2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import junit.framework.TestCase;
19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
22 import org.wamblee.usermgt.UserAccessor;
26 * Tests the authorization service.
28 * @author Erik Brakkee
30 public class AuthorizationServiceTest extends TestCase {
34 private AuthorizationRule rule1;
39 private AuthorizationRule rule2;
44 private AuthorizationRule rule3;
49 private AuthorizationService service;
54 * @return DOCUMENT ME!
56 protected AuthorizationService getService() {
61 * @see junit.framework.TestCase#setUp()
66 * @throws Exception DOCUMENT ME!
69 protected void setUp() throws Exception {
72 rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
73 rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
74 rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
76 service = createService();
77 service.appendRule(rule1);
78 service.appendRule(rule2);
79 service.appendRule(rule3);
85 protected void resetTestRules() {
86 ((TestAuthorizationRule) rule1).reset();
87 ((TestAuthorizationRule) rule2).reset();
88 ((TestAuthorizationRule) rule3).reset();
94 * @return DOCUMENT ME!
96 protected UserAccessor createUserAccessor() {
97 return new TestUserAccessor();
101 * Creates an authorization service with some rules for testing. .
103 * @return Authorization service.
105 protected AuthorizationService createService() {
106 DefaultAuthorizationService service = new DefaultAuthorizationService();
107 service.setUserAccessor(createUserAccessor());
115 * @param aResult DOCUMENT ME!
116 * @param aGroup DOCUMENT ME!
117 * @param aPath DOCUMENT ME!
118 * @param aOperation DOCUMENT ME!
120 * @return DOCUMENT ME!
122 protected AuthorizationRule createRule(AuthorizationResult aResult,
123 String aGroup, String aPath, Class<?extends Operation> aOperation) {
124 return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
130 * @param aCount DOCUMENT ME!
131 * @param aRule DOCUMENT ME!
133 protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
134 assertEquals(aCount, ((TestAuthorizationRule) aRule).getMatchCount());
140 * @param aPath DOCUMENT ME!
142 * @return DOCUMENT ME!
144 protected Object createResource(String aPath) {
145 return new TestResource(aPath);
151 * @param aCount DOCUMENT ME!
153 protected void checkRuleCount(int aCount) {
158 * Several checks to verify the outcome of matching against the
161 public void testFirstRuleGrants() {
162 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
163 new ReadOperation()));
164 checkMatchCount(1, rule1);
165 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
166 new WriteOperation()));
167 checkMatchCount(2, rule1);
168 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
169 new DeleteOperation()));
170 checkMatchCount(3, rule1);
171 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
172 new CreateOperation()));
173 checkMatchCount(4, rule1);
174 checkMatchCount(0, rule2);
175 checkMatchCount(0, rule3);
179 * Verify that a match with the second rule leads to a denial of
182 public void testSecondRuleDenies() {
183 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
184 new ReadOperation()));
185 checkMatchCount(0, rule1);
186 checkMatchCount(1, rule2);
187 checkMatchCount(0, rule3);
191 * Verifies that the third rule is used when appropriate and that
194 public void testThirdRuleGrants() {
195 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
196 new WriteOperation()));
197 checkMatchCount(0, rule1);
198 checkMatchCount(0, rule2);
199 checkMatchCount(1, rule3);
203 * Removes a rule and checks it is removed.
205 public void testRemoveRule() {
207 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
208 new WriteOperation()));
209 service.removeRule(2);
210 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
211 new WriteOperation()));
216 * Inserts a rule and checks it is inserted.
218 public void testInsertRule() {
220 assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
221 new WriteOperation()));
222 service.appendRule(createRule(GRANTED, "users", "/janse/",
223 WriteOperation.class));
224 assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
225 new WriteOperation()));
230 * Gets the rules. Verifies that all rules are obtained.
232 public void testGetRules() {
233 AuthorizationRule[] rules = service.getRules();
234 assertEquals(3, rules.length);
238 * Verifies that when no rules match, access is denied.
240 public void testNoRulesSupportResource() {
241 assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
242 new ReadOperation()));
243 checkMatchCount(0, rule1);
244 checkMatchCount(0, rule2);
245 checkMatchCount(0, rule3);