wamblee.org Git - utils/blob - security/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.wamblee.security.authorization;
  18
  19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
  20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
  21
  22 import org.wamblee.persistence.hibernate.HibernateMappingFiles;
  23 import org.wamblee.test.SpringConfigFiles;
  24 import org.wamblee.test.SpringTestCase;
  25 import org.wamblee.usermgt.UserAccessor;
  26
  27 /**
  28  * Tests the authorization service.
  29  */
  30 public class AuthorizationServiceTest extends SpringTestCase {
  31
  32     private AuthorizationRule _rule1;
  33     private AuthorizationRule _rule2;
  34     private AuthorizationRule _rule3;
  35     private AuthorizationService _service;
  36
  37
  38     public AuthorizationServiceTest() {
  39         super(SpringConfigFiles.class, HibernateMappingFiles.class);
  40     }
  41
  42     public AuthorizationServiceTest(Class<? extends SpringConfigFiles>aSpringFiles,
  43             Class<? extends HibernateMappingFiles> aMappings) {
  44         super(aSpringFiles, aMappings);
  45     }
  46
  47     protected AuthorizationService getService() {
  48         return _service;
  49     }
  50
  51     /* (non-Javadoc)
  52      * @see junit.framework.TestCase#setUp()
  53      */
  54     @Override
  55     protected void setUp() throws Exception {
  56         super.setUp();
  57
  58         _rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  59         _rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  60         _rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  61
  62         _service = createService();
  63         _service.appendRule(_rule1);
  64         _service.appendRule(_rule2);
  65         _service.appendRule(_rule3);
  66     }
  67
  68     protected void resetTestRules() {
  69         ((TestAuthorizationRule)_rule1).reset();
  70         ((TestAuthorizationRule)_rule2).reset();
  71         ((TestAuthorizationRule)_rule3).reset();
  72     }
  73
  74     protected UserAccessor createUserAccessor() {
  75         return new TestUserAccessor();
  76     }
  77
  78     /**
  79      * Creates an authorization service with some rules for testing. .
  80      * @return Authorization service.
  81      */
  82     protected AuthorizationService createService() {
  83         DefaultAuthorizationService service = new DefaultAuthorizationService() ;
  84         service.setUserAccessor(createUserAccessor());
  85         return service;
  86     }
  87
  88     protected AuthorizationRule createRule(AuthorizationResult aResult, String aGroup, String aPath, Class<? extends Operation> aOperation) {
  89         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  90     }
  91
  92     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  93         assertEquals( aCount,  ((TestAuthorizationRule)aRule).getMatchCount());
  94     }
  95
  96     protected Object createResource(String aPath) {
  97         return new TestResource(aPath);
  98     }
  99
 100     protected void checkRuleCount(int aCount) {
 101         // Empty
 102     }
 103
 104     /**
 105      * Several checks to verify the outcome of matching against the first rule.
 106      *
 107      */
 108     public void testFirstRuleGrants() {
 109         assertTrue( _service.isAllowed(createResource("/oni/xyz.jpg"), new ReadOperation()));
 110         checkMatchCount(1, _rule1);
 111         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new WriteOperation()));
 112         checkMatchCount(2, _rule1);
 113         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new DeleteOperation()));
 114         checkMatchCount(3, _rule1);
 115         assertTrue(_service.isAllowed(createResource("/oni/xyz.jpg"), new CreateOperation()));
 116         checkMatchCount(4, _rule1);
 117         checkMatchCount(0, _rule2);
 118         checkMatchCount(0, _rule3);
 119     }
 120
 121     /**
 122      * Verify that a match with the second rule leads to a denial of authorization.
 123      *
 124      */
 125     public void testSecondRuleDenies() {
 126         assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new ReadOperation()));
 127         checkMatchCount(0, _rule1);
 128         checkMatchCount(1, _rule2);
 129         checkMatchCount(0, _rule3);
 130     }
 131
 132     /**
 133      * Verifies that the third rule is used when appropriate and that it grants access.
 134      *
 135      */
 136     public void testThirdRuleGrants() {
 137         assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 138         checkMatchCount(0, _rule1);
 139         checkMatchCount(0, _rule2);
 140         checkMatchCount(1, _rule3);
 141     }
 142
 143     /**
 144      * Removes a rule and checks it is removed.
 145      *
 146      */
 147     public void testRemoveRule() {
 148         checkRuleCount(3);
 149         assertTrue(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 150         _service.removeRule(2);
 151         assertFalse(_service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation()));
 152         checkRuleCount(2);
 153     }
 154
 155     /**
 156      * Inserts a rule and checks it is inserted.
 157      *
 158      */
 159     public void testInsertRule() {
 160         checkRuleCount(3);
 161         assertFalse(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
 162         _service.appendRule(createRule(GRANTED, "users", "/janse/", WriteOperation.class));
 163         assertTrue(_service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation()));
 164         checkRuleCount(4);
 165
 166     }
 167
 168     /**
 169      * Gets the rules. Verifies that all rules are obtained.
 170      *
 171      */
 172     public void testGetRules() {
 173         AuthorizationRule[] rules = _service.getRules();
 174         assertEquals(3, rules.length);
 175     }
 176
 177     /**
 178      * Verifies that when no rules match, access is denied.
 179      *
 180      */
 181     public void testNoRulesSupportResource() {
 182         assertFalse(_service.isAllowed(createResource("/xyxyxyxy"), new ReadOperation()));
 183         checkMatchCount(0, _rule1);
 184         checkMatchCount(0, _rule2);
 185         checkMatchCount(0, _rule3);
 186     }
 187 }