aUser.setPasswordEncoder(passwordEncoder);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#createUser(java.lang.String,
- * java.lang.String, org.wamblee.usermgt.Group)
- */
- public User createUser(String aUsername, String aPassword, Group aGroup)
- throws UserMgtException {
- User user = new User(aUsername, aPassword, aGroup, passwordValidator,
+ @Override
+ public User createUser(String aUsername, String aPassword) {
+ User user = new User(aUsername, aPassword, passwordValidator,
passwordEncoder);
if (contains(user)) {
users = new TreeSet<User>();
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#userModified(org.wamblee.usermgt.User)
- */
+ @Override
public void userModified(User aUser) {
users.remove(aUser);
setPasswordInfo(aUser);
users.add(aUser);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#find(java.lang.String)
- */
+ @Override
public User find(String aName) {
for (User user : users) {
if (user.getName().equals(aName)) {
- return new User(user);
+ return user;
}
}
return null;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#add(org.wamblee.usermgt.User)
- */
+ @Override
public boolean add(User aUser) {
setPasswordInfo(aUser);
return users.add(aUser);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#contains(org.wamblee.usermgt.User)
- */
+ @Override
public boolean contains(User aUser) {
return users.contains(aUser);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#remove(org.wamblee.usermgt.User)
- */
+ @Override
public boolean remove(User aUser) {
return users.remove(aUser);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#list()
- */
+ @Override
public Set<User> list() {
Set<User> list = new TreeSet<User>();
-
- for (User user : users) {
- list.add(new User(user));
- }
-
+ list.addAll(users);
return list;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#list(org.wamblee.usermgt.Group)
- */
+ @Override
public Set<User> list(Group aGroup) {
Set<User> result = new TreeSet<User>();
for (User user : users) {
if (user.getGroups().contains(aGroup)) {
- result.add(new User(user));
+ result.add(user);
}
}
return result;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#size()
- */
+ @Override
public int size() {
return users.size();
}
+
+ @Override
+ public void clearCache() {
+ // Empty
+ }
}
}
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAccessor#getCurrentUser()
- */
- public User getCurrentUser() {
+ @Override
+ public String getCurrentUser() {
Subject subject = Subject.getSubject(AccessController.getContext());
if (subject == null) {
Principal userPrincipal = getUserPrincipal(subject);
- return admin.getUser(userPrincipal.getName());
+ return userPrincipal.getName();
}
/**
* @param aName
* Name
*
- * @throws UserMgtException
- * In case the name is invalid.
+ * @return True iff the validationo is ok.
*/
- void validate(String aName) throws UserMgtException;
+ boolean validate(String aName);
}
*
* @see org.wamblee.usermgt.NameValidator#validate(java.lang.String)
*/
- public void validate(String aName) throws UserMgtException {
- if (!aName.matches(pattern)) {
- throw new UserMgtException(reason, message);
- }
+ @Override
+ public boolean validate(String aName) {
+ return aName.matches(pattern);
}
}
* User name.
* @param aPassword
* Password.
- * @param aGroup
- * Group the user belongs to.
*/
- User(String aName, String aPassword, Group aGroup,
- NameValidator aPasswordValidator, MessageDigester aPasswordEncoder)
- throws UserMgtException {
+ User(String aName, String aPassword, NameValidator aPasswordValidator,
+ MessageDigester aPasswordEncoder) {
super();
name = aName;
aPasswordValidator.validate(aPassword);
password = aPasswordEncoder.hash(aPassword);
groups = new TreeSet<Group>();
- groups.add(aGroup);
passwordValidator = aPasswordValidator;
passwordEncoder = aPasswordEncoder;
}
* @param aPassword
* Password to check.
*
- * @throws UserMgtException
- * In case the password is incorrect.
+ * @return True iff the password is correct.
*/
- public void checkPassword(String aPassword) throws UserMgtException {
+ public boolean checkPassword(String aPassword) {
String encoded = passwordEncoder.hash(aPassword);
- if (!password.equals(encoded)) {
- throw new UserMgtException(Reason.INVALID_PASSWORD, this);
- }
+ return password.equals(encoded);
}
/**
* @param aNewPassword
* New password.
*
- * @throws UserMgtException
- * In case the old password is incorrect.
+ * @return True iff the password was changed successfully.
*/
- public void changePassword(String aOldPassword, String aNewPassword)
- throws UserMgtException {
- checkPassword(aOldPassword);
+ public boolean changePassword(String aOldPassword, String aNewPassword) {
+ if (!checkPassword(aOldPassword)) {
+ return false;
+ }
passwordValidator.validate(aNewPassword);
setPassword(aNewPassword);
+ return true;
}
/**
* The password to set.
*
*/
- public void setPassword(String aPassword) throws UserMgtException {
+ public void setPassword(String aPassword) {
passwordValidator.validate(aPassword);
password = passwordEncoder.hash(aPassword);
}
* @throws UserMgtException
* In case the user does not belong to the group.
*/
- void removeGroup(Group aGroup) throws UserMgtException {
+ void removeGroup(Group aGroup) {
if (!groups.contains(aGroup)) {
throw new UserMgtException(Reason.USER_NOT_IN_GROUP, this, aGroup);
}
- if (groups.size() == 1) {
- throw new UserMgtException(Reason.USER_MUST_BE_IN_A_GROUP, this,
- aGroup);
- }
-
groups.remove(aGroup);
}
*
* @return Currently logged in user or null if no user is found.
*/
- User getCurrentUser();
+ String getCurrentUser();
}
String group = aGroups[i];
String password = aPasswords[i];
- if (aAdmin.getUser(user) == null) {
- // must create user.
- Group groupObj = aAdmin.getGroup(group);
-
- if (groupObj == null) {
+ if (!aAdmin.checkUser(user)) {
+ if (!(aAdmin.checkGroup(group))) {
// must create group
LOGGER.info("Creating group: " + group);
- groupObj = aAdmin.createGroup(group);
+ aAdmin.createGroup(group);
}
- assert groupObj != null;
-
LOGGER
.info("Creating user: " + user + " password: " + password);
- aAdmin.createUser(user, password, groupObj);
+ aAdmin.createUser(user, password);
+ aAdmin.addUserToGroup(user, group);
}
}
}
*/
package org.wamblee.security.authentication;
+import java.util.List;
import java.util.Set;
+import org.wamblee.security.authentication.UserMgtException.Reason;
+
/**
* Interface for user administration. Manages the users and groups.
*
* Username.
* @param aPassword
* Password.
- * @param aGroup
- * Group.
*
* @return User.
*
* @throws UserMgtException
* In case there is a conflict with an existing user.
*/
- User createUser(String aUser, String aPassword, Group aGroup)
- throws UserMgtException;
+ void createUser(String aUser, String aPassword);
/**
* Creates a new group.
* @throws UserMgtException
* In case there is a conflict with an existing group.
*/
- Group createGroup(String aName) throws UserMgtException;
-
+ void createGroup(String aName);
+
/**
+ * Checks if a user exists.
+ * @param aUser User to check.
+ * @return True iff user exists.
+ */
+ boolean checkUser(String aUser);
+
+
+ /**
+ * Check if a group exists.
+ * @param aGroup Group.
+ * @return True iff group exists.
+ */
+ boolean checkGroup(String aGroup);
+
+ /**
+ * Checks the password.
*
- * @return Number of users.
+ * @param aUser
+ * User to check password for.
+ * @param aPassword
+ * Password to check.
+ * @throws UserMgtException In case user does not exist.
+ * @return True iff password is ok.
*/
- int getUserCount();
+ boolean checkPassword(String aUser, String aPassword);
/**
+ * Changes the password.
*
- * @return Number of groups.
+ * @param aUser
+ * User.
+ * @param aOldPassword
+ * Old password.
+ * @param aNewPassword
+ * New password.
+ *
+ * @throws UserMgtException Inc ase the user does not exist.
+ * @return True if the password was changed.
*/
- int getGroupCount();
+ boolean changePassword(String aUser, String aOldPassword, String aNewPassword);
/**
- * Must be called when the user is modified.
*
* @param aUser
* User.
- * @return The modified user. The user passed in to this call should be considered invalid.
+ * @param aPassword
+ * The password to set.
+ *
+ * @throws UserMgtException Inc ase the user does not exist.
*/
- void userModified(User aUser);
+ void setPassword(String aUser, String aPassword);
/**
- * Must be called when the group is modified.
- *
- * @param aGroup
- * Group.
+ * Checks if the user belongs to the given group.
+ * @param aUser User
+ * @param aGroup Group.
+ * @return True iff user is in group
+ * @throws UserMgtException In case the user or group do not exist.
*/
- void groupModified(Group aGroup);
+ boolean isInGroup(String aUser, String aGroup);
/**
- * Gets the user for a given name.
