2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import junit.framework.TestCase;
19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
22 import org.junit.Ignore;
23 import org.wamblee.security.authentication.UserAccessor;
24 import org.wamblee.security.authentication.UserAdministration;
27 * Tests the authorization service.
29 * @author Erik Brakkee
31 public class AuthorizationServiceTest extends TestCase {
32 private AbstractAuthorizationRule rule1;
34 private AbstractAuthorizationRule rule2;
36 private AbstractAuthorizationRule rule3;
38 private AuthorizationService service;
40 private TestUserAccessor userAccessor;
43 protected AuthorizationService getService() {
50 * @see junit.framework.TestCase#setUp()
53 protected void setUp() throws Exception {
56 userAccessor = new TestUserAccessor();
58 rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
59 rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
60 rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
62 service = createService();
63 service.appendRule(rule1);
64 service.appendRule(rule2);
65 service.appendRule(rule3);
69 protected void resetTestRules() {
70 ((TestAuthorizationRule) rule1).reset();
71 ((TestAuthorizationRule) rule2).reset();
72 ((TestAuthorizationRule) rule3).reset();
75 protected UserAccessor getUserAccessor() {
79 protected UserAdministration getUserAdministration() {
80 return userAccessor.getUserAdmin();
84 * Creates an authorization service with some rules for testing. .
86 * @return Authorization service.
88 protected AuthorizationService createService() {
89 DefaultAuthorizationService service = new DefaultAuthorizationService();
90 service.setUserAccessor(getUserAccessor());
91 service.setUserAdministration(getUserAdministration());
95 protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
96 String aGroup, String aPath, Class<? extends Operation> aOperation) {
97 return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
100 protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
101 TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
102 assertEquals(aCount, testRule.getMatchCount());
106 protected Object createResource(String aPath) {
107 return new TestResource(aPath);
110 protected void checkRuleCount(int aCount) {
115 * Several checks to verify the outcome of matching against the first rule.
117 public void testFirstRuleGrants() {
118 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
119 new ReadOperation()));
120 checkMatchCount(1, service.getRules()[0]);
121 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
122 new WriteOperation()));
123 checkMatchCount(1, service.getRules()[0]);
124 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
125 new DeleteOperation()));
126 checkMatchCount(1, service.getRules()[0]);
127 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
128 new CreateOperation()));
129 checkMatchCount(1, service.getRules()[0]);
130 checkMatchCount(0, service.getRules()[1]);
131 checkMatchCount(0, service.getRules()[2]);
135 * Verify that a match with the second rule leads to a denial of
138 public void testSecondRuleDenies() {
139 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
140 new ReadOperation()));
141 checkMatchCount(0, service.getRules()[0]);
142 checkMatchCount(1, service.getRules()[1]);
143 checkMatchCount(0, service.getRules()[2]);
147 * Verifies that the third rule is used when appropriate and that it grants
150 public void testThirdRuleGrants() {
151 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
152 new WriteOperation()));
153 checkMatchCount(0, service.getRules()[0]);
154 checkMatchCount(0, service.getRules()[1]);
155 checkMatchCount(1, service.getRules()[2]);
159 * Removes a rule and checks it is removed.
161 public void testRemoveRule() {
163 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
164 new WriteOperation()));
165 service.removeRule(2);
166 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
167 new WriteOperation()));
172 * Inserts a rule and checks it is inserted.
174 public void testInsertRule() {
176 assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
177 new WriteOperation()));
178 service.appendRule(createRule(GRANTED, "users", "/janse/",
179 WriteOperation.class));
180 assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
181 new WriteOperation()));
186 * Gets the rules. Verifies that all rules are obtained.
188 public void testGetRules() {
189 AuthorizationRule[] rules = service.getRules();
190 assertEquals(3, rules.length);
194 * Verifies that when no rules match, access is denied.
196 public void testNoRulesSupportResource() {
197 assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
198 new ReadOperation()));
199 checkMatchCount(0, service.getRules()[0]);
200 checkMatchCount(0, service.getRules()[1]);
201 checkMatchCount(0, service.getRules()[2]);