wamblee.org Git - utils/blob - security/impl/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005-2010 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.wamblee.security.authorization;
  17
  18 import junit.framework.TestCase;
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21
  22 import org.wamblee.usermgt.UserAccessor;
  23
  24 /**
  25  * Tests the authorization service.
  26  *
  27  * @author Erik Brakkee
  28  */
  29 public class AuthorizationServiceTest extends TestCase {
  30     private AbstractAuthorizationRule rule1;
  31
  32     private AbstractAuthorizationRule rule2;
  33
  34     private AbstractAuthorizationRule rule3;
  35
  36     private AuthorizationService service;
  37
  38     protected AuthorizationService getService() {
  39         return service;
  40     }
  41
  42     /*
  43      * (non-Javadoc)
  44      *
  45      * @see junit.framework.TestCase#setUp()
  46      */
  47     @Override
  48     protected void setUp() throws Exception {
  49         super.setUp();
  50
  51         rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  52         rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  53         rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  54
  55         service = createService();
  56         service.appendRule(rule1);
  57         service.appendRule(rule2);
  58         service.appendRule(rule3);
  59         checkRuleCount(3);
  60     }
  61
  62     protected void resetTestRules() {
  63         ((TestAuthorizationRule) rule1).reset();
  64         ((TestAuthorizationRule) rule2).reset();
  65         ((TestAuthorizationRule) rule3).reset();
  66     }
  67
  68     protected UserAccessor createUserAccessor() {
  69         return new TestUserAccessor();
  70     }
  71
  72     /**
  73      * Creates an authorization service with some rules for testing. .
  74      *
  75      * @return Authorization service.
  76      */
  77     protected AuthorizationService createService() {
  78         DefaultAuthorizationService service = new DefaultAuthorizationService();
  79         service.setUserAccessor(createUserAccessor());
  80
  81         return service;
  82     }
  83
  84     protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
  85         String aGroup, String aPath, Class<? extends Operation> aOperation) {
  86         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  87     }
  88
  89     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  90         TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
  91         assertEquals(aCount, testRule.getMatchCount());
  92         testRule.reset();
  93     }
  94
  95     protected Object createResource(String aPath) {
  96         return new TestResource(aPath);
  97     }
  98
  99     protected void checkRuleCount(int aCount) {
 100         // Empty
 101     }
 102
 103     /**
 104      * Several checks to verify the outcome of matching against the first rule.
 105      */
 106     public void testFirstRuleGrants() {
 107         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 108             new ReadOperation()));
 109         checkMatchCount(1, service.getRules()[0]);
 110         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 111             new WriteOperation()));
 112         checkMatchCount(1, service.getRules()[0]);
 113         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 114             new DeleteOperation()));
 115         checkMatchCount(1, service.getRules()[0]);
 116         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 117             new CreateOperation()));
 118         checkMatchCount(1, service.getRules()[0]);
 119         checkMatchCount(0, service.getRules()[1]);
 120         checkMatchCount(0, service.getRules()[2]);
 121     }
 122
 123     /**
 124      * Verify that a match with the second rule leads to a denial of
 125      * authorization.
 126      */
 127     public void testSecondRuleDenies() {
 128         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 129             new ReadOperation()));
 130         checkMatchCount(0, service.getRules()[0]);
 131         checkMatchCount(1, service.getRules()[1]);
 132         checkMatchCount(0, service.getRules()[2]);
 133     }
 134
 135     /**
 136      * Verifies that the third rule is used when appropriate and that it grants
 137      * access.
 138      */
 139     public void testThirdRuleGrants() {
 140         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 141             new WriteOperation()));
 142         checkMatchCount(0, service.getRules()[0]);
 143         checkMatchCount(0, service.getRules()[1]);
 144         checkMatchCount(1, service.getRules()[2]);
 145     }
 146
 147     /**
 148      * Removes a rule and checks it is removed.
 149      */
 150     public void testRemoveRule() {
 151         checkRuleCount(3);
 152         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 153             new WriteOperation()));
 154         service.removeRule(2);
 155         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 156             new WriteOperation()));
 157         checkRuleCount(2);
 158     }
 159
 160     /**
 161      * Inserts a rule and checks it is inserted.
 162      */
 163     public void testInsertRule() {
 164         checkRuleCount(3);
 165         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
 166             new WriteOperation()));
 167         service.appendRule(createRule(GRANTED, "users", "/janse/",
 168             WriteOperation.class));
 169         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
 170             new WriteOperation()));
 171         checkRuleCount(4);
 172     }
 173
 174     /**
 175      * Gets the rules. Verifies that all rules are obtained.
 176      */
 177     public void testGetRules() {
 178         AuthorizationRule[] rules = service.getRules();
 179         assertEquals(3, rules.length);
 180     }
 181
 182     /**
 183      * Verifies that when no rules match, access is denied.
 184      */
 185     public void testNoRulesSupportResource() {
 186         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
 187             new ReadOperation()));
 188         checkMatchCount(0, service.getRules()[0]);
 189         checkMatchCount(0, service.getRules()[1]);
 190         checkMatchCount(0, service.getRules()[2]);
 191     }
 192 }