- *
- * @param aName
- * User name.
*
- * @return User or null if not found.
+ * @return Number of users.
*/
- User getUser(String aName);
+ int getUserCount();
/**
- * Gets the group for a given group name.
*
- * @param aName
- * Group name.
- *
- * @return Group or null if not found.
+ * @return Number of groups.
*/
- Group getGroup(String aName);
+ int getGroupCount();
/**
* Get the users.
*
* @return All known users.
*/
- Set<User> getUsers();
+ List<String> getUsers();
/**
* Gets the users for a given group.
* Group.
* @return Set of users (always non-null).
*/
- Set<User> getUsers(Group aGroup);
+ List<String> getUsers(String aGroup);
/**
- * Gets all known groups.
+ * Gets all groups.
*
* @return Groups.
*/
- Set<Group> getGroups();
+ List<String> getGroups();
+ /**
+ * Gets all groups for a given user.
+ *
+ * @param aUser user.
+ * @return Groups.
+ */
+ List<String> getGroups(String aUser);
+
/**
* Renames a user.
*
- * @param aUser
- * User object for which user name must be changed.
+ * @param aOldUserName
+ * Current user name.
* @param aUserName
* New user name.
*
* In case the user is not known or the new user name is already
* in use by another user.
*/
- void renameUser(User aUser, String aUserName) throws UserMgtException;
+ void renameUser(String aOldUserName, String aUserName);
/**
* Renames a group.
* In case the new group name is already used by another group
* of if the existing group is unknown.
*/
- void renameGroup(Group aGroup, String aGroupName) throws UserMgtException;
+ void renameGroup(String aOldGroup, String aGroupName);
/**
* Removes the user.
* @throws UserMgtException
* In case the user does not exist.
*/
- void removeUser(User aUser) throws UserMgtException;
+ void removeUser(String aUser);
/**
* Removes the group.
* @throws UserMgtException
* In case there are still users that are in the given group.
*/
- void removeGroup(Group aGroup) throws UserMgtException;
+ void removeGroup(String aGroup);
/**
* Adds a user to a group.
* In case the user or group or not known or if the user is
* already part of the group.
*/
- void addUserToGroup(User aUser, Group aGroup) throws UserMgtException;
+ void addUserToGroup(String aUser, String aGroup);
/**
* Removes a user from a group.
* In case the user or group are unknown or if the user is not
* part of the group.
*/
- void removeUserFromGroup(User aUser, Group aGroup) throws UserMgtException;
+ void removeUserFromGroup(String aUser, String aGroup);
}
import static org.wamblee.security.authentication.UserMgtException.Reason.*;
+import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
+import org.wamblee.security.authentication.UserMgtException.Reason;
+
/**
* Administration of users and groups.
*
* @see org.wamblee.usermgt.UserAdministration#createUser(java.lang.String,
* java.lang.String)
*/
- public User createUser(String aUser, String aPassword, Group aGroup)
- throws UserMgtException {
- userValidator.validate(aUser);
- checkGroup(aGroup);
-
- User user = users.createUser(aUser, aPassword, aGroup);
+ @Override
+ public void createUser(String aUser, String aPassword) {
+ if (!userValidator.validate(aUser)) {
+ throw new UserMgtException(Reason.INVALID_USERNAME, aUser);
+ }
- return new User(user);
+ users.createUser(aUser, aPassword);
}
/*
*
* @see org.wamblee.usermgt.UserAdministration#createGroup(java.lang.String)
*/
- public Group createGroup(String aName) throws UserMgtException {
- groupValidator.validate(aName);
+ @Override
+ public void createGroup(String aName) {
+ if (!groupValidator.validate(aName)) {
+ throw new UserMgtException(Reason.INVALID_GROUPNAME, aName);
+ }
Group group = new Group(aName);
}
groups.add(group);
+ }
- return new Group(group);
+ @Override
+ public boolean checkUser(String aUser) {
+ return users.find(aUser) != null;
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#userModified(org.wamblee.usermgt
- * .User)
- */
- public void userModified(User aUser) {
- users.userModified(aUser);
+ @Override
+ public boolean checkGroup(String aGroup) {
+ return groups.find(aGroup) != null;
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#groupModified(org.wamblee.usermgt
- * .Group)
- */
- public void groupModified(Group aGroup) {
- groups.groupModified(aGroup);
+ @Override
+ public boolean checkPassword(String aUser, String aPassword) {
+ User user = requireUser(aUser, "While checking password");
+ return user.checkPassword(aPassword);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAdministration#getUser(java.lang.String)
- */
- public User getUser(String aName) {
- User user = users.find(aName);
+ private User requireUser(String aUser, String aMsg) {
+ User user = users.find(aUser);
if (user == null) {
- return user;
+ throw new UserMgtException(Reason.UNKNOWN_USER, aMsg);
}
- return new User(user);
+ return user;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAdministration#getGroup(java.lang.String)
- */
- public Group getGroup(String aName) {
- Group group = groups.find(aName);
- if ( group == null ) {
- return group;
+ private Group requireGroup(String aGroup, String aMsg) {
+ Group group = groups.find(aGroup);
+ if (group == null) {
+ throw new UserMgtException(Reason.UNKNOWN_GROUP, aMsg);
}
- return new Group(group);
+ return group;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAdministration#getUsers()
- */
- public Set<User> getUsers() {
- Set<User> res = new HashSet<User>();
- for (User user: users.list()) {
- res.add(new User(user));
- }
- return res;
+ @Override
+ public boolean changePassword(String aUser, String aOldPassword,
+ String aNewPassword) {
+ User user = requireUser(aUser, "While checking password");
+ boolean res = user.changePassword(aOldPassword, aNewPassword);
+ users.userModified(user);
+ return res;
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#getUsers(org.wamblee.usermgt.Group
- * )
- */
- public Set<User> getUsers(Group aGroup) {
- Set<User> res = new HashSet<User>();
- for (User user: users.list(aGroup)) {
- res.add(new User(user));
+ @Override
+ public void setPassword(String aUser, String aPassword) {
+ User user = requireUser(aUser, "While setting password");
+ user.setPassword(aPassword);
+ users.userModified(user);
+ }
+
+ @Override
+ public boolean isInGroup(String aUser, String aGroup) {
+ User user = requireUser(aUser,
+ "While checking whether user belongs to group");
+ return user.isInGroup(aGroup);
+ }
+
+ @Override
+ public int getUserCount() {
+ return users.size();
+ }
+
+ @Override
+ public int getGroupCount() {
+ return groups.size();
+ }
+
+ @Override
+ public List<String> getUsers() {
+ List<String> res = new ArrayList<String>();
+ for (User user : users.list()) {
+ res.add(user.getName());
}
return res;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAdministration#getGroups()
- */
- public Set<Group> getGroups() {
- Set<Group> res = new HashSet<Group>();
- for (Group group: groups.list()) {
- res.add(new Group(group));
+ @Override
+ public List<String> getUsers(String aGroup) {
+ Group group = requireGroup(aGroup, "While finding users for group");
+ List<String> res = new ArrayList<String>();
+ for (User user : users.list(group)) {
+ res.add(user.getName());
}
- return res;
+ return res;
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#removeUser(org.wamblee.usermgt
- * .User)
- */
- public void removeUser(User aUser) throws UserMgtException {
- checkUser(aUser);
- users.remove(aUser);
+ @Override
+ public List<String> getGroups() {
+ List<String> res = new ArrayList<String>();
+ for (Group group : groups.list()) {
+ res.add(group.getName());
+ }
+ return res;
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#removeGroup(org.wamblee.usermgt
- * .Group)
- */
- public void removeGroup(Group aGroup) throws UserMgtException {
- checkGroup(aGroup);
-
- if (getUsers(aGroup).size() > 0) {
- throw new UserMgtException(GROUP_STILL_OCCUPIED, aGroup);
+ @Override
+ public List<String> getGroups(String aUser) {
+ User user = requireUser(aUser, "While getting list of groups");
+ List<String> res = new ArrayList<String>();
+ for (Group g : user.getGroups()) {
+ res.add(g.getName());
}
-
- groups.remove(aGroup);
+ return res;
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#renameUser(org.wamblee.usermgt
- * .User, java.lang.String)
- */
- public void renameUser(User aUser, String aUserName)
- throws UserMgtException {
- checkUser(aUser);
+ @Override
+ public void renameUser(String aOldUsername, String aNewUsername) {
+ User user = requireUser(aOldUsername, "While renaming user");
- if (aUser.getName().equals(aUserName)) {
- throw new UserMgtException(TRIVIAL_RENAME, aUser);
+ if (aOldUsername.equals(aNewUsername)) {
+ return; // nothing to do.
