wamblee.org Git - utils/blob - security/impl/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005-2010 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.wamblee.security.authorization;
  17
  18 import junit.framework.TestCase;
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21
  22 import org.wamblee.usermgt.UserAccessor;
  23
  24 /**
  25  * Tests the authorization service.
  26  *
  27  * @author Erik Brakkee
  28  */
  29 public class AuthorizationServiceTest extends TestCase {
  30     private AbstractAuthorizationRule rule1;
  31
  32     private AbstractAuthorizationRule rule2;
  33
  34     private AbstractAuthorizationRule rule3;
  35
  36     private AuthorizationService service;
  37
  38     protected AuthorizationService getService() {
  39         return service;
  40     }
  41
  42     /*
  43      * (non-Javadoc)
  44      *
  45      * @see junit.framework.TestCase#setUp()
  46      */
  47     @Override
  48     protected void setUp() throws Exception {
  49         super.setUp();
  50
  51         rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  52         rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  53         rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  54
  55         service = createService();
  56         service.appendRule(rule1);
  57         service.appendRule(rule2);
  58         service.appendRule(rule3);
  59     }
  60
  61     protected void resetTestRules() {
  62         ((TestAuthorizationRule) rule1).reset();
  63         ((TestAuthorizationRule) rule2).reset();
  64         ((TestAuthorizationRule) rule3).reset();
  65     }
  66
  67     protected UserAccessor createUserAccessor() {
  68         return new TestUserAccessor();
  69     }
  70
  71     /**
  72      * Creates an authorization service with some rules for testing. .
  73      *
  74      * @return Authorization service.
  75      */
  76     protected AuthorizationService createService() {
  77         DefaultAuthorizationService service = new DefaultAuthorizationService();
  78         service.setUserAccessor(createUserAccessor());
  79
  80         return service;
  81     }
  82
  83     protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
  84         String aGroup, String aPath, Class<? extends Operation> aOperation) {
  85         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  86     }
  87
  88     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  89         TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
  90         assertEquals(aCount, testRule.getMatchCount());
  91         testRule.reset();
  92     }
  93
  94     protected Object createResource(String aPath) {
  95         return new TestResource(aPath);
  96     }
  97
  98     protected void checkRuleCount(int aCount) {
  99         // Empty
 100     }
 101
 102     /**
 103      * Several checks to verify the outcome of matching against the first rule.
 104      */
 105     public void testFirstRuleGrants() {
 106         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 107             new ReadOperation()));
 108         checkMatchCount(1, service.getRules()[0]);
 109         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 110             new WriteOperation()));
 111         checkMatchCount(1, service.getRules()[0]);
 112         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 113             new DeleteOperation()));
 114         checkMatchCount(1, service.getRules()[0]);
 115         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 116             new CreateOperation()));
 117         checkMatchCount(1, service.getRules()[0]);
 118         checkMatchCount(0, service.getRules()[1]);
 119         checkMatchCount(0, service.getRules()[2]);
 120     }
 121
 122     /**
 123      * Verify that a match with the second rule leads to a denial of
 124      * authorization.
 125      */
 126     public void testSecondRuleDenies() {
 127         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 128             new ReadOperation()));
 129         checkMatchCount(0, service.getRules()[0]);
 130         checkMatchCount(1, service.getRules()[1]);
 131         checkMatchCount(0, service.getRules()[2]);
 132     }
 133
 134     /**
 135      * Verifies that the third rule is used when appropriate and that it grants
 136      * access.
 137      */
 138     public void testThirdRuleGrants() {
 139         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 140             new WriteOperation()));
 141         checkMatchCount(0, service.getRules()[0]);
 142         checkMatchCount(0, service.getRules()[1]);
 143         checkMatchCount(1, service.getRules()[2]);
 144     }
 145
 146     /**
 147      * Removes a rule and checks it is removed.
 148      */
 149     public void testRemoveRule() {
 150         checkRuleCount(3);
 151         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 152             new WriteOperation()));
 153         service.removeRule(2);
 154         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 155             new WriteOperation()));
 156         checkRuleCount(2);
 157     }
 158
 159     /**
 160      * Inserts a rule and checks it is inserted.
 161      */
 162     public void testInsertRule() {
 163         checkRuleCount(3);
 164         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
 165             new WriteOperation()));
 166         service.appendRule(createRule(GRANTED, "users", "/janse/",
 167             WriteOperation.class));
 168         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
 169             new WriteOperation()));
 170         checkRuleCount(4);
 171     }
 172
 173     /**
 174      * Gets the rules. Verifies that all rules are obtained.
 175      */
 176     public void testGetRules() {
 177         AuthorizationRule[] rules = service.getRules();
 178         assertEquals(3, rules.length);
 179     }
 180
 181     /**
 182      * Verifies that when no rules match, access is denied.
 183      */
 184     public void testNoRulesSupportResource() {
 185         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
 186             new ReadOperation()));
 187         checkMatchCount(0, service.getRules()[0]);
 188         checkMatchCount(0, service.getRules()[1]);
 189         checkMatchCount(0, service.getRules()[2]);
 190     }
 191 }