wamblee.org Git - utils/blob - security/impl/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005-2010 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.wamblee.security.authorization;
  17
  18 import junit.framework.TestCase;
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21
  22 import org.junit.Ignore;
  23 import org.wamblee.security.authentication.UserAccessor;
  24 import org.wamblee.security.authentication.UserAdministration;
  25
  26 /**
  27  * Tests the authorization service.
  28  *
  29  * @author Erik Brakkee
  30  */
  31 public class AuthorizationServiceTest extends TestCase {
  32     private AbstractAuthorizationRule rule1;
  33
  34     private AbstractAuthorizationRule rule2;
  35
  36     private AbstractAuthorizationRule rule3;
  37
  38     private AuthorizationService service;
  39
  40     private TestUserAccessor userAccessor;
  41
  42
  43     protected AuthorizationService getService() {
  44         return service;
  45     }
  46
  47     /*
  48      * (non-Javadoc)
  49      *
  50      * @see junit.framework.TestCase#setUp()
  51      */
  52     @Override
  53     protected void setUp() throws Exception {
  54         super.setUp();
  55
  56         userAccessor = new TestUserAccessor();
  57
  58         rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  59         rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  60         rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  61
  62         service = createService();
  63         service.appendRule(rule1);
  64         service.appendRule(rule2);
  65         service.appendRule(rule3);
  66         checkRuleCount(3);
  67     }
  68
  69     protected void resetTestRules() {
  70         ((TestAuthorizationRule) rule1).reset();
  71         ((TestAuthorizationRule) rule2).reset();
  72         ((TestAuthorizationRule) rule3).reset();
  73     }
  74
  75     protected UserAccessor getUserAccessor() {
  76         return userAccessor;
  77     }
  78
  79     protected UserAdministration getUserAdministration() {
  80         return userAccessor.getUserAdmin();
  81     }
  82
  83     /**
  84      * Creates an authorization service with some rules for testing. .
  85      *
  86      * @return Authorization service.
  87      */
  88     protected AuthorizationService createService() {
  89         DefaultAuthorizationService svc = new DefaultAuthorizationService();
  90         svc.setUserAccessor(getUserAccessor());
  91         svc.setUserAdministration(getUserAdministration());
  92         return svc;
  93     }
  94
  95     protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
  96         String aGroup, String aPath, Class<? extends Operation> aOperation) {
  97         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  98     }
  99
 100     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
 101         TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
 102         assertEquals(aCount, testRule.getMatchCount());
 103         testRule.reset();
 104     }
 105
 106     protected Object createResource(String aPath) {
 107         return new TestResource(aPath);
 108     }
 109
 110     protected void checkRuleCount(int aCount) {
 111         // Empty
 112     }
 113
 114     /**
 115      * Several checks to verify the outcome of matching against the first rule.
 116      */
 117     public void testFirstRuleGrants() {
 118         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 119             new ReadOperation()));
 120         checkMatchCount(1, service.getRules()[0]);
 121         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 122             new WriteOperation()));
 123         checkMatchCount(1, service.getRules()[0]);
 124         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 125             new DeleteOperation()));
 126         checkMatchCount(1, service.getRules()[0]);
 127         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 128             new CreateOperation()));
 129         checkMatchCount(1, service.getRules()[0]);
 130         checkMatchCount(0, service.getRules()[1]);
 131         checkMatchCount(0, service.getRules()[2]);
 132     }
 133
 134     /**
 135      * Verify that a match with the second rule leads to a denial of
 136      * authorization.
 137      */
 138     public void testSecondRuleDenies() {
 139         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 140             new ReadOperation()));
 141         checkMatchCount(0, service.getRules()[0]);
 142         checkMatchCount(1, service.getRules()[1]);
 143         checkMatchCount(0, service.getRules()[2]);
 144     }
 145
 146     /**
 147      * Verifies that the third rule is used when appropriate and that it grants
 148      * access.
 149      */
 150     public void testThirdRuleGrants() {
 151         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 152             new WriteOperation()));
 153         checkMatchCount(0, service.getRules()[0]);
 154         checkMatchCount(0, service.getRules()[1]);
 155         checkMatchCount(1, service.getRules()[2]);
 156     }
 157
 158     /**
 159      * Removes a rule and checks it is removed.
 160      */
 161     public void testRemoveRule() {
 162         checkRuleCount(3);
 163         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 164             new WriteOperation()));
 165         service.removeRule(2);
 166         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 167             new WriteOperation()));
 168         checkRuleCount(2);
 169     }
 170
 171     /**
 172      * Inserts a rule and checks it is inserted.
 173      */
 174     public void testInsertRule() {
 175         checkRuleCount(3);
 176         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
 177             new WriteOperation()));
 178         service.appendRule(createRule(GRANTED, "users", "/janse/",
 179             WriteOperation.class));
 180         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
 181             new WriteOperation()));
 182         checkRuleCount(4);
 183     }
 184
 185     /**
 186      * Gets the rules. Verifies that all rules are obtained.
 187      */
 188     public void testGetRules() {
 189         AuthorizationRule[] rules = service.getRules();
 190         assertEquals(3, rules.length);
 191     }
 192
 193     /**
 194      * Verifies that when no rules match, access is denied.
 195      */
 196     public void testNoRulesSupportResource() {
 197         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
 198             new ReadOperation()));
 199         checkMatchCount(0, service.getRules()[0]);
 200         checkMatchCount(0, service.getRules()[1]);
 201         checkMatchCount(0, service.getRules()[2]);
 202     }
 203 }