "/janse/",
+ WriteOperation.class));
+ assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
+ new WriteOperation()));
+ checkRuleCount(4);
+ }
+
+ /**
+ * Gets the rules. Verifies that all rules are obtained.
+ */
+ public void testGetRules() {
+ AuthorizationRule[] rules = service.getRules();
+ assertEquals(3, rules.length);
+ }
+
+ /**
+ * Verifies that when no rules match, access is denied.
+ */
+ public void testNoRulesSupportResource() {
+ assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
+ new ReadOperation()));
+ checkMatchCount(0, rule1);
+ checkMatchCount(0, rule2);
+ checkMatchCount(0, rule3);
+ }
+}
git://wamblee.org / utils / blobdiff