git://wamblee.org / utils / blob
? search:


fcc29344171e81d28e9f5b8d8566564ec6fc8c80
[utils] / security / src / test / java / org / wamblee / security / authorization / AuthorizationServiceTest.java
1 /*
2  * Copyright 2005 the original author or authors.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package org.wamblee.security.authorization;
17
18 import junit.framework.TestCase;
19 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
20 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
21
22 import org.wamblee.usermgt.UserAccessor;
23
24
25 /**
26  * Tests the authorization service.
27  *
28  * @author Erik Brakkee
29  */
30 public class AuthorizationServiceTest extends TestCase {
31     /**
32      * DOCUMENT ME!
33      */
34     private AuthorizationRule rule1;
35
36     /**
37      * DOCUMENT ME!
38      */
39     private AuthorizationRule rule2;
40
41     /**
42      * DOCUMENT ME!
43      */
44     private AuthorizationRule rule3;
45
46     /**
47      * DOCUMENT ME!
48      */
49     private AuthorizationService service;
50
51     /**
52      * DOCUMENT ME!
53      *
54      * @return DOCUMENT ME!
55      */
56     protected AuthorizationService getService() {
57         return service;
58     }
59
60     /* (non-Javadoc)
61      * @see junit.framework.TestCase#setUp()
62      */
63     /**
64      * DOCUMENT ME!
65      *
66      * @throws Exception DOCUMENT ME!
67      */
68     @Override
69     protected void setUp() throws Exception {
70         super.setUp();
71
72         rule1       = createRule(GRANTED, "users", "/oni/", AllOperation.class);
73         rule2       = createRule(DENIED, "users", "/abc/", ReadOperation.class);
74         rule3       = createRule(GRANTED, "users", "/abc/", AllOperation.class);
75
76         service     = createService();
77         service.appendRule(rule1);
78         service.appendRule(rule2);
79         service.appendRule(rule3);
80     }
81
82     /**
83      * DOCUMENT ME!
84      */
85     protected void resetTestRules() {
86         ((TestAuthorizationRule) rule1).reset();
87         ((TestAuthorizationRule) rule2).reset();
88         ((TestAuthorizationRule) rule3).reset();
89     }
90
91     /**
92      * DOCUMENT ME!
93      *
94      * @return DOCUMENT ME!
95      */
96     protected UserAccessor createUserAccessor() {
97         return new TestUserAccessor();
98     }
99
100     /**
101      * Creates an authorization service with some rules for testing. .
102      *
103      * @return Authorization service.
104      */
105     protected AuthorizationService createService() {
106         DefaultAuthorizationService service = new DefaultAuthorizationService();
107         service.setUserAccessor(createUserAccessor());
108
109         return service;
110     }
111
112     /**
113      * DOCUMENT ME!
114      *
115      * @param aResult DOCUMENT ME!
116      * @param aGroup DOCUMENT ME!
117      * @param aPath DOCUMENT ME!
118      * @param aOperation DOCUMENT ME!
119      *
120      * @return DOCUMENT ME!
121      */
122     protected AuthorizationRule createRule(AuthorizationResult aResult,
123         String aGroup, String aPath, Class<?extends Operation> aOperation) {
124         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
125     }
126
127     /**
128      * DOCUMENT ME!
129      *
130      * @param aCount DOCUMENT ME!
131      * @param aRule DOCUMENT ME!
132      */
133     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
134         assertEquals(aCount, ((TestAuthorizationRule) aRule).getMatchCount());
135     }
136
137     /**
138      * DOCUMENT ME!
139      *
140      * @param aPath DOCUMENT ME!
141      *
142      * @return DOCUMENT ME!
143      */
144     protected Object createResource(String aPath) {
145         return new TestResource(aPath);
146     }
147
148     /**
149      * DOCUMENT ME!
150      *
151      * @param aCount DOCUMENT ME!
152      */
153     protected void checkRuleCount(int aCount) {
154         // Empty
155     }
156
157     /**
158      * Several checks to verify the outcome of matching against the
159      * first rule.
160      */
161     public void testFirstRuleGrants() {
162         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
163                 new ReadOperation()));
164         checkMatchCount(1, rule1);
165         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
166                 new WriteOperation()));
167         checkMatchCount(2, rule1);
168         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
169                 new DeleteOperation()));
170         checkMatchCount(3, rule1);
171         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
172                 new CreateOperation()));
173         checkMatchCount(4, rule1);
174         checkMatchCount(0, rule2);
175         checkMatchCount(0, rule3);
176     }
177
178     /**
179      * Verify that a match with the second rule leads to a denial of
180      * authorization.
181      */
182     public void testSecondRuleDenies() {
183         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
184                 new ReadOperation()));
185         checkMatchCount(0, rule1);
186         checkMatchCount(1, rule2);
187         checkMatchCount(0, rule3);
188     }
189
190     /**
191      * Verifies that the third rule is used when appropriate and that
192      * it grants access.
193      */
194     public void testThirdRuleGrants() {
195         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
196                 new WriteOperation()));
197         checkMatchCount(0, rule1);
198         checkMatchCount(0, rule2);
199         checkMatchCount(1, rule3);
200     }
201
202     /**
203      * Removes a rule and checks it is removed.
204      */
205     public void testRemoveRule() {
206         checkRuleCount(3);
207         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
208                 new WriteOperation()));
209         service.removeRule(2);
210         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
211                 new WriteOperation()));
212         checkRuleCount(2);
213     }
214
215     /**
216      * Inserts a rule and checks it is inserted.
217      */
218     public void testInsertRule() {
219         checkRuleCount(3);
220         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
221                 new WriteOperation()));
222         service.appendRule(createRule(GRANTED, "users", "/janse/",
223                 WriteOperation.class));
224         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
225                 new WriteOperation()));
226         checkRuleCount(4);
227     }
228
229     /**
230      * Gets the rules. Verifies that all rules are obtained.
231      */
232     public void testGetRules() {
233         AuthorizationRule[] rules = service.getRules();
234         assertEquals(3, rules.length);
235     }
236
237     /**
238      * Verifies that when no rules match, access is denied.
239      */
240     public void testNoRulesSupportResource() {
241         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
242                 new ReadOperation()));
243         checkMatchCount(0, rule1);
244         checkMatchCount(0, rule2);
245         checkMatchCount(0, rule3);
246     }
247 }
http://utils.wamblee.org