}
- if (users.find(aUserName) != null) {
- throw new UserMgtException(DUPLICATE_USER, aUser);
+ if (users.find(aNewUsername) != null) {
+ throw new UserMgtException(DUPLICATE_USER, aNewUsername);
}
- userValidator.validate(aUserName);
+ if (!userValidator.validate(aNewUsername)) {
+ throw new UserMgtException(Reason.INVALID_USERNAME, aNewUsername);
+ }
- aUser.setName(aUserName);
- users.userModified(aUser);
+ user.setName(aNewUsername);
+ users.userModified(user);
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#renameGroup(org.wamblee.usermgt
- * .Group, java.lang.String)
- */
- public void renameGroup(Group aGroup, String aGroupName)
- throws UserMgtException {
- checkGroup(aGroup);
+ @Override
+ public void renameGroup(String aOldGroup, String aNewGroup) {
+ Group group = requireGroup(aOldGroup, "While renaming group");
- if (aGroup.getName().equals(aGroupName)) {
- throw new UserMgtException(TRIVIAL_RENAME, aGroup);
+ if (aOldGroup.equals(aNewGroup)) {
+ return; // OK.
}
- if (groups.find(aGroupName) != null) {
- throw new UserMgtException(DUPLICATE_GROUP, aGroup);
+ if (groups.find(aNewGroup) != null) {
+ throw new UserMgtException(DUPLICATE_GROUP, aNewGroup);
}
- groupValidator.validate(aGroupName);
+ if (!groupValidator.validate(aNewGroup)) {
+ throw new UserMgtException(Reason.INVALID_GROUPNAME, aNewGroup);
+ }
- aGroup.setName(aGroupName);
- groups.groupModified(aGroup);
+ group.setName(aNewGroup);
+ groups.groupModified(group);
+ // Because a group has changed, a cached user could contain reference to an old copy of the
+ // group. Therefore, we clear the cache in this case.
+ users.clearCache();
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#addUserToGroup(org.wamblee.usermgt
- * .User, org.wamblee.usermgt.Group)
- */
- public void addUserToGroup(User aUser, Group aGroup)
- throws UserMgtException {
- checkUser(aUser);
- checkGroup(aGroup);
- aUser.addGroup(aGroup);
- users.userModified(aUser);
+ @Override
+ public void removeUser(String aUser) {
+ User user = requireUser(aUser, "While removing user");
+ boolean removed = users.remove(user);
+ if (!removed) {
+ throw new UserMgtException(Reason.UNKNOWN_USER, aUser);
+ }
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.usermgt.UserAdministration#removeUserFromGroup(org.wamblee
- * .usermgt.User, org.wamblee.usermgt.Group)
- */
- public void removeUserFromGroup(User aUser, Group aGroup)
- throws UserMgtException {
- checkUser(aUser);
- checkGroup(aGroup);
- aUser.removeGroup(aGroup);
- users.userModified(aUser);
- }
+ @Override
+ public void removeGroup(String aGroup) {
+ Group group = requireGroup(aGroup, "While removing group");
- /**
- *
- * @param aUser
- *
- * @throws UserMgtException
- */
- private void checkUser(User aUser) throws UserMgtException {
- if (!users.contains(aUser)) {
- throw new UserMgtException(UNKNOWN_USER, aUser);
+ if (getUsers(aGroup).size() > 0) {
+ throw new UserMgtException(GROUP_STILL_OCCUPIED, aGroup);
}
- }
- /**
- *
- * @param aGroup
- *
- * @throws UserMgtException
- */
- private void checkGroup(Group aGroup) throws UserMgtException {
- if (!groups.contains(aGroup)) {
- throw new UserMgtException(UNKNOWN_GROUP, aGroup);
+ boolean removed = groups.remove(group);
+ if (!removed) {
+ throw new UserMgtException(Reason.UNKNOWN_GROUP, aGroup);
}
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAdministration#getUserCount()
- */
- public int getUserCount() {
- return users.size();
+ @Override
+ public void addUserToGroup(String aUser, String aGroup) {
+ User user = requireUser(aUser, "While adding user to group");
+ Group group = requireGroup(aGroup, "While adding user to group");
+ user.addGroup(group);
+ users.userModified(user);
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAdministration#getGroupCount()
- */
- public int getGroupCount() {
- return groups.size();
+ @Override
+ public void removeUserFromGroup(String aUser, String aGroup) {
+ User user = requireUser(aUser, "While removing user from group");
+ Group group = requireGroup(aGroup, "While removing user from group");
+ user.removeGroup(group);
+ users.userModified(user);
}
}
*
* @author Erik Brakkee
*/
-public class UserMgtException extends Exception {
+public class UserMgtException extends RuntimeException {
static final long serialVersionUID = 5585349754997507529L;
/**
MESSAGES.put(Reason.DUPLICATE_GROUP, "Duplicate group");
MESSAGES.put(Reason.USER_ALREADY_IN_GROUP, "User already in group");
MESSAGES.put(Reason.USER_NOT_IN_GROUP, "User not in group");
- MESSAGES.put(Reason.TRIVIAL_RENAME, "Trivial rename");
MESSAGES.put(Reason.INVALID_PASSWORD, "Invalid password");
MESSAGES.put(Reason.GROUP_STILL_OCCUPIED, "Group still occupied");
MESSAGES.put(Reason.USER_MUST_BE_IN_A_GROUP,
*
*/
public enum Reason {
- UNKNOWN_USER, UNKNOWN_GROUP, DUPLICATE_USER, DUPLICATE_GROUP, USER_ALREADY_IN_GROUP, USER_NOT_IN_GROUP, TRIVIAL_RENAME, INVALID_PASSWORD, GROUP_STILL_OCCUPIED, USER_MUST_BE_IN_A_GROUP, INVALID_USERNAME, INVALID_GROUPNAME;
+ UNKNOWN_USER, UNKNOWN_GROUP, DUPLICATE_USER, DUPLICATE_GROUP, USER_ALREADY_IN_GROUP, USER_NOT_IN_GROUP, INVALID_PASSWORD, GROUP_STILL_OCCUPIED, USER_MUST_BE_IN_A_GROUP, INVALID_USERNAME, INVALID_GROUPNAME;
}
}
* User name.
* @param aPassword
* Password.
- * @param aGroup
- * Group.
*
* @return New user.
*
* @throws UserMgtException
* In case the user cannot be created.
*/
- User createUser(String aUsername, String aPassword, Group aGroup)
+ User createUser(String aUsername, String aPassword)
throws UserMgtException;
/**
boolean add(User aUser);
/**
- * Removes a user. If the user does not exist, nothing happens.
- *
- * @param aUser
+ * Removes a user.
+ *
+ * @param aUser User to remove
+ * @return True iff user was removed.
*
*/
boolean remove(User aUser);
* @return The number of users.
*/
int size();
+
+ /**
+ * Clears the user cache.
+ */
+ void clearCache();
}
import javax.persistence.TypedQuery;
import org.wamblee.cache.Cache;
+import org.wamblee.cache.ZeroCache;
import org.wamblee.persistence.JpaMergeSupport;
import org.wamblee.security.authentication.AbstractUserSet;
import org.wamblee.security.authentication.Group;
entityManager = aEntityManager;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#userModified(org.wamblee.usermgt.User)
- */
+ @Override
public void userModified(User aUser) {
assert aUser.getPrimaryKey() != null;
User merged = entityManager.merge(aUser);
cache.put(aUser.getName(), new User(aUser));
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#find(java.lang.String)
- */
+ @Override
public User find(String aName) {
User user = cache.get(aName);
query.setParameter(User.NAME_PARAM, aName);
try {
user = query.getSingleResult();
- user = new User(user);
setPasswordInfo(user);
cache.put(aName, user);
return user;
}
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#contains(org.wamblee.usermgt.User)
- */
+ @Override
public boolean contains(User aUser) {
return find(aUser.getName()) != null;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#add(org.wamblee.usermgt.User)
- */
+ @Override
public boolean add(User aUser) {
assert aUser.getPrimaryKey() == null;
return true;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#remove(org.wamblee.usermgt.User)
- */
+ @Override
public boolean remove(User aUser) {
if (!contains(aUser)) {
return false;
return true;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#list()
- */
+ @Override
public Set<User> list() {
Set<User> users = new TreeSet<User>();
List<User> list = entityManager.createNamedQuery(User.QUERY_ALL_USERS,
return users;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#list(org.wamblee.usermgt.Group)
- */
+ @Override
public Set<User> list(Group aGroup) {
Set<User> users = new TreeSet<User>();
TypedQuery<User> query = entityManager.createNamedQuery(
return users;
}
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserSet#size()
- */
+ @Override
public int size() {
Long result = entityManager.createNamedQuery(User.QUERY_COUNT_USERS, Long.class).getSingleResult();
return result.intValue();
}
+
+ @Override
+ public void clearCache() {
+ cache.clear();
+ }
}
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.Table;
+import javax.persistence.Transient;
import javax.persistence.Version;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Represents an authorization rule to determine whether an operation is allowed
import javax.persistence.Entity;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Matches any user.
public AnyUserCondition() {
// Empty.
