wamblee.org Git - utils/blob - security/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.wamblee.security.authorization;
  17
  18 import junit.framework.TestCase;
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21
  22 import org.wamblee.usermgt.UserAccessor;
  23
  24 /**
  25  * Tests the authorization service.
  26  *
  27  * @author Erik Brakkee
  28  */
  29 public class AuthorizationServiceTest extends TestCase {
  30     private AuthorizationRule rule1;
  31
  32     private AuthorizationRule rule2;
  33
  34     private AuthorizationRule rule3;
  35
  36     private AuthorizationService service;
  37
  38     protected AuthorizationService getService() {
  39         return service;
  40     }
  41
  42     /*
  43      * (non-Javadoc)
  44      *
  45      * @see junit.framework.TestCase#setUp()
  46      */
  47     @Override
  48     protected void setUp() throws Exception {
  49         super.setUp();
  50
  51         rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  52         rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  53         rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  54
  55         service = createService();
  56         service.appendRule(rule1);
  57         service.appendRule(rule2);
  58         service.appendRule(rule3);
  59     }
  60
  61     protected void resetTestRules() {
  62         ((TestAuthorizationRule) rule1).reset();
  63         ((TestAuthorizationRule) rule2).reset();
  64         ((TestAuthorizationRule) rule3).reset();
  65     }
  66
  67     protected UserAccessor createUserAccessor() {
  68         return new TestUserAccessor();
  69     }
  70
  71     /**
  72      * Creates an authorization service with some rules for testing. .
  73      *
  74      * @return Authorization service.
  75      */
  76     protected AuthorizationService createService() {
  77         DefaultAuthorizationService service = new DefaultAuthorizationService();
  78         service.setUserAccessor(createUserAccessor());
  79
  80         return service;
  81     }
  82
  83     protected AuthorizationRule createRule(AuthorizationResult aResult,
  84         String aGroup, String aPath, Class<? extends Operation> aOperation) {
  85         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  86     }
  87
  88     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  89         assertEquals(aCount, ((TestAuthorizationRule) aRule).getMatchCount());
  90     }
  91
  92     protected Object createResource(String aPath) {
  93         return new TestResource(aPath);
  94     }
  95
  96     protected void checkRuleCount(int aCount) {
  97         // Empty
  98     }
  99
 100     /**
 101      * Several checks to verify the outcome of matching against the first rule.
 102      */
 103     public void testFirstRuleGrants() {
 104         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 105             new ReadOperation()));
 106         checkMatchCount(1, rule1);
 107         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 108             new WriteOperation()));
 109         checkMatchCount(2, rule1);
 110         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 111             new DeleteOperation()));
 112         checkMatchCount(3, rule1);
 113         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 114             new CreateOperation()));
 115         checkMatchCount(4, rule1);
 116         checkMatchCount(0, rule2);
 117         checkMatchCount(0, rule3);
 118     }
 119
 120     /**
 121      * Verify that a match with the second rule leads to a denial of
 122      * authorization.
 123      */
 124     public void testSecondRuleDenies() {
 125         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 126             new ReadOperation()));
 127         checkMatchCount(0, rule1);
 128         checkMatchCount(1, rule2);
 129         checkMatchCount(0, rule3);
 130     }
 131
 132     /**
 133      * Verifies that the third rule is used when appropriate and that it grants
 134      * access.
 135      */
 136     public void testThirdRuleGrants() {
 137         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 138             new WriteOperation()));
 139         checkMatchCount(0, rule1);
 140         checkMatchCount(0, rule2);
 141         checkMatchCount(1, rule3);
 142     }
 143
 144     /**
 145      * Removes a rule and checks it is removed.
 146      */
 147     public void testRemoveRule() {
 148         checkRuleCount(3);
 149         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 150             new WriteOperation()));
 151         service.removeRule(2);
 152         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 153             new WriteOperation()));
 154         checkRuleCount(2);
 155     }
 156
 157     /**
 158      * Inserts a rule and checks it is inserted.
 159      */
 160     public void testInsertRule() {
 161         checkRuleCount(3);
 162         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
 163             new WriteOperation()));
 164         service.appendRule(createRule(GRANTED, "users", "/janse/",
 165             WriteOperation.class));
 166         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
 167             new WriteOperation()));
 168         checkRuleCount(4);
 169     }
 170
 171     /**
 172      * Gets the rules. Verifies that all rules are obtained.
 173      */
 174     public void testGetRules() {
 175         AuthorizationRule[] rules = service.getRules();
 176         assertEquals(3, rules.length);
 177     }
 178
 179     /**
 180      * Verifies that when no rules match, access is denied.
 181      */
 182     public void testNoRulesSupportResource() {
 183         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
 184             new ReadOperation()));
 185         checkMatchCount(0, rule1);
 186         checkMatchCount(0, rule2);
 187         checkMatchCount(0, rule3);
 188     }
 189 }