1 21 22 package com.jaspersoft.jasperserver.api.metadata.view.service.impl; 23 24 import java.util.Iterator ; 25 import java.util.List ; 26 27 import org.acegisecurity.AccessDeniedException; 28 import org.acegisecurity.Authentication; 29 import org.acegisecurity.acl.AclEntry; 30 import org.acegisecurity.acl.AclProvider; 31 import org.acegisecurity.acl.basic.BasicAclEntry; 32 import org.acegisecurity.acl.basic.SimpleAclEntry; 33 import org.acegisecurity.context.SecurityContextHolder; 34 import org.acegisecurity.providers.TestingAuthenticationToken; 35 import org.acegisecurity.userdetails.UserDetails; 36 import org.acegisecurity.userdetails.UserDetailsService; 37 import org.springframework.context.ApplicationContext; 38 import org.springframework.context.support.ClassPathXmlApplicationContext; 39 40 import com.jaspersoft.jasperserver.api.metadata.common.domain.Folder; 41 import com.jaspersoft.jasperserver.api.metadata.common.domain.InternalURI; 42 import com.jaspersoft.jasperserver.api.metadata.common.domain.Resource; 43 import com.jaspersoft.jasperserver.api.metadata.common.domain.ResourceLookup; 44 import com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService; 45 import com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService; 46 import com.jaspersoft.jasperserver.api.metadata.jasperreports.domain.ReportUnit; 47 import com.jaspersoft.jasperserver.api.metadata.user.domain.ObjectPermission; 48 import com.jaspersoft.jasperserver.api.metadata.user.domain.Role; 49 import com.jaspersoft.jasperserver.api.metadata.user.domain.User; 50 import com.jaspersoft.jasperserver.api.metadata.user.service.ObjectPermissionService; 51 import com.jaspersoft.jasperserver.api.metadata.user.service.UserAuthorityService; 52 import com.jaspersoft.jasperserver.api.metadata.user.service.impl.AclService; 53 import com.jaspersoft.jasperserver.api.metadata.view.domain.FilterCriteria; 54 55 import junit.framework.TestCase; 56 import junit.textui.TestRunner; 57 58 62 public class ObjectPermissionServiceTest extends TestCase { 63 64 public static String reportUnitFolder = "/reports/samples"; 65 public static String reportUnitName = "AllAccounts"; 66 public static String reportUnitPath = reportUnitFolder + Folder.SEPARATOR + reportUnitName; 67 68 public static String testUserName = "TestUser"; 69 public static String tomcatUserName = "tomcat"; 70 71 public static String userRoleName = "ROLE_USER"; 72 public static String testRoleName = "ROLE_TEST"; 73 public static String administratorRoleName = "ROLE_ADMINISTRATOR"; 74 public static int readPermissionMask = SimpleAclEntry.READ; 75 public static int adminPermissionMask = SimpleAclEntry.ADMINISTRATION; 76 77 ApplicationContext factory; 78 RepositoryService repo; 79 UserAuthorityService userAuthService; 80 ObjectPermissionService objectPermissionService; 81 82 ReportUnit unit; 83 Role userRole, adminRole, testRole; 84 User tomcatUser, testUser; 85 86 Folder root; 87 88 public ObjectPermissionServiceTest(String name) { 89 super(name); 90 } 91 92 public static void main(String [] args) { 93 TestRunner.run(UserAuthorityServiceTest.class); 94 } 95 96 public void setUp() throws Exception { 97 System.out.println("ObjectPermissionServiceTest Setup"); 98 ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext( 101 new String [] {"hibernateConfig.xml", "userAuthorityService.xml", "repoService-Security.xml", "methodAndObjectSecurity.xml"}); 102 103 factory = (ApplicationContext) appContext; 104 105 107 userAuthService = (UserAuthorityService) factory.getBean("userAuthorityService"); 108 objectPermissionService = (ObjectPermissionService) factory.getBean("objectPermissionService"); 109 repo = (HibernateRepositoryService) factory.getBean("repoService"); 110 111 setUpRoles(); 112 setUpUsers(); 113 114 setAuthenticatedUser(tomcatUserName); 115 116 118 unit = (ReportUnit) repo.getResource(null, reportUnitPath); 119 assertNotNull("Null ReportUnit", unit); 120 assertEquals("Unmatched ReportUnit name", reportUnitName, unit.getName()); 121 122 root = repo.getFolder(null, Folder.SEPARATOR); 123 124 126 128 createObjectPermission(root, adminRole, SimpleAclEntry.ADMINISTRATION); 129 130 133 134 createObjectPermission(root, userRole, SimpleAclEntry.READ); 135 136 } 137 138 143 private void setUpRoles() { 144 145 userRole = getOrCreateRole(userRoleName); 146 147 adminRole = getOrCreateRole(administratorRoleName); 148 149 testRole = getOrCreateRole(testRoleName); 150 } 151 152 private Role getOrCreateRole(String roleName) { 153 Role r = userAuthService.getRole(null, roleName); 154 if (r == null) { 155 r = userAuthService.newRole(null); 156 r.setRoleName(roleName); 157 r.setExternallyDefined(false); 158 userAuthService.putRole(null, r); 159 } 160 return r; 161 } 162 163 168 private void setUpUsers() { 169 testUser = findOrCreateUser(testUserName); 170 171 userAuthService.addRole(null, testUser, testRole); 172 tomcatUser = findOrCreateUser(tomcatUserName); 173 174 userAuthService.addRole(null, tomcatUser, adminRole); 175 176 } 177 178 private User findOrCreateUser(String username) { 179 User workingUser = userAuthService.getUser(null, username); 180 if (workingUser == null) { 181 workingUser = userAuthService.newUser(null); 182 workingUser.setUsername(username); 183 workingUser.setPassword(username); 184 workingUser.setFullName(username + " user"); 185 workingUser.setEnabled(true); 186 187 userAuthService.putUser(null, workingUser); 188 } 189 190 return workingUser; 191 } 192 193 public void tearDown() { 194 System.out.println("ObjectPermissionServiceTest Tear down"); 195 196 User u = userAuthService.getUser(null, testUserName); 198 Resource r = repo.getResource(null, reportUnitPath); 199 deleteObjectPermission(r, u); 200 201 System.out.println("Deleting permission for " + userRoleName + " and " + reportUnitFolder); 203 Role userRole = userAuthService.getRole(null, userRoleName); 204 Folder f = repo.getFolder(null, reportUnitFolder); 205 deleteObjectPermission(f, userRole); 206 210 } 211 212 222 public void testObjectPermissionSetup() { 223 224 setAuthenticatedUser(tomcatUserName); 225 226 List l = objectPermissionService.getObjectPermissionsForObjectAndRecipient(null, unit, adminRole); 227 228 assertTrue("getObjectPermissionsForObjectAndRecipient size not 0: " + 229 (l == null ? "null" : (new Integer (l.size())).toString()), l == null || l.size() == 0); 230 235 ReportUnit ru = (ReportUnit) repo.getResource(null, unit.getURI()); 236 237 assertTrue("Null report unit for " + unit.getURI(), ru != null); 238 239 assertTrue(ru.getName().equals(reportUnitName)); 240 243 String p = ru.getParentFolder(); 244 245 Folder f = repo.getFolder(null, p); 246 247 assertTrue("Invalid folder: " + p, f != null); 248 249 l = objectPermissionService.getObjectPermissionsForObject(null, f); 250 251 System.out.println("ObjectPermission for unit folder: " + l); 252 253 assertTrue("getObjectPermissionsForObject size not 0: " + 254 (l == null ? "null" : (new Integer (l.size())).toString()), l == null || l.size() == 0); 255 } 256 257 public void testAclAccess() { 258 259 Authentication aUser = setAuthenticatedUser(tomcatUserName); 260 261 BasicAclEntry[] aclEntries = ((AclService) objectPermissionService).getAcls(unit); 262 263 assertTrue("aclEntries = null", aclEntries != null); 264 265 printAclEntries("getAcls(unit)", aclEntries); 266 267 assertTrue("aclEntries.length = " + aclEntries.length + " not 3", aclEntries.length == 3); 268 269 AclEntry[] userEntries = ((AclProvider) objectPermissionService).getAcls(unit, aUser); 270 assertTrue("userEntries = null", userEntries != null); 271 272 printAclEntries("getAcls(unit, aUser)", (BasicAclEntry[]) userEntries); 273 274 assertTrue("userEntries.length = " + userEntries.length + " not 2", userEntries.length == 2); 276 277 AclEntry found = null; 278 for (int i = 0; i < userEntries.length && found == null; i++ ) { 279 found = (((BasicAclEntry) userEntries[i]).getRecipient() instanceof Role) ? 280 userEntries[i] : null; 281 } 282 283 assertTrue("Role recipient not found", found != null); 284 assertTrue("Wrong role: " + ((BasicAclEntry) found).getRecipient(), ((Role) ((BasicAclEntry) found).getRecipient()).getRoleName().equals(administratorRoleName)); 285 } 286 287 public void testMethodAndObjectAccess() { 288 289 setAuthenticatedUser(tomcatUserName); 290 291 298 299 Resource r = repo.getResource(null, reportUnitPath); 301 assertNotNull("null Resource", r); 302 303 exerciseResourcesListAccess(tomcatUserName, true, 304 "Administrator should have access to report unit via role at root", 305 "Administrator has access to report unit"); 306 307 309 313 314 exerciseResourcesListAccess(testUserName, false, 315 "ROLE_TEST should not have access to report unit because