}
+
+ @Override
+ public void setUserAdmin(UserAdministration aAdmin) {
+ // Empty. Don't need user admin.
+ }
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.UserCondition#matches(org.wamblee.
- * usermgt.User)
- */
- public boolean matches(User aUser) {
+ @Override
+ public boolean matches(String aUser) {
return true;
}
public String toString() {
return "AnyUserCondition()";
}
+
}
package org.wamblee.security.authorization;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Represents an authorization rule to determine whether an operation is allowed
* @author Erik Brakkee
*/
public interface AuthorizationRule {
+
+ /**
+ * Sets the user admnistration to use.
+ * @param aAdmin User administration.
+ */
+ void setUserAdministration(UserAdministration aAdmin);
/**
* Returns the supported object types for which this authorization rule
*
* @return Array of supported types.
*/
- public abstract Class[] getSupportedTypes();
+ Class[] getSupportedTypes();
/**
* Determines whether an operation is allowed on a certain resource. The
*
* @return Authorization result.
*/
- public abstract AuthorizationResult isAllowed(Object aResource,
- Operation aOperation, User aUser);
+ AuthorizationResult isAllowed(Object aResource,
+ Operation aOperation, String aUser);
}
\ No newline at end of file
package org.wamblee.security.authorization;
import org.wamblee.security.authentication.UserAccessor;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Service to determine if access to a certain resource is allowed.
* User accessor.
*/
void setUserAccessor(UserAccessor aUserAccessor);
+
+ /**
+ * Sets the user administration so that the authorization service can check
+ * information for the the current user.
+ *
+ * @param aUserAdmin User administration.
+ */
+ void setUserAdministration(UserAdministration aUserAdmin);
}
\ No newline at end of file
import org.wamblee.security.authentication.User;
import org.wamblee.security.authentication.UserAccessor;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Default implementation of an authorization service. To determine whether
@Entity
@DiscriminatorValue("DEFAULT")
public class DefaultAuthorizationService extends AbstractAuthorizationService {
-
-
+
/**
* List of ordered authorization rules.
*/
@Transient
private UserAccessor userAccessor;
+ @Transient
+ private UserAdministration userAdmin;
+
/**
* Constructs the service.
*
* @param aAccessor
* User accessor.
+ * @param aUserAdmin
+ * User administration.
* @param aName
* Name of this instance of the service.
*/
- public DefaultAuthorizationService(UserAccessor aAccessor, String aName) {
+ public DefaultAuthorizationService(UserAccessor aAccessor,
+ UserAdministration aUserAdmin, String aName) {
super(aName);
rules = new ArrayList<AuthorizationRule>();
userAccessor = aAccessor;
+ userAdmin = aUserAdmin;
}
/**
public DefaultAuthorizationService() {
rules = new ArrayList<AuthorizationRule>();
userAccessor = null;
+ userAdmin = null;
}
- /**
- * Sets the user accessor.
- *
- * @param aUserAccessor
- * User accessor.
- */
+
@Override
public void setUserAccessor(UserAccessor aUserAccessor) {
userAccessor = aUserAccessor;
}
+
+ @Override
+ public void setUserAdministration(UserAdministration aUserAdmin) {
+ userAdmin = aUserAdmin;
+ System.out.println("Setting userAdmin");
+ for (AuthorizationRule rule: rules) {
+ System.out.println("Setting useradmin on " + rule);
+ rule.setUserAdministration(userAdmin);
+ }
+ }
/*
* (non-Javadoc)
* .lang.Object, org.wamblee.security.authorization.Operation)
*/
public boolean isAllowed(Object aResource, Operation aOperation) {
- User user = userAccessor.getCurrentUser();
+ String user = userAccessor.getCurrentUser();
for (AuthorizationRule rule : rules) {
switch (rule.isAllowed(aResource, aOperation, user)) {
* .wamblee.security.authorization.AuthorizationRule)
*/
public void appendRule(AuthorizationRule aRule) {
+ aRule.setUserAdministration(userAdmin);
rules.add(aRule);
}
* (int, org.wamblee.security.authorization.AuthorizationRule)
*/
public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
+ aRule.setUserAdministration(userAdmin);
rules.add(aIndex, aRule);
}
*/
protected void setMappedRules(List<AuthorizationRule> aRules) {
rules = aRules;
+ for (AuthorizationRule rule: rules) {
+ rule.setUserAdministration(userAdmin);
+ }
}
}
import javax.persistence.Column;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
+import javax.persistence.Transient;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdministration;
/**
*/
@Column(name = "GRP")
private String group;
+
+ @Transient
+ private UserAdministration admin;
/**
* Constructs the condition.
protected GroupUserCondition() {
group = null;
}
+
+ @Override
+ public void setUserAdmin(UserAdministration aAdmin) {
+ admin = aAdmin;
+ }
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.UserCondition#matches(org.wamblee.
- * usermgt.UserAccessor)
- */
- public boolean matches(User aUser) {
- return aUser.isInGroup(group);
+ @Override
+ public boolean matches(String aUser) {
+ return admin.isInGroup(aUser, group);
}
/**
import org.apache.log4j.Logger;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Utility base class for implementation of authentication rules based on the
* .Object, org.wamblee.security.authorization.Operation)
*/
public AuthorizationResult isAllowed(Object aResource,
- Operation aOperation, User aUser) {
+ Operation aOperation, String aUser) {
if (!resourceClass.isInstance(aResource)) {
return UNSUPPORTED_RESOURCE;
}
String path = getResourcePath(aResource);
- return isAllowed(path, aOperation, aUser);
+ return isAllowedWithPath(path, aOperation, aUser);
}
/**
*
* @return Authorization result,
*/
- protected AuthorizationResult isAllowed(String aPath, Operation aOperation,
- User aUser) {
+ protected AuthorizationResult isAllowedWithPath(String aPath, Operation aOperation,
+ String aUser) {
if (!pathCondition.matches(aPath)) {
return UNDECIDED;
}
protected void setUserCondition(UserCondition aUserCondition) {
userCondition = aUserCondition;
}
+
+ @Override
+ public void setUserAdministration(UserAdministration aAdmin) {
+ userCondition.setUserAdmin(aAdmin);
+ }
+
}
package org.wamblee.security.authorization;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdminInitializer;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Condition used to match a user against a specified set of users.
* @author Erik Brakkee
*/
public interface UserCondition {
+
+ /**
+ * Sets the user administration object.
+ * @param aAdmin User administration.
+ */
+ void setUserAdmin(UserAdministration aAdmin);
/**
* Determines if the condition matches.
*
* @return True if the condition matches, false otherwise.
*/
- public abstract boolean matches(User aUser);
+ boolean matches(String aUser);
}
\ No newline at end of file
import org.wamblee.persistence.JpaMergeSupport;
import org.wamblee.security.authentication.UserAccessor;
+import org.wamblee.security.authentication.UserAdministration;
import org.wamblee.security.authorization.AbstractAuthorizationService;
import org.wamblee.security.authorization.AbstractAuthorizationRule;
import org.wamblee.security.authorization.AuthorizationRule;
* User accessor.
*/
private UserAccessor userAccessor;
+
+ /**
+ * User administration.
+ */
+ private UserAdministration userAdmin;
/**
* Name of the service.
* Entity manager.
* @param aAccessor
* User accessor.
+ * @param aUserAdmin User administration.
* @param aRefresh
* Whether or not to refresh the state of the service at the
* start of every operation.
*/
public JpaAuthorizationService(String aName, EntityManager aEntityManager,
- UserAccessor aAccessor, long aRefreshInterval) {
+ UserAccessor aAccessor, UserAdministration aUserAdmin, long aRefreshInterval) {
entityManager = aEntityManager;
refreshInterval = aRefreshInterval;
lastRefreshTime = System.currentTimeMillis();
userAccessor = aAccessor;
+ userAdmin = aUserAdmin;
name = aName;
}
public void setUserAccessor(UserAccessor aUserAccessor) {
userAccessor = aUserAccessor;
}
-
- /**
- * Initialize service if needed.
