2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import static org.wamblee.security.authorization.AuthorizationResult.*;
19 import junit.framework.TestCase;
21 import org.wamblee.security.authentication.UserAccessor;
22 import org.wamblee.security.authentication.UserAdministration;
25 * Tests the authorization service.
27 * @author Erik Brakkee
29 public class AuthorizationServiceTest extends TestCase {
30 private AbstractAuthorizationRule rule1;
32 private AbstractAuthorizationRule rule2;
34 private AbstractAuthorizationRule rule3;
36 private AuthorizationService service;
38 private TestUserAccessor userAccessor;
41 protected AuthorizationService getService() {
48 * @see junit.framework.TestCase#setUp()
51 protected void setUp() throws Exception {
54 userAccessor = new TestUserAccessor();
56 rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
57 rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
58 rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
60 service = createService();
61 service.appendRule(rule1);
62 service.appendRule(rule2);
63 service.appendRule(rule3);
67 protected void resetTestRules() {
68 ((TestAuthorizationRule) rule1).reset();
69 ((TestAuthorizationRule) rule2).reset();
70 ((TestAuthorizationRule) rule3).reset();
73 protected UserAccessor getUserAccessor() {
77 protected UserAdministration getUserAdministration() {
78 return userAccessor.getUserAdmin();
82 * Creates an authorization service with some rules for testing. .
84 * @return Authorization service.
86 protected AuthorizationService createService() {
87 DefaultAuthorizationService svc = new DefaultAuthorizationService();
88 svc.setUserAccessor(getUserAccessor());
89 svc.setUserAdministration(getUserAdministration());
93 protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
94 String aGroup, String aPath, Class<? extends Operation> aOperation) {
95 return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
98 protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
99 TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
100 assertEquals(aCount, testRule.getMatchCount());
104 protected Object createResource(String aPath) {
105 return new TestResource(aPath);
108 protected void checkRuleCount(int aCount) {
113 * Several checks to verify the outcome of matching against the first rule.
115 public void testFirstRuleGrants() {
116 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
117 new ReadOperation()));
118 checkMatchCount(1, service.getRules()[0]);
119 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
120 new WriteOperation()));
121 checkMatchCount(1, service.getRules()[0]);
122 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
123 new DeleteOperation()));
124 checkMatchCount(1, service.getRules()[0]);
125 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
126 new CreateOperation()));
127 checkMatchCount(1, service.getRules()[0]);
128 checkMatchCount(0, service.getRules()[1]);
129 checkMatchCount(0, service.getRules()[2]);
133 * Verify that a match with the second rule leads to a denial of
136 public void testSecondRuleDenies() {
137 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
138 new ReadOperation()));
139 checkMatchCount(0, service.getRules()[0]);
140 checkMatchCount(1, service.getRules()[1]);
141 checkMatchCount(0, service.getRules()[2]);
145 * Verifies that the third rule is used when appropriate and that it grants
148 public void testThirdRuleGrants() {
149 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
150 new WriteOperation()));
151 checkMatchCount(0, service.getRules()[0]);
152 checkMatchCount(0, service.getRules()[1]);
153 checkMatchCount(1, service.getRules()[2]);
157 * Removes a rule and checks it is removed.
159 public void testRemoveRule() {
161 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
162 new WriteOperation()));
163 service.removeRule(2);
164 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
165 new WriteOperation()));
170 * Inserts a rule and checks it is inserted.
172 public void testInsertRule() {
174 assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
175 new WriteOperation()));
176 service.appendRule(createRule(GRANTED, "users", "/janse/",
177 WriteOperation.class));
178 assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
179 new WriteOperation()));
184 * Gets the rules. Verifies that all rules are obtained.
186 public void testGetRules() {
187 AuthorizationRule[] rules = service.getRules();
188 assertEquals(3, rules.length);
192 * Verifies that when no rules match, access is denied.
194 public void testNoRulesSupportResource() {
195 assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
196 new ReadOperation()));
197 checkMatchCount(0, service.getRules()[0]);
198 checkMatchCount(0, service.getRules()[1]);
199 checkMatchCount(0, service.getRules()[2]);