2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import static org.wamblee.security.authorization.AuthorizationResult.*;
19 import junit.framework.TestCase;
21 import org.wamblee.security.authentication.UserAccessor;
22 import org.wamblee.security.authentication.UserAdministration;
25 * Tests the authorization service.
27 * @author Erik Brakkee
29 public class AuthorizationServiceTest extends TestCase {
30 private AbstractAuthorizationRule rule1;
32 private AbstractAuthorizationRule rule2;
34 private AbstractAuthorizationRule rule3;
36 private AuthorizationService service;
38 private TestUserAccessor userAccessor;
40 protected AuthorizationService getService() {
47 * @see junit.framework.TestCase#setUp()
50 protected void setUp() throws Exception {
53 userAccessor = new TestUserAccessor();
55 rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
56 rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
57 rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
59 service = createService();
60 service.appendRule(rule1);
61 service.appendRule(rule2);
62 service.appendRule(rule3);
66 protected void resetTestRules() {
67 ((TestAuthorizationRule) rule1).reset();
68 ((TestAuthorizationRule) rule2).reset();
69 ((TestAuthorizationRule) rule3).reset();
72 protected UserAccessor getUserAccessor() {
76 protected UserAdministration getUserAdministration() {
77 return userAccessor.getUserAdmin();
81 * Creates an authorization service with some rules for testing. .
83 * @return Authorization service.
85 protected AuthorizationService createService() {
86 DefaultAuthorizationService svc = new DefaultAuthorizationService();
87 svc.setUserAccessor(getUserAccessor());
88 svc.setUserAdministration(getUserAdministration());
92 protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
93 String aGroup, String aPath, Class<? extends Operation> aOperation) {
94 return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
97 protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
98 TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
99 assertEquals(aCount, testRule.getMatchCount());
103 protected Object createResource(String aPath) {
104 return new TestResource(aPath);
107 protected void checkRuleCount(int aCount) {
112 * Several checks to verify the outcome of matching against the first rule.
114 public void testFirstRuleGrants() {
115 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
116 new ReadOperation()));
117 checkMatchCount(1, service.getRules()[0]);
118 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
119 new WriteOperation()));
120 checkMatchCount(1, service.getRules()[0]);
121 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
122 new DeleteOperation()));
123 checkMatchCount(1, service.getRules()[0]);
124 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
125 new CreateOperation()));
126 checkMatchCount(1, service.getRules()[0]);
127 checkMatchCount(0, service.getRules()[1]);
128 checkMatchCount(0, service.getRules()[2]);
132 * Verify that a match with the second rule leads to a denial of
135 public void testSecondRuleDenies() {
136 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
137 new ReadOperation()));
138 checkMatchCount(0, service.getRules()[0]);
139 checkMatchCount(1, service.getRules()[1]);
140 checkMatchCount(0, service.getRules()[2]);
144 * Verifies that the third rule is used when appropriate and that it grants
147 public void testThirdRuleGrants() {
148 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
149 new WriteOperation()));
150 checkMatchCount(0, service.getRules()[0]);
151 checkMatchCount(0, service.getRules()[1]);
152 checkMatchCount(1, service.getRules()[2]);
156 * Removes a rule and checks it is removed.
158 public void testRemoveRule() {
160 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
161 new WriteOperation()));
162 service.removeRule(2);
163 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
164 new WriteOperation()));
169 * Inserts a rule and checks it is inserted.
171 public void testInsertRule() {
173 assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
174 new WriteOperation()));
175 service.appendRule(createRule(GRANTED, "users", "/janse/",
176 WriteOperation.class));
177 assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
178 new WriteOperation()));
183 * Gets the rules. Verifies that all rules are obtained.
185 public void testGetRules() {
186 AuthorizationRule[] rules = service.getRules();
187 assertEquals(3, rules.length);
191 * Verifies that when no rules match, access is denied.
193 public void testNoRulesSupportResource() {
194 assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
195 new ReadOperation()));
196 checkMatchCount(0, service.getRules()[0]);
197 checkMatchCount(0, service.getRules()[1]);
198 checkMatchCount(0, service.getRules()[2]);