wamblee.org Git - utils/blob - security/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.wamblee.security.authorization;
  18
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21
  22 import org.wamblee.persistence.hibernate.HibernateMappingFiles;
  23 import org.wamblee.test.SpringConfigFiles;
  24 import org.wamblee.test.SpringTestCase;
  25 import org.wamblee.usermgt.UserAccessor;
  26
  27 /**
  28  * Tests the authorization service.
  29  *
  30  * @author Erik Brakkee
  31  */
  32 public class AuthorizationServiceTest extends SpringTestCase {
  33
  34     private AuthorizationRule _rule1;
  35     private AuthorizationRule _rule2;
  36     private AuthorizationRule _rule3;
  37     private AuthorizationService _service;
  38
  39
  40     public AuthorizationServiceTest() {
  41         super(SpringConfigFiles.class, HibernateMappingFiles.class);
  42     }
  43
  44     public AuthorizationServiceTest(Class<? extends SpringConfigFiles>aSpringFiles,
  45             Class<? extends HibernateMappingFiles> aMappings) {
  46         super(aSpringFiles, aMappings);
  47     }
  48
  49     protected AuthorizationService getService() {
  50         return _service;
  51     }
  52
  53     /* (non-Javadoc)
  54      * @see junit.framework.TestCase#setUp()
  55      */
  56     @Override
  57     protected void setUp() throws Exception {
  58         super.setUp();
  59
  60         _rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  61         _rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  62         _rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  63
  64         _service = createService();
  65         _service.appendRule(_rule1);
  66         _service.appendRule(_rule2);
  67         _service.appendRule(_rule3);
  68     }
  69
  70     protected void resetTestRules() {
  71         ((TestAuthorizationRule)_rule1).reset();
  72         ((TestAuthorizationRule)_rule2).reset();
  73         ((TestAuthorizationRule)_rule3).reset();
  74     }
  75
  76     protected UserAccessor createUserAccessor() {
  77         return new TestUserAccessor();
  78     }
  79
  80     /**
  81      * Creates an authorization service with some rules for testing. .
  82      * @return Authorization service.
  83      */
  84     protected AuthorizationService createService() {
  85         DefaultAuthorizationService service = new DefaultAuthorizationService() ;
  86         service.setUserAccessor(createUserAccessor());
  87         return service;
  88     }
  89
  90     protected AuthorizationRule createRule(AuthorizationResult aResult, String aGroup, String aPath, Class<? extends Operation> aOperation) {
  91         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  92     }
  93
  94     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  95         assertEquals( aCount,  ((TestAuthorizationRule)aRule).getMatchCount());
  96     }
  97
  98     protected Object createResource(String aPath) {
  99         return new TestResource(aPath);
 100     }
 101
 102     protected void checkRuleCount(int aCount) {
 103         // Empty
 104     }
 105
 106     /**
 107      * Several checks to verify the outcome of matching against the first rule.
 108      *
 109      */
 110     public void testFirstRuleGrants() {
 111         assertTrue( _service.isAllowed(createResource("/oni/xyz.jpg"), new ReadOperation()));
 112         checkMatchCount(1, _rule1);
 113         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new WriteOperation()));
 114         checkMatchCount(2, _rule1);
 115         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new DeleteOperation()));
 116         checkMatchCount(3, _rule1);
 117         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new CreateOperation()));
 118         checkMatchCount(4, _rule1);
 119         checkMatchCount(0, _rule2);
 120         checkMatchCount(0, _rule3);
 121     }
 122
 123     /**
 124      * Verify that a match with the second rule leads to a denial of authorization.
 125      *
 126      */
 127     public void testSecondRuleDenies() {
 128         assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new ReadOperation()));
 129         checkMatchCount(0, _rule1);
 130         checkMatchCount(1, _rule2);
 131         checkMatchCount(0, _rule3);
 132     }
 133
 134     /**
 135      * Verifies that the third rule is used when appropriate and that it grants access.
 136      *
 137      */
 138     public void testThirdRuleGrants() {
 139         assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 140         checkMatchCount(0, _rule1);
 141         checkMatchCount(0, _rule2);
 142         checkMatchCount(1, _rule3);
 143     }
 144
 145     /**
 146      * Removes a rule and checks it is removed.
 147      *
 148      */
 149     public void testRemoveRule() {
 150         checkRuleCount(3);
 151         assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 152         _service.removeRule(2);
 153         assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 154         checkRuleCount(2);
 155     }
 156
 157     /**
 158      * Inserts a rule and checks it is inserted.
 159      *
 160      */
 161     public void testInsertRule() {
 162         checkRuleCount(3);
 163         assertFalse(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
 164         _service.appendRule(createRule(GRANTED, "users", "/janse/", WriteOperation.class));
 165         assertTrue(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
 166         checkRuleCount(4);
 167
 168     }
 169
 170     /**
 171      * Gets the rules. Verifies that all rules are obtained.
 172      *
 173      */
 174     public void testGetRules() {
 175         AuthorizationRule[] rules = _service.getRules();
 176         assertEquals(3, rules.length);
 177     }
 178
 179     /**
 180      * Verifies that when no rules match, access is denied.
 181      *
 182      */
 183     public void testNoRulesSupportResource() {
 184         assertFalse(_service.isAllowed(createResource("/xyxyxyxy"), new ReadOperation()));
 185         checkMatchCount(0, _rule1);
 186         checkMatchCount(0, _rule2);
 187         checkMatchCount(0, _rule3);
 188     }
 189 }