KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jaspersoft > jasperserver > api > metadata > view > service > impl > ObjectPermissionServiceTest


1 /*
2  * Copyright (C) 2006 JasperSoft http://www.jaspersoft.com
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed WITHOUT ANY WARRANTY; and without the
10  * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11  * See the GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, see http://www.gnu.org/licenses/gpl.txt
15  * or write to:
16  *
17  * Free Software Foundation, Inc.,
18  * 59 Temple Place - Suite 330,
19  * Boston, MA USA 02111-1307
20  */
21
22 package com.jaspersoft.jasperserver.api.metadata.view.service.impl;
23
24 import java.util.Iterator JavaDoc;
25 import java.util.List JavaDoc;
26
27 import org.acegisecurity.AccessDeniedException;
28 import org.acegisecurity.Authentication;
29 import org.acegisecurity.acl.AclEntry;
30 import org.acegisecurity.acl.AclProvider;
31 import org.acegisecurity.acl.basic.BasicAclEntry;
32 import org.acegisecurity.acl.basic.SimpleAclEntry;
33 import org.acegisecurity.context.SecurityContextHolder;
34 import org.acegisecurity.providers.TestingAuthenticationToken;
35 import org.acegisecurity.userdetails.UserDetails;
36 import org.acegisecurity.userdetails.UserDetailsService;
37 import org.springframework.context.ApplicationContext;
38 import org.springframework.context.support.ClassPathXmlApplicationContext;
39
40 import com.jaspersoft.jasperserver.api.metadata.common.domain.Folder;
41 import com.jaspersoft.jasperserver.api.metadata.common.domain.InternalURI;
42 import com.jaspersoft.jasperserver.api.metadata.common.domain.Resource;
43 import com.jaspersoft.jasperserver.api.metadata.common.domain.ResourceLookup;
44 import com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService;
45 import com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService;
46 import com.jaspersoft.jasperserver.api.metadata.jasperreports.domain.ReportUnit;
47 import com.jaspersoft.jasperserver.api.metadata.user.domain.ObjectPermission;
48 import com.jaspersoft.jasperserver.api.metadata.user.domain.Role;
49 import com.jaspersoft.jasperserver.api.metadata.user.domain.User;
50 import com.jaspersoft.jasperserver.api.metadata.user.service.ObjectPermissionService;
51 import com.jaspersoft.jasperserver.api.metadata.user.service.UserAuthorityService;
52 import com.jaspersoft.jasperserver.api.metadata.user.service.impl.AclService;
53 import com.jaspersoft.jasperserver.api.metadata.view.domain.FilterCriteria;
54
55 import junit.framework.TestCase;
56 import junit.textui.TestRunner;
57
58 /**
59  * @author swood
60  *
61  */
62 public class ObjectPermissionServiceTest extends TestCase {
63     
64     public static String JavaDoc reportUnitFolder = "/reports/samples";
65     public static String JavaDoc reportUnitName = "AllAccounts";
66     public static String JavaDoc reportUnitPath = reportUnitFolder + Folder.SEPARATOR + reportUnitName;
67     
68     public static String JavaDoc testUserName = "TestUser";
69     public static String JavaDoc tomcatUserName = "tomcat";
70     
71     public static String JavaDoc userRoleName = "ROLE_USER";
72     public static String JavaDoc testRoleName = "ROLE_TEST";
73     public static String JavaDoc administratorRoleName = "ROLE_ADMINISTRATOR";
74     public static int readPermissionMask = SimpleAclEntry.READ;
75     public static int adminPermissionMask = SimpleAclEntry.ADMINISTRATION;
76     
77     ApplicationContext factory;
78     RepositoryService repo;
79     UserAuthorityService userAuthService;
80     ObjectPermissionService objectPermissionService;
81     
82     ReportUnit unit;
83     Role userRole, adminRole, testRole;
84     User tomcatUser, testUser;
85     
86     Folder root;
87     
88     public ObjectPermissionServiceTest(String JavaDoc name) {
89         super(name);
90     }
91
92     public static void main(String JavaDoc[] args) {
93         TestRunner.run(UserAuthorityServiceTest.class);
94     }
95
96     public void setUp() throws Exception JavaDoc {
97         System.out.println("ObjectPermissionServiceTest Setup");
98         //ClassPathResource resource = new ClassPathResource("userAuthorityService.xml");
