2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import junit.framework.TestCase;
19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
22 import org.wamblee.security.authentication.UserAccessor;
25 * Tests the authorization service.
27 * @author Erik Brakkee
29 public class AuthorizationServiceTest extends TestCase {
30 private AbstractAuthorizationRule rule1;
32 private AbstractAuthorizationRule rule2;
34 private AbstractAuthorizationRule rule3;
36 private AuthorizationService service;
38 protected AuthorizationService getService() {
45 * @see junit.framework.TestCase#setUp()
48 protected void setUp() throws Exception {
51 rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
52 rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
53 rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
55 service = createService();
56 service.appendRule(rule1);
57 service.appendRule(rule2);
58 service.appendRule(rule3);
62 protected void resetTestRules() {
63 ((TestAuthorizationRule) rule1).reset();
64 ((TestAuthorizationRule) rule2).reset();
65 ((TestAuthorizationRule) rule3).reset();
68 protected UserAccessor createUserAccessor() {
69 return new TestUserAccessor();
73 * Creates an authorization service with some rules for testing. .
75 * @return Authorization service.
77 protected AuthorizationService createService() {
78 DefaultAuthorizationService service = new DefaultAuthorizationService();
79 service.setUserAccessor(createUserAccessor());
84 protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
85 String aGroup, String aPath, Class<? extends Operation> aOperation) {
86 return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
89 protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
90 TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
91 assertEquals(aCount, testRule.getMatchCount());
95 protected Object createResource(String aPath) {
96 return new TestResource(aPath);
99 protected void checkRuleCount(int aCount) {
104 * Several checks to verify the outcome of matching against the first rule.
106 public void testFirstRuleGrants() {
107 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
108 new ReadOperation()));
109 checkMatchCount(1, service.getRules()[0]);
110 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
111 new WriteOperation()));
112 checkMatchCount(1, service.getRules()[0]);
113 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
114 new DeleteOperation()));
115 checkMatchCount(1, service.getRules()[0]);
116 assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
117 new CreateOperation()));
118 checkMatchCount(1, service.getRules()[0]);
119 checkMatchCount(0, service.getRules()[1]);
120 checkMatchCount(0, service.getRules()[2]);
124 * Verify that a match with the second rule leads to a denial of
127 public void testSecondRuleDenies() {
128 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
129 new ReadOperation()));
130 checkMatchCount(0, service.getRules()[0]);
131 checkMatchCount(1, service.getRules()[1]);
132 checkMatchCount(0, service.getRules()[2]);
136 * Verifies that the third rule is used when appropriate and that it grants
139 public void testThirdRuleGrants() {
140 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
141 new WriteOperation()));
142 checkMatchCount(0, service.getRules()[0]);
143 checkMatchCount(0, service.getRules()[1]);
144 checkMatchCount(1, service.getRules()[2]);
148 * Removes a rule and checks it is removed.
150 public void testRemoveRule() {
152 assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
153 new WriteOperation()));
154 service.removeRule(2);
155 assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
156 new WriteOperation()));
161 * Inserts a rule and checks it is inserted.
163 public void testInsertRule() {
165 assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
166 new WriteOperation()));
167 service.appendRule(createRule(GRANTED, "users", "/janse/",
168 WriteOperation.class));
169 assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
170 new WriteOperation()));
175 * Gets the rules. Verifies that all rules are obtained.
177 public void testGetRules() {
178 AuthorizationRule[] rules = service.getRules();
179 assertEquals(3, rules.length);
183 * Verifies that when no rules match, access is denied.
185 public void testNoRulesSupportResource() {
186 assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
187 new ReadOperation()));
188 checkMatchCount(0, service.getRules()[0]);
189 checkMatchCount(0, service.getRules()[1]);
190 checkMatchCount(0, service.getRules()[2]);