X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=security%2Fusermgt%2Fsrc%2Ftest%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FAuthorizationServiceTest.java;fp=security%2Fusermgt%2Fsrc%2Ftest%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FAuthorizationServiceTest.java;h=3e6f159412448e29d7d9e199dec025919e5f5c59;hb=9449ea0f360f6e9c14057db57f3ee0bfba947ab4;hp=0000000000000000000000000000000000000000;hpb=e8b988e92306a4aea2f047af1b48588147288831;p=utils diff --git a/security/usermgt/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java b/security/usermgt/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java new file mode 100644 index 00000000..3e6f1594 --- /dev/null +++ b/security/usermgt/src/test/java/org/wamblee/security/authorization/AuthorizationServiceTest.java @@ -0,0 +1,201 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import static org.wamblee.security.authorization.AuthorizationResult.*; +import junit.framework.TestCase; + +import org.wamblee.security.authentication.UserAccessor; +import org.wamblee.security.authentication.UserAdministration; + +/** + * Tests the authorization service. + * + * @author Erik Brakkee + */ +public class AuthorizationServiceTest extends TestCase { + private AbstractAuthorizationRule rule1; + + private AbstractAuthorizationRule rule2; + + private AbstractAuthorizationRule rule3; + + private AuthorizationService service; + + private TestUserAccessor userAccessor; + + + protected AuthorizationService getService() { + return service; + } + + /* + * (non-Javadoc) + * + * @see junit.framework.TestCase#setUp() + */ + @Override + protected void setUp() throws Exception { + super.setUp(); + + userAccessor = new TestUserAccessor(); + + rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class); + rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class); + rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class); + + service = createService(); + service.appendRule(rule1); + service.appendRule(rule2); + service.appendRule(rule3); + checkRuleCount(3); + } + + protected void resetTestRules() { + ((TestAuthorizationRule) rule1).reset(); + ((TestAuthorizationRule) rule2).reset(); + ((TestAuthorizationRule) rule3).reset(); + } + + protected UserAccessor getUserAccessor() { + return userAccessor; + } + + protected UserAdministration getUserAdministration() { + return userAccessor.getUserAdmin(); + } + + /** + * Creates an authorization service with some rules for testing. . + * + * @return Authorization service. + */ + protected AuthorizationService createService() { + DefaultAuthorizationService svc = new DefaultAuthorizationService(); + svc.setUserAccessor(getUserAccessor()); + svc.setUserAdministration(getUserAdministration()); + return svc; + } + + protected AbstractAuthorizationRule createRule(AuthorizationResult aResult, + String aGroup, String aPath, Class aOperation) { + return new TestAuthorizationRule(aResult, aGroup, aPath, aOperation); + } + + protected void checkMatchCount(int aCount, AuthorizationRule aRule) { + TestAuthorizationRule testRule = (TestAuthorizationRule) aRule; + assertEquals(aCount, testRule.getMatchCount()); + testRule.reset(); + } + + protected Object createResource(String aPath) { + return new TestResource(aPath); + } + + protected void checkRuleCount(int aCount) { + // Empty + } + + /** + * Several checks to verify the outcome of matching against the first rule. + */ + public void testFirstRuleGrants() { + assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), + new ReadOperation())); + checkMatchCount(1, service.getRules()[0]); + assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), + new WriteOperation())); + checkMatchCount(1, service.getRules()[0]); + assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), + new DeleteOperation())); + checkMatchCount(1, service.getRules()[0]); + assertTrue(service.isAllowed(createResource("/oni/xyz.jpg"), + new CreateOperation())); + checkMatchCount(1, service.getRules()[0]); + checkMatchCount(0, service.getRules()[1]); + checkMatchCount(0, service.getRules()[2]); + } + + /** + * Verify that a match with the second rule leads to a denial of + * authorization. + */ + public void testSecondRuleDenies() { + assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"), + new ReadOperation())); + checkMatchCount(0, service.getRules()[0]); + checkMatchCount(1, service.getRules()[1]); + checkMatchCount(0, service.getRules()[2]); + } + + /** + * Verifies that the third rule is used when appropriate and that it grants + * access. + */ + public void testThirdRuleGrants() { + assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"), + new WriteOperation())); + checkMatchCount(0, service.getRules()[0]); + checkMatchCount(0, service.getRules()[1]); + checkMatchCount(1, service.getRules()[2]); + } + + /** + * Removes a rule and checks it is removed. + */ + public void testRemoveRule() { + checkRuleCount(3); + assertTrue(service.isAllowed(createResource("/abc/xyz.jpg"), + new WriteOperation())); + service.removeRule(2); + assertFalse(service.isAllowed(createResource("/abc/xyz.jpg"), + new WriteOperation())); + checkRuleCount(2); + } + + /** + * Inserts a rule and checks it is inserted. + */ + public void testInsertRule() { + checkRuleCount(3); + assertFalse(service.isAllowed(createResource("/janse/xyz.jpg"), + new WriteOperation())); + service.appendRule(createRule(GRANTED, "users", "/janse/", + WriteOperation.class)); + assertTrue(service.isAllowed(createResource("/janse/xyz.jpg"), + new WriteOperation())); + checkRuleCount(4); + } + + /** + * Gets the rules. Verifies that all rules are obtained. + */ + public void testGetRules() { + AuthorizationRule[] rules = service.getRules(); + assertEquals(3, rules.length); + } + + /** + * Verifies that when no rules match, access is denied. + */ + public void testNoRulesSupportResource() { + assertFalse(service.isAllowed(createResource("/xyxyxyxy"), + new ReadOperation())); + checkMatchCount(0, service.getRules()[0]); + checkMatchCount(0, service.getRules()[1]); + checkMatchCount(0, service.getRules()[2]); + } +}