- *
- */
- private void initialize() {
- if (service == null) {
- service = refreshByReload();
- }
+
+ @Override
+ public void setUserAdministration(UserAdministration aUserAdmin) {
+ userAdmin = aUserAdmin;
}
private AuthorizationService refreshByReload() {
- AuthorizationService service;
+ if ( userAdmin == null ) {
+ throw new IllegalArgumentException("useradmin is null");
+ }
+ AuthorizationService svc;
try {
- service = entityManager.createNamedQuery(
+ svc = entityManager.createNamedQuery(
AbstractAuthorizationService.QUERY_FIND_BY_NAME,
AbstractAuthorizationService.class).setParameter(
DefaultAuthorizationService.NAME_PARAM, name).getSingleResult();
- service.setUserAccessor(userAccessor);
+ svc.setUserAccessor(userAccessor);
+ svc.setUserAdministration(userAdmin);
} catch (NonUniqueResultException e) {
throw new IllegalArgumentException(
"Returned more than one service for name '" + name + "'");
} catch (NoResultException e) {
- service = new DefaultAuthorizationService(userAccessor, name);
- entityManager.persist(service);
+ svc = new DefaultAuthorizationService(userAccessor, userAdmin, name);
+ entityManager.persist(svc);
}
- return service;
+ return svc;
}
/*
* .lang.Object, org.wamblee.security.authorization.Operation)
*/
public boolean isAllowed(Object aResource, Operation aOperation) {
- initialize();
refresh();
return service.isAllowed(aResource, aOperation);
* org.wamblee.security.authorization.Operation)
*/
public <T> T check(T aResource, Operation aOperation) {
- initialize();
refresh();
return service.check(aResource, aOperation);
* @see org.wamblee.security.authorization.AuthorizationService#getRules()
*/
public AuthorizationRule[] getRules() {
- initialize();
refresh();
return service.getRules();
* .wamblee.security.authorization.AuthorizationRule)
*/
public void appendRule(AuthorizationRule aRule) {
- initialize();
- refresh();
- service.appendRule(aRule);
- save(); // service might still be detached as service is cached.
+ AuthorizationService svc = refreshByReload();
+ svc.appendRule(aRule);
+ // Setting service to null will force reload the next time the
+ // service is used. This deals effectively with the case where the
+ // current transaction would roll back and the change would not have been made.
+ setService(null);
}
-
+
+ private synchronized AuthorizationService getService() {
+ return service;
+ }
+
+ private synchronized void setService(AuthorizationService aSvc) {
+ service = aSvc;
+ }
+
/*
* (non-Javadoc)
*
* org.wamblee.security.authorization.AuthorizationService#removeRule(int)
*/
public void removeRule(int aIndex) {
- initialize();
- refresh();
- service.removeRule(aIndex);
- save(); // service might still be detached as service is cached.
+ AuthorizationService svc = refreshByReload();
+ svc.removeRule(aIndex);
+ setService(null);
}
/*
* (int, org.wamblee.security.authorization.AuthorizationRule)
*/
public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
- initialize();
- refresh();
- service.insertRuleAfter(aIndex, aRule);
- save(); // service might still be detached as service is cached.
+ AuthorizationService svc = refreshByReload();
+ svc.insertRuleAfter(aIndex, aRule);
+ setService(null);
}
/**
private synchronized void refresh() {
long time = System.currentTimeMillis();
- if ((time - lastRefreshTime) > refreshInterval) {
+ if (service == null || (time - lastRefreshTime) > refreshInterval) {
service = refreshByReload();
lastRefreshTime = time;
}
}
-
- /**
- * Saves any changes to the service state if necessary.
- */
- private void save() {
- AuthorizationService merged = entityManager.merge(service);
- entityManager.flush();
- JpaMergeSupport.merge(merged, service);
- }
}
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- */
+ */
package org.wamblee.security.authentication;
import junit.framework.TestCase;
import org.apache.log4j.Logger;
+import org.junit.Test;
import org.wamblee.security.authentication.Group;
import org.wamblee.security.authentication.GroupSet;
import org.wamblee.security.authentication.UserMgtException.Reason;
import org.wamblee.security.encryption.Md5HexMessageDigester;
-
+import java.util.List;
import java.util.Set;
/**
Reason.INVALID_GROUPNAME, "Invalid group"));
}
- protected User createUser(String aName, String aPassword, Group aGroup)
- throws UserMgtException {
- return UsermgtTestUtils.createUser(aName, aPassword, aGroup);
- }
+ // Construction
/**
* Constructs the admin, verify it contains no users and no groups.
assertEquals(0, admin.getGroupCount());
}
- /**
- * Creates a new group. Verifies the group is created correctly and that the
- * user is added.
- *
- */
- public void testCreateGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- assertNotNull(group);
- assertEquals(GROUP1, group.getName());
-
- Set<Group> groups = admin.getGroups();
- assertEquals(1, groups.size());
- assertEquals(1, admin.getGroupCount());
- assertTrue(groups.contains(group));
+ // Basic user admin:
+ // void createUser(String aUser, String aPassword);
+ // boolean checkUser(String aUser);
+ // int getUserCount();
+ // List<String> getUsers();
+ // void renameUser(String aOldUserName, String aUserName);
+ // void removeUser(String aUser);
+ public void testCreateUser() {
+ assertFalse(admin.checkUser(USER1));
+ admin.createUser(USER1, PASS1);
+ assertTrue(admin.checkUser(USER1));
+ assertEquals(1, admin.getUserCount());
+ assertTrue(admin.checkPassword(USER1, PASS1));
+ assertFalse(admin.checkPassword(USER1, PASS2));
}
- private void createInvalidGroup(String aUsername) {
+ public void testCreateDuplicateUser() {
+ admin.createUser(USER1, PASS1);
+
try {
- admin.createGroup(aUsername);
+ admin.createUser(USER1, PASS2);
fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.INVALID_GROUPNAME, e
- .getReason());
- assertEquals(0, admin.getGroupCount());
+ assertEquals(UserMgtException.Reason.DUPLICATE_USER, e.getReason());
+ assertEquals(1, admin.getUserCount());
}
}
/**
- * Creates a new group with an invalid name. Verifies that the appropriate
+ * Constructs users with invalid names. Verifies that the appropriate
* exception is thrown.
*
- * @throws UserMgtException
*/
- public void testCreateInvalidGroupName() throws UserMgtException {
- createInvalidGroup("");
- createInvalidGroup("0abc"); // should not start with digits
- createInvalidGroup("a b"); // should not contain spaces
- createInvalidGroup(" aa");
- createInvalidGroup("aa ");
- }
-
- /**
- * Creates a new group which conflicts with an existing one. Verifies that
- * the UserMgtException is thrown and that no group is added.
- *
- */
- public void testCreateDuplicateGroup() throws UserMgtException {
- admin.createGroup(GROUP1);
-
- try {
- admin.createGroup(GROUP1);
- } catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.DUPLICATE_GROUP, e.getReason());
- assertEquals(1, admin.getGroupCount());
-
- return;
- }
-
- fail();
+ public void testCreateInvalidUserName() throws UserMgtException {
+ createInvalidUser("");
+ createInvalidUser("0abc"); // should not start with digits
+ createInvalidUser("a b"); // should not contain spaces
+ createInvalidUser(" aa");
+ createInvalidUser("aa ");
}
- /**
- * Creates a new user. Verifies the user is created correctly and that the
- * user is added.
- *
- */
- public void testCreateUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
- assertNotNull(user);
- assertEquals(USER1, user.getName());
- user.checkPassword(PASS1);
-
- Set<User> users = admin.getUsers();
+ public void testRenameUser() {
+ admin.createUser(USER1, PASS1);
+ admin.renameUser(USER1, USER2);
+ List<String> users = admin.getUsers();
assertEquals(1, users.size());
- assertEquals(1, admin.getUserCount());
- assertTrue(users.contains(user));
+ assertTrue(users.contains(USER2));
}
- private void createInvalidUser(String aUsername, Group aGroup) {
+ public void testRenameUserInvalidUsername() {
+ admin.createUser(USER1, PASS1);
try {
- admin.createUser(aUsername, "pass", aGroup);
+ admin.renameUser(USER1, "a b");
fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.INVALID_USERNAME, e
- .getReason());
- assertEquals(0, admin.getUserCount());
+ assertEquals(e.getReason(), Reason.INVALID_USERNAME);
}
}
- /**
- * Constructs users with invalid names. Verifies that the appropriate
- * exception is thrown.
- *
- */
- public void testCreateInvalidUserName() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- createInvalidUser("", group);
- createInvalidUser("0abc", group); // should not start with digits
- createInvalidUser("a b", group); // should not contain spaces
- createInvalidUser(" aa", group);
- createInvalidUser("aa ", group);
+ public void testRenameUserToItself() {
+ admin.createUser(USER1, PASS1);
+ admin.renameUser(USER1, USER1);
+ assertTrue(admin.checkUser(USER1));
}
- /**
- * Creates a new user which conflicts with an existing one. Verifies that
- * the UserMgtException is thrown and that no user is added.
