/* * Copyright 2005 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.wamblee.security.authorization; import junit.framework.TestCase; import static org.wamblee.security.authorization.AuthorizationResult.DENIED; import static org.wamblee.security.authorization.AuthorizationResult.GRANTED; import org.wamblee.usermgt.UserAccessor; /** * Tests the authorization service. * * @author Erik Brakkee */ public class AuthorizationServiceTest extends TestCase { /** * DOCUMENT ME! */ private AuthorizationRule rule1; /** * DOCUMENT ME! */ private AuthorizationRule rule2; /** * DOCUMENT ME! */ private AuthorizationRule rule3; /** * DOCUMENT ME! */ private AuthorizationService service; /** * DOCUMENT ME! * * @return DOCUMENT ME! */ protected AuthorizationService getService() { return service; } /* (non-Javadoc) * @see junit.framework.TestCase#setUp() */ /** * DOCUMENT ME! * * @throws Exception DOCUMENT ME! */ @Override protected void setUp() throws Exception { super.setUp(); rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class); rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class); rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class); service = createService(); service.appendRule(rule1); service.appendRule(rule2); service.appendRule(rule3); } /** * DOCUMENT ME! */ protected void resetTestRules() { ((TestAuthorizationRule) rule1).reset(); ((TestAuthorizationRule) rule2).reset(); ((TestAuthorizationRule) rule3).reset(); } /** * DOCUMENT ME! * * @return DOCUMENT ME! */ protected UserAccessor createUserAccessor() { return new TestUserAccessor(); } /** * Creates an authorization service with some rules for testing. . * * @return Authorization service. */ protected AuthorizationService createService() { DefaultAuthorizationService service = new DefaultAuthorizationService(); service.setUserAccessor(createUserAccessor()); return service; } /** * DOCUMENT ME! * * @param aResult DOCUMENT ME! * @param aGroup DOCUMENT ME! * @param aPath DOCUMENT ME! * @param aOperation DOCUMENT ME! * * @return DOCUMENT ME! */ protected AuthorizationRule createRule(AuthorizationResult aResult, String aGroup, String aPath, Class aOperation) { return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation); } /** * DOCUMENT ME! * * @param aCount DOCUMENT ME! * @param aRule DOCUMENT ME! */ protected void checkMatchCount(int aCount, AuthorizationRule aRule) { assertEquals(aCount, ((TestAuthorizationRule) aRule).getMatchCount()); } /** * DOCUMENT ME! * * @param aPath DOCUMENT ME! * * @return DOCUMENT ME! */ protected Object createResource(String aPath) { return new TestResource(aPath); } /** * DOCUMENT ME! * * @param aCount DOCUMENT ME! */ protected void checkRuleCount(int aCount) { // Empty } /** * Several checks to verify the outcome of matching against the * first rule. */ public void testFirstRuleGrants() { assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), new ReadOperation())); checkMatchCount(1, rule1); assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), new WriteOperation())); checkMatchCount(2, rule1); assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), new DeleteOperation())); checkMatchCount(3, rule1); assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), new CreateOperation())); checkMatchCount(4, rule1); checkMatchCount(0, rule2); checkMatchCount(0, rule3); } /** * Verify that a match with the second rule leads to a denial of * authorization. */ public void testSecondRuleDenies() { assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"), new ReadOperation())); checkMatchCount(0, rule1); checkMatchCount(1, rule2); checkMatchCount(0, rule3); } /** * Verifies that the third rule is used when appropriate and that * it grants access. */ public void testThirdRuleGrants() { assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation())); checkMatchCount(0, rule1); checkMatchCount(0, rule2); checkMatchCount(1, rule3); } /** * Removes a rule and checks it is removed. */ public void testRemoveRule() { checkRuleCount(3); assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation())); service.removeRule(2); assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"), new WriteOperation())); checkRuleCount(2); } /** * Inserts a rule and checks it is inserted. */ public void testInsertRule() { checkRuleCount(3); assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation())); service.appendRule(createRule(GRANTED, "users", "/janse/", WriteOperation.class)); assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"), new WriteOperation())); checkRuleCount(4); } /** * Gets the rules. Verifies that all rules are obtained. */ public void testGetRules() { AuthorizationRule[] rules = service.getRules(); assertEquals(3, rules.length); } /** * Verifies that when no rules match, access is denied. */ public void testNoRulesSupportResource() { assertFalse(service.isAllowed(createResource("/xyxyxyxy"), new ReadOperation())); checkMatchCount(0, rule1); checkMatchCount(0, rule2); checkMatchCount(0, rule3); } }