2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.wamblee.security.authorization;
19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
22 import org.wamblee.persistence.hibernate.HibernateMappingFiles;
23 import org.wamblee.test.SpringConfigFiles;
24 import org.wamblee.test.SpringTestCase;
25 import org.wamblee.usermgt.UserAccessor;
28 * Tests the authorization service.
30 * @author Erik Brakkee
32 public class AuthorizationServiceTest extends SpringTestCase {
34 private AuthorizationRule _rule1;
35 private AuthorizationRule _rule2;
36 private AuthorizationRule _rule3;
37 private AuthorizationService _service;
40 public AuthorizationServiceTest() {
41 super(SpringConfigFiles.class, HibernateMappingFiles.class);
44 public AuthorizationServiceTest(Class<? extends SpringConfigFiles>aSpringFiles,
45 Class<? extends HibernateMappingFiles> aMappings) {
46 super(aSpringFiles, aMappings);
49 protected AuthorizationService getService() {
54 * @see junit.framework.TestCase#setUp()
57 protected void setUp() throws Exception {
60 _rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
61 _rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
62 _rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
64 _service = createService();
65 _service.appendRule(_rule1);
66 _service.appendRule(_rule2);
67 _service.appendRule(_rule3);
70 protected void resetTestRules() {
71 ((TestAuthorizationRule)_rule1).reset();
72 ((TestAuthorizationRule)_rule2).reset();
73 ((TestAuthorizationRule)_rule3).reset();
76 protected UserAccessor createUserAccessor() {
77 return new TestUserAccessor();
81 * Creates an authorization service with some rules for testing. .
82 * @return Authorization service.
84 protected AuthorizationService createService() {
85 DefaultAuthorizationService service = new DefaultAuthorizationService() ;
86 service.setUserAccessor(createUserAccessor());
90 protected AuthorizationRule createRule(AuthorizationResult aResult, String aGroup, String aPath, Class<? extends Operation> aOperation) {
91 return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
94 protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
95 assertEquals( aCount, ((TestAuthorizationRule)aRule).getMatchCount());
98 protected Object createResource(String aPath) {
99 return new TestResource(aPath);
102 protected void checkRuleCount(int aCount) {
107 * Several checks to verify the outcome of matching against the first rule.
110 public void testFirstRuleGrants() {
111 assertTrue( _service.isAllowed(createResource("/oni/xyz.jpg"), new ReadOperation()));
112 checkMatchCount(1, _rule1);
113 assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new WriteOperation()));
114 checkMatchCount(2, _rule1);
115 assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new DeleteOperation()));
116 checkMatchCount(3, _rule1);
117 assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new CreateOperation()));
118 checkMatchCount(4, _rule1);
119 checkMatchCount(0, _rule2);
120 checkMatchCount(0, _rule3);
124 * Verify that a match with the second rule leads to a denial of authorization.
127 public void testSecondRuleDenies() {
128 assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new ReadOperation()));
129 checkMatchCount(0, _rule1);
130 checkMatchCount(1, _rule2);
131 checkMatchCount(0, _rule3);
135 * Verifies that the third rule is used when appropriate and that it grants access.
138 public void testThirdRuleGrants() {
139 assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
140 checkMatchCount(0, _rule1);
141 checkMatchCount(0, _rule2);
142 checkMatchCount(1, _rule3);
146 * Removes a rule and checks it is removed.
149 public void testRemoveRule() {
151 assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
152 _service.removeRule(2);
153 assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
158 * Inserts a rule and checks it is inserted.
161 public void testInsertRule() {
163 assertFalse(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
164 _service.appendRule(createRule(GRANTED, "users", "/janse/", WriteOperation.class));
165 assertTrue(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
171 * Gets the rules. Verifies that all rules are obtained.
174 public void testGetRules() {
175 AuthorizationRule[] rules = _service.getRules();
176 assertEquals(3, rules.length);
180 * Verifies that when no rules match, access is denied.
183 public void testNoRulesSupportResource() {
184 assertFalse(_service.isAllowed(createResource("/xyxyxyxy"), new ReadOperation()));
185 checkMatchCount(0, _rule1);
186 checkMatchCount(0, _rule2);
187 checkMatchCount(0, _rule3);