- *
- */
- public void testCreateDuplicateUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- admin.createUser(USER1, PASS1, group);
-
+ public void testRenameUserDuplicateUser() {
+ admin.createUser(USER1, PASS1);
+ admin.createUser(USER2, PASS2);
try {
- admin.createUser(USER1, PASS2, group);
+ admin.renameUser(USER1, USER2);
fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.DUPLICATE_USER, e.getReason());
- assertEquals(1, admin.getUserCount());
+ assertEquals(e.getReason(), Reason.DUPLICATE_USER);
}
}
- /**
- * Gets a known user by name. Verifies the correct user is obtained.
- * Verifies that null is returned when trying to obtain an unknown user.
- *
- */
- public void testGetUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
- User user2 = admin.getUser(USER1);
- assertTrue(user.equals(user2));
- assertNull(admin.getUser(USER2));
+ // Basic group admin:
+ // void createGroup(String aName);
+ // boolean checkGroup(String aGroup);
+ // int getGroupCount();
+ // List<String> getGroups();
+
+ public void testCreateGroup() {
+ admin.createGroup(GROUP1);
+ List<String> groups = admin.getGroups();
+ assertEquals(1, groups.size());
+ assertEquals(1, admin.getGroupCount());
+ assertTrue(groups.contains(GROUP1));
}
- /**
- * Gets a known group by name. Verifies the correct group is obtained.
- * Verifies that null is returned when the group is not known.
- *
- */
- public void testGetGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- Group group2 = admin.getGroup(GROUP1);
- assertTrue(group.equals(group2));
- assertNull(admin.getGroup(GROUP2));
+ public void testCreateGroupInvalidName() {
+ createInvalidGroup("");
+ createInvalidGroup("0abc"); // should not start with digits
+ createInvalidGroup("a b"); // should not contain spaces
+ createInvalidGroup(" aa");
+ createInvalidGroup("aa ");
}
- /**
- * Adds a user to a group. Verifies that the user is added using several API
- * calls. Verifies that an exception occurs if the user is not already part
- * of the group.
- *
- */
- public void testAddUserToGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
- Group group2 = admin.createGroup(GROUP2);
- assertTrue(user.isInGroup(group));
- assertFalse(user.isInGroup(group2));
- admin.addUserToGroup(user, group2);
- assertTrue(user.isInGroup(group));
- assertTrue(user.isInGroup(group2));
-
- Set<User> users = admin.getUsers(group2);
- assertNotNull(users);
- assertEquals(1, users.size());
- assertTrue(users.contains(user));
+ public void testCreateGroupDuplicateGroup() {
+ admin.createGroup(GROUP1);
try {
- admin.addUserToGroup(user, group);
+ admin.createGroup(GROUP1);
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.USER_ALREADY_IN_GROUP, e
- .getReason());
+ assertEquals(UserMgtException.Reason.DUPLICATE_GROUP, e.getReason());
+ assertEquals(1, admin.getGroupCount());
return;
}
fail();
}
- /**
- * Adds a user to a group where the user does not exist. Verifies that an
- * exception occurs.
- *
- */
- public void testAddUserToGroupUnknownUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = createUser(USER1, PASS1, group);
+ // Passwords.
+ // boolean checkPassword(String aUser, String aPassword);
+ // boolean changePassword(String aUser, String aOldPassword, String
+ // aNewPassword);
+ // void setPassword(String aUser, String aPassword);
+
+ public void testChangePassword() {
+ admin.createUser(USER1, PASS1);
+ boolean changed = admin.changePassword(USER1, PASS1, PASS2);
+ assertTrue(changed);
+ assertTrue(admin.checkPassword(USER1, PASS2));
+ assertFalse(admin.checkPassword(USER1, PASS1));
+ }
+ public void testChangePasswordWrongPassword() {
+ admin.createUser(USER1, PASS1);
+ boolean changed = admin.changePassword(USER1, PASS2, PASS1);
+ assertFalse(changed);
+ assertFalse(admin.checkPassword(USER1, PASS2));
+ assertTrue(admin.checkPassword(USER1, PASS1));
+ }
+
+ public void testChangePasswordUnknownUser() {
+ admin.createUser(USER1, PASS1);
try {
- admin.addUserToGroup(user, group);
+ boolean changed = admin.changePassword(USER1 + "unknown", PASS2,
+ PASS1);
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.UNKNOWN_USER, e.getReason());
-
- return;
+ assertEquals(e.getReason(), Reason.UNKNOWN_USER);
}
-
- fail();
}
- /**
- * Adds a user to a group where the user does not exist. Verifies that an
- * exception occurs.
- *
- */
- public void testAddUserToGroupUnknownGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
- Group group2 = new Group(GROUP2);
+ public void testSetPassword() {
+ admin.createUser(USER1, PASS1);
+ admin.setPassword(USER1, PASS2);
+ assertTrue(admin.checkPassword(USER1, PASS2));
+ assertFalse(admin.checkPassword(USER1, PASS1));
+ }
+ public void testSetPasswordUnknownUser() {
+ admin.createUser(USER1, PASS1);
try {
- admin.addUserToGroup(user, group2);
+ admin.setPassword(USER1 + "unknown", PASS2);
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.UNKNOWN_GROUP, e.getReason());
-
- return;
+ assertEquals(e.getReason(), Reason.UNKNOWN_USER);
}
-
- fail();
}
- /**
- * Removes a user from a group. Verifies that the user is removed from the
- * group using several API calls. Verifies that an exception occurs if the
- * user not part of the group or if the user is only part of one group.
- *
- */
- public void testRemoveUserFromGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
-
- User user = admin.createUser(USER1, PASS1, group);
- Group group2 = admin.createGroup(GROUP2);
- admin.addUserToGroup(user, group2);
+ // Group membership
+ // boolean isInGroup(String aUser, String aGroup);
+ // List<String> getUsers(String aGroup);
+ // void addUserToGroup(String aUser, String aGroup);
+ // void removeUserFromGroup(String aUser, String aGroup);}
- Set<Group> groups = user.getGroups();
- assertEquals(2, groups.size());
- assertTrue(groups.contains(group));
- assertTrue(groups.contains(group2));
-
- admin.removeUserFromGroup(user, group);
- groups = user.getGroups();
- assertEquals(1, groups.size());
- assertTrue(groups.contains(group2));
- assertFalse(groups.contains(group));
+ public void testAddUserToGroup() {
+ admin.createUser(USER1, PASS1);
+ assertFalse(admin.isInGroup(USER1, GROUP1));
+ admin.createGroup(GROUP1);
+ admin.addUserToGroup(USER1, GROUP1);
+ assertTrue(admin.isInGroup(USER1, GROUP1));
+ List<String> users = admin.getUsers(GROUP1);
+ assertEquals(1, users.size());
+ assertTrue(users.contains(USER1));
}
- /**
- * Removes a user from a group where the user is not known. Verifies that an
- * exception is thrown.
- *
- */
- public void testRemoveUserFromGroupUnknownUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = createUser(USER1, GROUP1, group);
+ public void testMultipleGroups() {
+ admin.createUser(USER1, PASS1);
+ admin.createGroup(GROUP1);
+ admin.createGroup(GROUP2);
+ assertFalse(admin.isInGroup(USER1, GROUP1));
+ assertFalse(admin.isInGroup(USER1, GROUP2));
+ admin.addUserToGroup(USER1, GROUP1);
+ admin.addUserToGroup(USER1, GROUP2);
+ assertTrue(admin.isInGroup(USER1, GROUP1));
+ assertTrue(admin.isInGroup(USER1, GROUP2));
+ }
+ public void testAddUserToGroupUnknownUser() {
+ admin.createGroup(GROUP2);
try {
- admin.removeUserFromGroup(user, group);
+ admin.addUserToGroup(USER1, GROUP2);
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.UNKNOWN_USER, e.getReason());
+ assertEquals(e.getReason(), Reason.UNKNOWN_USER);
}
- }
- /**
- * Removes a user from a group where the group is not known. Verifies that
- * an exception is thrown.
- *
- */
- public void testRemoveUserFromGroupUnknownGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
- Group group2 = new Group(GROUP2);
+ }
+ public void testAddUserToGroupUnknownGroup() {
+ admin.createUser(USER1, PASS1);
try {
- admin.removeUserFromGroup(user, group2);
+ admin.addUserToGroup(USER1, GROUP2);
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.UNKNOWN_GROUP, e.getReason());
+ assertEquals(e.getReason(), Reason.UNKNOWN_GROUP);
}
}
- /**
- * Removes a user from a group where the user is only part of one group.
- * Verifies that an exception is thrown.
