wamblee.org Git - utils/blob - security/usermgt/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java

   1 /*
   2  * Copyright 2005-2010 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.wamblee.security.authorization;
  17
  18 import static org.wamblee.security.authorization.AuthorizationResult.*;
  19 import junit.framework.TestCase;
  20
  21 import org.wamblee.security.authentication.UserAccessor;
  22 import org.wamblee.security.authentication.UserAdministration;
  23
  24 /**
  25  * Tests the authorization service.
  26  *
  27  * @author Erik Brakkee
  28  */
  29 public class AuthorizationServiceTest extends TestCase {
  30     private AbstractAuthorizationRule rule1;
  31
  32     private AbstractAuthorizationRule rule2;
  33
  34     private AbstractAuthorizationRule rule3;
  35
  36     private AuthorizationService service;
  37
  38     private TestUserAccessor userAccessor;
  39
  40     protected AuthorizationService getService() {
  41         return service;
  42     }
  43
  44     /*
  45      * (non-Javadoc)
  46      *
  47      * @see junit.framework.TestCase#setUp()
  48      */
  49     @Override
  50     protected void setUp() throws Exception {
  51         super.setUp();
  52
  53         userAccessor = new TestUserAccessor();
  54
  55         rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
  56         rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
  57         rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
  58
  59         service = createService();
  60         service.appendRule(rule1);
  61         service.appendRule(rule2);
  62         service.appendRule(rule3);
  63         checkRuleCount(3);
  64     }
  65
  66     protected void resetTestRules() {
  67         ((TestAuthorizationRule) rule1).reset();
  68         ((TestAuthorizationRule) rule2).reset();
  69         ((TestAuthorizationRule) rule3).reset();
  70     }
  71
  72     protected UserAccessor getUserAccessor() {
  73         return userAccessor;
  74     }
  75
  76     protected UserAdministration getUserAdministration() {
  77         return userAccessor.getUserAdmin();
  78     }
  79
  80     /**
  81      * Creates an authorization service with some rules for testing. .
  82      *
  83      * @return Authorization service.
  84      */
  85     protected AuthorizationService createService() {
  86         DefaultAuthorizationService svc = new DefaultAuthorizationService();
  87         svc.setUserAccessor(getUserAccessor());
  88         svc.setUserAdministration(getUserAdministration());
  89         return svc;
  90     }
  91
  92     protected AbstractAuthorizationRule createRule(AuthorizationResult aResult,
  93         String aGroup, String aPath, Class<? extends Operation> aOperation) {
  94         return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation);
  95     }
  96
  97     protected void checkMatchCount(int aCount, AuthorizationRule aRule) {
  98         TestAuthorizationRule testRule = (TestAuthorizationRule) aRule;
  99         assertEquals(aCount, testRule.getMatchCount());
 100         testRule.reset();
 101     }
 102
 103     protected Object createResource(String aPath) {
 104         return new TestResource(aPath);
 105     }
 106
 107     protected void checkRuleCount(int aCount) {
 108         // Empty
 109     }
 110
 111     /**
 112      * Several checks to verify the outcome of matching against the first rule.
 113      */
 114     public void testFirstRuleGrants() {
 115         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 116             new ReadOperation()));
 117         checkMatchCount(1, service.getRules()[0]);
 118         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 119             new WriteOperation()));
 120         checkMatchCount(1, service.getRules()[0]);
 121         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 122             new DeleteOperation()));
 123         checkMatchCount(1, service.getRules()[0]);
 124         assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"),
 125             new CreateOperation()));
 126         checkMatchCount(1, service.getRules()[0]);
 127         checkMatchCount(0, service.getRules()[1]);
 128         checkMatchCount(0, service.getRules()[2]);
 129     }
 130
 131     /**
 132      * Verify that a match with the second rule leads to a denial of
 133      * authorization.
 134      */
 135     public void testSecondRuleDenies() {
 136         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 137             new ReadOperation()));
 138         checkMatchCount(0, service.getRules()[0]);
 139         checkMatchCount(1, service.getRules()[1]);
 140         checkMatchCount(0, service.getRules()[2]);
 141     }
 142
 143     /**
 144      * Verifies that the third rule is used when appropriate and that it grants
 145      * access.
 146      */
 147     public void testThirdRuleGrants() {
 148         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 149             new WriteOperation()));
 150         checkMatchCount(0, service.getRules()[0]);
 151         checkMatchCount(0, service.getRules()[1]);
 152         checkMatchCount(1, service.getRules()[2]);
 153     }
 154
 155     /**
 156      * Removes a rule and checks it is removed.
 157      */
 158     public void testRemoveRule() {
 159         checkRuleCount(3);
 160         assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"),
 161             new WriteOperation()));
 162         service.removeRule(2);
 163         assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"),
 164             new WriteOperation()));
 165         checkRuleCount(2);
 166     }
 167
 168     /**
 169      * Inserts a rule and checks it is inserted.
 170      */
 171     public void testInsertRule() {
 172         checkRuleCount(3);
 173         assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"),
 174             new WriteOperation()));
 175         service.appendRule(createRule(GRANTED, "users", "/janse/",
 176             WriteOperation.class));
 177         assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"),
 178             new WriteOperation()));
 179         checkRuleCount(4);
 180     }
 181
 182     /**
 183      * Gets the rules. Verifies that all rules are obtained.
 184      */
 185     public void testGetRules() {
 186         AuthorizationRule[] rules = service.getRules();
 187         assertEquals(3, rules.length);
 188     }
 189
 190     /**
 191      * Verifies that when no rules match, access is denied.
 192      */
 193     public void testNoRulesSupportResource() {
 194         assertFalse(service.isAllowed(createResource("/xyxyxyxy"),
 195             new ReadOperation()));
 196         checkMatchCount(0, service.getRules()[0]);
 197         checkMatchCount(0, service.getRules()[1]);
 198         checkMatchCount(0, service.getRules()[2]);
 199     }
 200 }