there is no permissions for ROLE_TEST or this user", 316 "ROLE_TEST does not have access to report unit"); 317 318 320 323 assertNotNull("null testUserName", testUserName); 324 ObjectPermission op = createObjectPermission(r, testUser, SimpleAclEntry.READ); 325 326 329 330 exerciseResourcesListAccess(testUserName, true, 331 "Test user should have specific access to report unit", 332 "Test user has access to report unit"); 333 334 336 objectPermissionService.deleteObjectPermission(null, op); 337 338 340 userAuthService.addRole(null, testUser, userRole); 341 342 345 exerciseResourcesListAccess(testUserName, true, 346 "ROLE_USER should have access to root level", 347 "ROLE_USER given access to root level"); 348 349 351 Folder f = repo.getFolder(null, reportUnitFolder); 352 353 355 op = createObjectPermission(f, userRole, SimpleAclEntry.NOTHING); 356 357 360 exerciseResourcesListAccess(testUserName, false, 361 "ROLE_USER should have no access to report unit folder level", 362 "ROLE_USER given no access to report unit folder level"); 363 364 } 366 367 private Authentication setAuthenticatedUser(String username) { 368 UserDetails userDetails = ((UserDetailsService)userAuthService).loadUserByUsername(username); 369 Authentication aUser = new TestingAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities()); 370 aUser.setAuthenticated(true); 371 372 SecurityContextHolder.getContext().setAuthentication(aUser); 373 return aUser; 374 } 375 376 private void printAclEntries(String name, BasicAclEntry[] aclEntries) { 377 378 System.out.println("AclEntry set: " + name); 379 380 for (int i = 0; aclEntries != null && aclEntries.length > 0 && i < aclEntries.length; i++) { 381 System.out.println("aclEntries[" + i + "]: " + aclEntries[i].getAclObjectIdentity() + 382 "\n\tparent: " + aclEntries[i].getAclObjectParentIdentity() + 383 "\n\trecipient: " + aclEntries[i].getRecipient() + 384 "\n\tmask: " + aclEntries[i].getMask()); 385 } 386 387 } 388 389 private void exerciseResourcesListAccess(String userName, boolean expectToFind, 390 String testDescription, String successMessage) { 391 FilterCriteria criteria = FilterCriteria.createFilter(ReportUnit.class); 392 List l; 393 394 setAuthenticatedUser(userName); 395 396 Iterator it; 397 boolean found = false; 398 399 try { 400 l = repo.loadResourcesList(criteria); 401 System.out.println("loadResourcesList size: " + l.size()); 402 it = l.iterator(); 403 found = false; 404 while (it.hasNext() && !found) { 405 ResourceLookup rlu = (ResourceLookup) it.next(); 406 found = rlu.getURIString().equals(reportUnitPath); 407 } 408 409 411 if (found != expectToFind) { 412 fail(userName + ": loadResourcesList " + (expectToFind ? "did not contain " : "contained un") + "expected report unit for " + reportUnitName); 413 } 414 } catch (AccessDeniedException ex) { 415 fail(userName + ": loadResourcesList AccessDeniedException unexpected"); 416 } 417 418 System.out.println(successMessage); 419 420 } 421 422 private ObjectPermission createObjectPermission(InternalURI target, Object recipient, int permissionMask) { 423 ObjectPermission permission = objectPermissionService.newObjectPermission(null); 424 permission.setURI(target.getURI()); 425 permission.setPermissionRecipient(recipient); 426 permission.setPermissionMask(permissionMask); 427 objectPermissionService.putObjectPermission(null, permission); 428 return permission; 429 } 430 431 private void deleteObjectPermission(InternalURI target, Object recipient) { 432 433 ObjectPermission op = objectPermissionService.newObjectPermission(null); 434 435 String targetURI = target.getURI(); 436 op.setURI(targetURI); 437 op.setPermissionRecipient(recipient); 438 439 System.out.println("deleteObjectPermission: about to get: " + targetURI + ", recipient: " + recipient); 440 ObjectPermission op2 = objectPermissionService.getObjectPermission(null, op); 441 if (op2 != null) { 442 System.out.println("deleteObjectPermission: got " + op2 + ". about to delete: " + targetURI + ", recipient: " + recipient); 443 objectPermissionService.deleteObjectPermission(null, op); 444 System.out.println("deleted permission for uri: " + targetURI + ", recipient: " + recipient); 445 } else { 446 System.out.println("Can't delete permission for uri: " + targetURI + ", recipient: " + recipient + " because it does not exist"); 447 } 448 449 } 450 } 451 | Popular Tags |