- *
- */
- public void testRemoveUserFromGroupOnlyGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
+ public void testRemoveUserFromGroup() {
+ admin.createUser(USER1, GROUP1);
+ admin.createGroup(GROUP1);
+ admin.addUserToGroup(USER1, GROUP1);
+ assertTrue(admin.isInGroup(USER1, GROUP1));
+ admin.removeUserFromGroup(USER1, GROUP1);
+ assertFalse(admin.isInGroup(USER1, GROUP1));
+ }
+ public void testRemoveUserFromGroupUserNotInGroup() {
+ admin.createUser(USER1, GROUP1);
+ admin.createGroup(GROUP1);
+ admin.createGroup(GROUP2);
+ admin.addUserToGroup(USER1, GROUP1);
try {
- admin.removeUserFromGroup(user, group);
+ admin.removeUserFromGroup(USER1, GROUP2);
+ fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.USER_MUST_BE_IN_A_GROUP, e
- .getReason());
+ assertEquals(Reason.USER_NOT_IN_GROUP, e.getReason());
}
}
- /**
- * Gets the list of users and groups. Verifies that the correct suers and
- * groups are returned. Verifies also that the relations from user to group
- * are correct.
- *
- */
- public void testGetUsersAndGroups() throws UserMgtException {
- Group group1 = admin.createGroup(GROUP1);
- Group group2 = admin.createGroup(GROUP2);
-
- User user1 = admin.createUser(USER1, PASS1, group1);
- admin.addUserToGroup(user1, group2);
-
- User user2 = admin.createUser(USER2, PASS2, group2);
-
- Set<User> users = admin.getUsers();
- assertEquals(2, users.size());
- assertTrue(users.contains(user1));
- assertTrue(users.contains(user2));
-
- Set<Group> groups = admin.getGroups();
- assertEquals(2, groups.size());
- assertTrue(groups.contains(group1));
- assertTrue(groups.contains(group2));
-
- assertTrue(user1.isInGroup(group1));
- assertTrue(user1.isInGroup(group2));
- assertFalse(user2.isInGroup(group1));
- assertTrue(user2.isInGroup(group2));
-
- Set<Group> groups1 = user1.getGroups();
- assertEquals(2, groups1.size());
-
- Set<Group> groups2 = user2.getGroups();
- assertEquals(1, groups2.size());
- }
-
- /**
- * Renames a user. Verifies that the user is renamed. Verifies that
- * exceptions are thrown when an attempt is made to rename the user to
- * itself or to another existing user, or when the group does not exist.
- *
- */
- public void testRenameUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user1 = admin.createUser(USER1, PASS1, group);
- admin.renameUser(user1, USER2);
- assertEquals(USER2, user1.getName());
- assertEquals(user1, admin.getUser(USER2));
-
+ public void testRemoveUserFromGroupUnknowUser() {
+ admin.createGroup(GROUP1);
try {
- admin.renameUser(user1, USER1);
- } catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.DUPLICATE_USER, e.getReason());
-
- // do a trivial reanem
- try {
- admin.renameUser(user1, user1.getName());
- } catch (UserMgtException e2) {
- assertEquals(UserMgtException.Reason.TRIVIAL_RENAME, e2
- .getReason());
-
- return;
- }
-
+ admin.removeUserFromGroup(USER1, GROUP2);
fail();
+ } catch (UserMgtException e) {
+ assertEquals(Reason.UNKNOWN_USER, e.getReason());
}
-
- fail();
}
- /**
- * Renames a user to a user with an invalid username. Verifies that the
- * appropriate exception is thrown.
- *
- */
- public void testRenameUserInvalidUsername() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user1 = admin.createUser(USER1, PASS1, group);
-
+ public void testRemoveUserFromGroupUnknownGroup() {
+ admin.createUser(USER1, PASS1);
try {
- admin.renameUser(user1, USER2);
+ admin.removeUserFromGroup(USER1, GROUP2);
+ fail();
} catch (UserMgtException e) {
- assertEquals(e.getReason(), Reason.INVALID_USERNAME);
+ assertEquals(Reason.UNKNOWN_GROUP, e.getReason());
}
}
- /**
- * Renames a group. Verifies that the group is renamed. Verifies that
- * exceptions are thrown when an attempt is made to rename the group to
- * itself or to another existing group or when the group does not exist.
- *
- */
- public void testRenameGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- admin.renameGroup(group, GROUP2);
- assertEquals(GROUP2, group.getName());
- assertEquals(group, admin.getGroup(GROUP2));
+ // void renameGroup(String aOldGroup, String aGroupName)
+ public void testRenameGroup() {
+ admin.createUser(USER1, PASS1);
admin.createGroup(GROUP1);
+ admin.addUserToGroup(USER1, GROUP1);
+ admin.renameGroup(GROUP1, GROUP2);
+ List<String> groups = admin.getGroups();
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(GROUP2));
+ assertTrue(admin.isInGroup(USER1, GROUP2));
+ assertFalse(admin.isInGroup(USER1, GROUP1));
+ }
+ public void testRenameGroupGroupNameInvalid() {
+ admin.createGroup(GROUP1);
try {
- admin.renameGroup(group, GROUP1);
- } catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.DUPLICATE_GROUP, e.getReason());
-
- // do a trivial reanem
- try {
- admin.renameGroup(group, group.getName());
- } catch (UserMgtException e2) {
- assertEquals(UserMgtException.Reason.TRIVIAL_RENAME, e2
- .getReason());
-
- return;
- }
-
+ admin.renameGroup(GROUP1, "a b");
fail();
-
- return;
+ } catch (UserMgtException e) {
+ assertEquals(Reason.INVALID_GROUPNAME, e.getReason());
}
-
- fail();
}
- /**
- * Renames a group to a group with an invalid name. Verifies that the
- * appropriate exception is thrown.
- *
- */
- public void testRenameGroupInvalidGroupname() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
-
+ public void testRenameGroupGroupAlreadyExists() {
+ admin.createGroup(GROUP1);
+ admin.createGroup(GROUP2);
try {
- admin.renameGroup(group, "a b");
+ admin.renameGroup(GROUP1, GROUP2);
+ fail();
} catch (UserMgtException e) {
- assertEquals(e.getReason(), Reason.INVALID_GROUPNAME);
+ assertEquals(Reason.DUPLICATE_GROUP, e.getReason());
}
}
- /**
- * Removes a user. Verifies that the user is removed. Verifies that the an
- * exception is thrown when the user does not exist.
- *
- */
- public void testRemoveUser() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
-
- assertEquals(1, admin.getUserCount());
- admin.removeUser(user);
- assertEquals(0, admin.getUserCount());
-
- admin.createUser(USER1, PASS1, group);
- assertEquals(1, admin.getUserCount());
+ // void removeGroup(String aGroup);
- User user2 = createUser(USER2, PASS2, group);
+ public void testRemoveGroup() {
+ admin.createGroup(GROUP1);
+ admin.removeGroup(GROUP1);
+ List<String> groups = admin.getGroups();
+ assertEquals(0, groups.size());
+ }
+ public void testRemoveGroupGroupDoesNotExist() {
try {
- admin.removeUser(user2);
+ admin.removeGroup(GROUP1);
+ fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.UNKNOWN_USER, e.getReason());
+ assertEquals(e.getReason(), Reason.UNKNOWN_GROUP);
}
}
- /**
- * Removes a group. Verifies that the group is removed. Verifies that the an
- * exception is thrown when the group does not exist or if there are still
- * users in the group.
- *
- */
- public void testRemoveGroup() throws UserMgtException {
- Group group1 = admin.createGroup(GROUP1);
- assertEquals(1, admin.getGroupCount());
- admin.removeGroup(group1);
- assertEquals(0, admin.getGroupCount());
- group1 = admin.createGroup(GROUP1);
-
- admin.createUser(USER1, PASS1, group1);
+ public void testRemoveGroupButStillUsersInGroup() {
+ admin.createUser(USER1, PASS1);
+ admin.createGroup(GROUP1);
+ admin.addUserToGroup(USER1, GROUP1);
+ try {
+ admin.removeGroup(GROUP1);
+ } catch (UserMgtException e) {
+ assertEquals(e.getReason(), Reason.GROUP_STILL_OCCUPIED);
+ }
+ }
+ private void createInvalidGroup(String aUsername) {
try {
- admin.removeGroup(group1);
+ admin.createGroup(aUsername);
+ fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.GROUP_STILL_OCCUPIED, e
+ assertEquals(UserMgtException.Reason.INVALID_GROUPNAME, e
.getReason());
-
- return;
+ assertEquals(0, admin.getGroupCount());
}
-
- fail();
}
- /**
- * Tries to remove an unknown group. Verifies that an exception is thrown.
