wamblee.org Git - utils/blob - security/usermgt/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005-2010 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.wamblee.security.authorization;
  17
  18 import static org.wamblee.security.authorization.AuthorizationResult.*;
  19 import junit.framework.TestCase;
  20
  21 import org.wamblee.security.authentication.UserAccessor;
  22 import org.wamblee.security.authentication.UserAdministration;
  23
  24 /**
  25  * Tests the authorization service.
  26  *
  27  * @author Erik Brakkee
  28  */
  29 public class AuthorizationServiceTest extends TestCase {
  30     private AbstractAuthorizationRule rule1;
  31
  32     private AbstractAuthorizationRule rule2;
  33
  34     private AbstractAuthorizationRule rule3;
  35
  36     private AuthorizationService service;
  37
  38     private TestUserAccessor userAccessor;
  39
  40
  41     protected AuthorizationService getService() {
  42         return service;
  43     }
  44
  45     /*
  46      * (non-Javadoc)
  47      *
  48      * @see junit.framework.TestCase#setUp()
  49      */
  50     @Override
  51     protected void setUp() throws Exception {
  52         super.setUp();
  53
  54         userAccessor = new TestUserAccessor();
  55
  56         rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  57         rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  58         rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  59
  60         service = createService();
  61         service.appendRule(rule1);
  62         service.appendRule(rule2);
  63         service.appendRule(rule3);
  64         checkRuleCount(3);
  65     }
  66
  67     protected void resetTestRules() {
  68         ((TestAuthorizationRule) rule1).reset();
  69         ((TestAuthorizationRule) rule2).reset();
  70         ((TestAuthorizationRule) rule3).reset();
  71     }
  72
  73     protected UserAccessor getUserAccessor() {
  74         return userAccessor;
  75     }
  76
  77     protected UserAdministration getUserAdministration() {
  78         return userAccessor.getUserAdmin();
  79     }
  80
  81     /**
  82      * Creates an authorization service with some rules for testing. .
  83      *
  84      * @return Authorization service.
  85      */
  86     protected AuthorizationService createService() {
  87         DefaultAuthorizationService svc = new DefaultAuthorizationService();
  88         svc.setUserAccessor(getUserAccessor());
  89         svc.setUserAdministration(getUserAdministration());
  90         return svc;
  91     }
  92
  93     protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
  94         String aGroup, String aPath, Class<? extends Operation> aOperation) {
  95         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  96     }
  97
  98     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  99         TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
 100         assertEquals(aCount, testRule.getMatchCount());
 101         testRule.reset();
 102     }
 103
 104     protected Object createResource(String aPath) {
 105         return new TestResource(aPath);
 106     }
 107
 108     protected void checkRuleCount(int aCount) {
 109         // Empty
 110     }
 111
 112     /**
 113      * Several checks to verify the outcome of matching against the first rule.
 114      */
 115     public void testFirstRuleGrants() {
 116         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 117             new ReadOperation()));
 118         checkMatchCount(1, service.getRules()[0]);
 119         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 120             new WriteOperation()));
 121         checkMatchCount(1, service.getRules()[0]);
 122         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 123             new DeleteOperation()));
 124         checkMatchCount(1, service.getRules()[0]);
 125         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 126             new CreateOperation()));
 127         checkMatchCount(1, service.getRules()[0]);
 128         checkMatchCount(0, service.getRules()[1]);
 129         checkMatchCount(0, service.getRules()[2]);
 130     }
 131
 132     /**
 133      * Verify that a match with the second rule leads to a denial of
 134      * authorization.
 135      */
 136     public void testSecondRuleDenies() {
 137         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 138             new ReadOperation()));
 139         checkMatchCount(0, service.getRules()[0]);
 140         checkMatchCount(1, service.getRules()[1]);
 141         checkMatchCount(0, service.getRules()[2]);
 142     }
 143
 144     /**
 145      * Verifies that the third rule is used when appropriate and that it grants
 146      * access.
 147      */
 148     public void testThirdRuleGrants() {
 149         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 150             new WriteOperation()));
 151         checkMatchCount(0, service.getRules()[0]);
 152         checkMatchCount(0, service.getRules()[1]);
 153         checkMatchCount(1, service.getRules()[2]);
 154     }
 155
 156     /**
 157      * Removes a rule and checks it is removed.
 158      */
 159     public void testRemoveRule() {
 160         checkRuleCount(3);
 161         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 162             new WriteOperation()));
 163         service.removeRule(2);
 164         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 165             new WriteOperation()));
 166         checkRuleCount(2);
 167     }
 168
 169     /**
 170      * Inserts a rule and checks it is inserted.
 171      */
 172     public void testInsertRule() {
 173         checkRuleCount(3);
 174         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
 175             new WriteOperation()));
 176         service.appendRule(createRule(GRANTED, "users", "/janse/",
 177             WriteOperation.class));
 178         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
 179             new WriteOperation()));
 180         checkRuleCount(4);
 181     }
 182
 183     /**
 184      * Gets the rules. Verifies that all rules are obtained.
 185      */
 186     public void testGetRules() {
 187         AuthorizationRule[] rules = service.getRules();
 188         assertEquals(3, rules.length);
 189     }
 190
 191     /**
 192      * Verifies that when no rules match, access is denied.
 193      */
 194     public void testNoRulesSupportResource() {
 195         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
 196             new ReadOperation()));
 197         checkMatchCount(0, service.getRules()[0]);
 198         checkMatchCount(0, service.getRules()[1]);
 199         checkMatchCount(0, service.getRules()[2]);
 200     }
 201 }