wamblee.org Git - utils/blob - security/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.wamblee.security.authorization;
  18
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21 import junit.framework.TestCase;
  22
  23 import org.wamblee.persistence.hibernate.HibernateMappingFiles;
  24 import org.wamblee.test.spring.SpringTestCase;
  25 import org.wamblee.test.spring.SpringConfigFiles;
  26 import org.wamblee.usermgt.UserAccessor;
  27
  28 /**
  29  * Tests the authorization service.
  30  *
  31  * @author Erik Brakkee
  32  */
  33 public class AuthorizationServiceTest extends TestCase {
  34
  35     private AuthorizationRule _rule1;
  36     private AuthorizationRule _rule2;
  37     private AuthorizationRule _rule3;
  38     private AuthorizationService _service;
  39
  40     protected AuthorizationService getService() {
  41         return _service;
  42     }
  43
  44     /* (non-Javadoc)
  45      * @see junit.framework.TestCase#setUp()
  46      */
  47     @Override
  48     protected void setUp() throws Exception {
  49         super.setUp();
  50
  51         _rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  52         _rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  53         _rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  54
  55         _service = createService();
  56         _service.appendRule(_rule1);
  57         _service.appendRule(_rule2);
  58         _service.appendRule(_rule3);
  59     }
  60
  61     protected void resetTestRules() {
  62         ((TestAuthorizationRule)_rule1).reset();
  63         ((TestAuthorizationRule)_rule2).reset();
  64         ((TestAuthorizationRule)_rule3).reset();
  65     }
  66
  67     protected UserAccessor createUserAccessor() {
  68         return new TestUserAccessor();
  69     }
  70
  71     /**
  72      * Creates an authorization service with some rules for testing. .
  73      * @return Authorization service.
  74      */
  75     protected AuthorizationService createService() {
  76         DefaultAuthorizationService service = new DefaultAuthorizationService() ;
  77         service.setUserAccessor(createUserAccessor());
  78         return service;
  79     }
  80
  81     protected AuthorizationRule createRule(AuthorizationResult aResult, String aGroup, String aPath, Class<? extends Operation> aOperation) {
  82         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  83     }
  84
  85     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  86         assertEquals( aCount,  ((TestAuthorizationRule)aRule).getMatchCount());
  87     }
  88
  89     protected Object createResource(String aPath) {
  90         return new TestResource(aPath);
  91     }
  92
  93     protected void checkRuleCount(int aCount) {
  94         // Empty
  95     }
  96
  97     /**
  98      * Several checks to verify the outcome of matching against the first rule.
  99      *
 100      */
 101     public void testFirstRuleGrants() {
 102         assertTrue( _service.isAllowed(createResource("/oni/xyz.jpg"), new ReadOperation()));
 103         checkMatchCount(1, _rule1);
 104         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new WriteOperation()));
 105         checkMatchCount(2, _rule1);
 106         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new DeleteOperation()));
 107         checkMatchCount(3, _rule1);
 108         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new CreateOperation()));
 109         checkMatchCount(4, _rule1);
 110         checkMatchCount(0, _rule2);
 111         checkMatchCount(0, _rule3);
 112     }
 113
 114     /**
 115      * Verify that a match with the second rule leads to a denial of authorization.
 116      *
 117      */
 118     public void testSecondRuleDenies() {
 119         assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new ReadOperation()));
 120         checkMatchCount(0, _rule1);
 121         checkMatchCount(1, _rule2);
 122         checkMatchCount(0, _rule3);
 123     }
 124
 125     /**
 126      * Verifies that the third rule is used when appropriate and that it grants access.
 127      *
 128      */
 129     public void testThirdRuleGrants() {
 130         assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 131         checkMatchCount(0, _rule1);
 132         checkMatchCount(0, _rule2);
 133         checkMatchCount(1, _rule3);
 134     }
 135
 136     /**
 137      * Removes a rule and checks it is removed.
 138      *
 139      */
 140     public void testRemoveRule() {
 141         checkRuleCount(3);
 142         assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 143         _service.removeRule(2);
 144         assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 145         checkRuleCount(2);
 146     }
 147
 148     /**
 149      * Inserts a rule and checks it is inserted.
 150      *
 151      */
 152     public void testInsertRule() {
 153         checkRuleCount(3);
 154         assertFalse(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
 155         _service.appendRule(createRule(GRANTED, "users", "/janse/", WriteOperation.class));
 156         assertTrue(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
 157         checkRuleCount(4);
 158
 159     }
 160
 161     /**
 162      * Gets the rules. Verifies that all rules are obtained.
 163      *
 164      */
 165     public void testGetRules() {
 166         AuthorizationRule[] rules = _service.getRules();
 167         assertEquals(3, rules.length);
 168     }
 169
 170     /**
 171      * Verifies that when no rules match, access is denied.
 172      *
 173      */
 174     public void testNoRulesSupportResource() {
 175         assertFalse(_service.isAllowed(createResource("/xyxyxyxy"), new ReadOperation()));
 176         checkMatchCount(0, _rule1);
 177         checkMatchCount(0, _rule2);
 178         checkMatchCount(0, _rule3);
 179     }
 180 }