- *
- */
- public void testRemoveGroupUnknownGroup() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- Group group2 = new Group(GROUP2);
-
+ private void createInvalidUser(String aUsername) {
try {
- admin.removeGroup(group2);
+ admin.createUser(aUsername, "pass");
+ fail();
} catch (UserMgtException e) {
- assertEquals(UserMgtException.Reason.UNKNOWN_GROUP, e.getReason());
+ assertEquals(UserMgtException.Reason.INVALID_USERNAME, e
+ .getReason());
+ assertEquals(0, admin.getUserCount());
}
}
/**
- * Changes the password, verifies that this succeeds.
+ * Gets the list of users and groups. Verifies that the correct suers and
+ * groups are returned. Verifies also that the relations from user to group
+ * are correct.
*
- * @throws UserMgtException
*/
- public void testChangePassword() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- User user = admin.createUser(USER1, PASS1, group);
- user.changePassword(PASS1, PASS2);
+ public void testGetUsersAndGroups() throws UserMgtException {
+ admin.createGroup(GROUP1);
+ admin.createGroup(GROUP2);
- // retrieve the user and verifies the password hasn't changed.
- User user2 = admin.getUser(USER1);
+ admin.createUser(USER1, PASS1);
+ admin.addUserToGroup(USER1, GROUP1);
+ admin.addUserToGroup(USER1, GROUP2);
- try {
- user2.checkPassword(PASS2);
- fail(); // password should not have changed already.
- } catch (UserMgtException e) {
- // ok.
- }
+ admin.createUser(USER2, PASS2);
+ admin.addUserToGroup(USER2, GROUP2);
- // now notify the admin of the change in the user
- admin.userModified(user);
+ List<String> users = admin.getUsers();
+ assertEquals(2, users.size());
+ assertTrue(users.contains(USER1));
+ assertTrue(users.contains(USER2));
- user2 = admin.getUser(USER1);
- user2.checkPassword(PASS2); // this time it should succeed.
+ List<String> groups = admin.getGroups();
+ assertEquals(2, groups.size());
+ assertTrue(groups.contains(GROUP1));
+ assertTrue(groups.contains(GROUP2));
+
+ assertTrue(admin.isInGroup(USER1, GROUP1));
+ assertTrue(admin.isInGroup(USER1, GROUP2));
+ assertFalse(admin.isInGroup(USER2, GROUP1));
+ assertTrue(admin.isInGroup(USER2, GROUP2));
+
+ List<String> groups1 = admin.getGroups(USER1);
+ assertEquals(2, groups1.size());
+
+ List<String> groups2 = admin.getGroups(USER2);
+ assertEquals(1, groups2.size());
}
/**
*
*/
public void testPerformanceFindUserByName() throws UserMgtException {
- Group group = admin.createGroup(GROUP1);
- admin.createUser(USER1, PASS1, group);
+ admin.createGroup(GROUP1);
+ admin.createUser(USER1, PASS1);
+ admin.addUserToGroup(USER1, GROUP1);
int n = 1000;
long time = System.currentTimeMillis();
for (int i = 0; i < n; i++) {
- admin.getUser(USER1);
+ admin.checkUser(USER1);
}
LOGGER.info("Looked up a user " + n + " times in " +
public static User createUser(String aName, String aPassword, Group aGroup)
throws UserMgtException {
- return new User(aName, aPassword, aGroup, new RegexpNameValidator(
+ User user = new User(aName, aPassword, new RegexpNameValidator(
RegexpNameValidator.PASSWORD_PATTERN, Reason.INVALID_PASSWORD,
"Password must be at least 6 chars"), new Md5HexMessageDigester());
+ user.addGroup(aGroup);
+ return user;
}
public static void addUserToGroup(User aUser, Group aGroup)
import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
+import org.junit.Ignore;
import org.wamblee.security.authentication.UserAccessor;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Tests the authorization service.
private AuthorizationService service;
+ private TestUserAccessor userAccessor;
+
+
protected AuthorizationService getService() {
return service;
}
protected void setUp() throws Exception {
super.setUp();
+ userAccessor = new TestUserAccessor();
+
rule1 = createRule(GRANTED, "users", "/oni/", AllOperation.class);
rule2 = createRule(DENIED, "users", "/abc/", ReadOperation.class);
rule3 = createRule(GRANTED, "users", "/abc/", AllOperation.class);
((TestAuthorizationRule) rule3).reset();
}
- protected UserAccessor createUserAccessor() {
- return new TestUserAccessor();
+ protected UserAccessor getUserAccessor() {
+ return userAccessor;
+ }
+
+ protected UserAdministration getUserAdministration() {
+ return userAccessor.getUserAdmin();
}
/**
*/
protected AuthorizationService createService() {
DefaultAuthorizationService service = new DefaultAuthorizationService();
- service.setUserAccessor(createUserAccessor());
-
+ service.setUserAccessor(getUserAccessor());
+ service.setUserAdministration(getUserAdministration());
return service;
}
return ((TestResource) aResource).getPath();
}
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.UrlAuthorizationRule#isAllowed(java
- * .lang.Object, org.wamblee.security.authorization.Operation,
- * org.wamblee.usermgt.UserAccessor)
- */
@Override
public AuthorizationResult isAllowed(Object aResource,
- Operation aOperation, User aUser) {
+ Operation aOperation, String aUser) {
AuthorizationResult result = super.isAllowed(aResource, aOperation,
aUser);
private static final String GROUP = "users";
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.usermgt.UserAccessor#getCurrentUser()
- */
- public User getCurrentUser() {
- UserAdministration admin = new UserAdministrationImpl(
+ private UserAdministration userAdmin;
+
+ public TestUserAccessor() {
+ userAdmin = new UserAdministrationImpl(
new InMemoryUserSet(new RegexpNameValidator(
RegexpNameValidator.PASSWORD_PATTERN, Reason.INVALID_PASSWORD,
"Password must contain at least 6 characters"),
new RegexpNameValidator(RegexpNameValidator.ID_PATTERN,
Reason.INVALID_GROUPNAME, "Invalid group"));
- try {
- Group group = admin.createGroup(GROUP);
-
- return admin.createUser(USER, PASSWORD, group);
- } catch (UserMgtException e) {
- TestCase.fail(e.getMessage());
- throw new RuntimeException(e);
- }
+ userAdmin.createGroup(GROUP);
+ userAdmin.createUser(USER, PASSWORD);
+ userAdmin.addUserToGroup(USER, GROUP);
+ }
+
+ // NOTE: This is only for test. Normally the user accessor would not depend
+ // on user administration. This just ensures that a user administration is created
+ // that knows about the given user.
+ public UserAdministration getUserAdmin() {
+ return userAdmin;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.wamblee.usermgt.UserAccessor#getCurrentUser()
+ */
+ public String getCurrentUser() {
+ return USER;
}
}
* @author Erik Brakkee
*/
public class UrlAuthorizationRuleTest extends TestCase {
+
+ private TestUserAccessor userAccessor;
+
+ public void setUp() {
+ userAccessor = new TestUserAccessor();
+
+ }
+
/**
* Constructs the rule with a result of UNDECIDED. Verifies that an
* IllegalArgumentException is thrown.
public void testUnsupportedObject() {
AuthorizationRule rule = new TestAuthorizationRule(GRANTED, "users",
"/path", ReadOperation.class);
+ rule.setUserAdministration(userAccessor.getUserAdmin());
assertEquals(UNSUPPORTED_RESOURCE, rule.isAllowed("hello",
- new ReadOperation(), new TestUserAccessor().getCurrentUser()));
+ new ReadOperation(), userAccessor.getCurrentUser()));
}
public void testMatchingScenarios() {
AuthorizationRule rule = new TestAuthorizationRule(GRANTED, "users",
"/path/", ReadOperation.class);
- User user = new TestUserAccessor().getCurrentUser();
+ rule.setUserAdministration(userAccessor.getUserAdmin());
+ String user = userAccessor.getCurrentUser();
// everything matches
assertEquals(GRANTED, rule.isAllowed(new TestResource("/path/a"),
// group does not match.
AuthorizationRule rule2 = new TestAuthorizationRule(GRANTED, "users2",
"/path/", ReadOperation.class);
+ rule2.setUserAdministration(userAccessor.getUserAdmin());
assertEquals(UNDECIDED, rule2.isAllowed(new TestResource("/path/a"),
new ReadOperation(), user));
}
jpaTester.getJpaBuilder(), AuthorizationService.class);
JpaAuthorizationService service = new JpaAuthorizationService(
"DEFAULT", factory.getTransactionScopedEntityManager(),
- createUserAccessor(), 10000);
+ getUserAccessor(), getUserAdministration(), 10000);
return factory.getProxy(service);
}