99 //new String[] {"hibernateConfig.xml", "userAuthorityService.xml", "viewService.xml", "methodAndObjectSecurity.xml"});
100 ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
101                 new String JavaDoc[] {"hibernateConfig.xml", "userAuthorityService.xml", "repoService-Security.xml", "methodAndObjectSecurity.xml"});
102
103         factory = (ApplicationContext) appContext;
104
105         // Get the services
106
107         userAuthService = (UserAuthorityService) factory.getBean("userAuthorityService");
108         objectPermissionService = (ObjectPermissionService) factory.getBean("objectPermissionService");
109         repo = (HibernateRepositoryService) factory.getBean("repoService");
110         
111         setUpRoles();
112         setUpUsers();
113         
114         setAuthenticatedUser(tomcatUserName);
115         
116         // Set up some data
117
118         unit = (ReportUnit) repo.getResource(null, reportUnitPath);
119         assertNotNull("Null ReportUnit", unit);
120         assertEquals("Unmatched ReportUnit name", reportUnitName, unit.getName());
121         
122         root = repo.getFolder(null, Folder.SEPARATOR);
123
124         // THESE ARE DEFAULTS FOR THE SYSTEM: not deleted
125
126         // Create default permission of ADMINISTRATION at the root level
127
128         createObjectPermission(root, adminRole, SimpleAclEntry.ADMINISTRATION);
129         
130         /*
131          * Set read permissions at the root level for ROLE_USER
132          */
133         
134         createObjectPermission(root, userRole, SimpleAclEntry.READ);
135     
136     }
137     
138     /**
139      * ROLE_USER
140      * ROLE_ADMINISTRATOR
141      *
142      */
143     private void setUpRoles() {
144         
145         userRole = getOrCreateRole(userRoleName);
146         
147         adminRole = getOrCreateRole(administratorRoleName);
148         
149         testRole = getOrCreateRole(testRoleName);
150     }
151     
152     private Role getOrCreateRole(String JavaDoc roleName) {
153         Role r = userAuthService.getRole(null, roleName);
154         if (r == null) {
155             r = userAuthService.newRole(null);
156             r.setRoleName(roleName);
157             r.setExternallyDefined(false);
158             userAuthService.putRole(null, r);
159         }
160         return r;
161     }
162
163     /**
164      * testUserName: TestUser has role: ROLE_TEST
165      * tomcatUserName: tomcat has role: ROLE_ADMINISTRATOR
166      *
167      */
168     private void setUpUsers() {
169         testUser = findOrCreateUser(testUserName);
170         
171         userAuthService.addRole(null, testUser, testRole);
172         tomcatUser = findOrCreateUser(tomcatUserName);
173         
174         userAuthService.addRole(null, tomcatUser, adminRole);
175         
176     }
177     
178     private User findOrCreateUser(String JavaDoc username) {
179         User workingUser = userAuthService.getUser(null, username);
180         if (workingUser == null) {
181             workingUser = userAuthService.newUser(null);
182             workingUser.setUsername(username);
183             workingUser.setPassword(username);
184             workingUser.setFullName(username + " user");
185             workingUser.setEnabled(true);
186         
187             userAuthService.putUser(null, workingUser);
188         }
189
190         return workingUser;
191     }
192     
193     public void tearDown() {
194         System.out.println("ObjectPermissionServiceTest Tear down");
195
196         // Remove read permissions for the user at the report unit level
197 User u = userAuthService.getUser(null, testUserName);
198         Resource r = repo.getResource(null, reportUnitPath);
199         deleteObjectPermission(r, u);
200
201         // Remove block permissions at the folder level
202 System.out.println("Deleting permission for " + userRoleName + " and " + reportUnitFolder);
203         Role userRole = userAuthService.getRole(null, userRoleName);
204         Folder f = repo.getFolder(null, reportUnitFolder);
205         deleteObjectPermission(f, userRole);
206         /*
207          * Leave entries in the database:
208          * root level permissions for ROLE_ADMINISTRATOR and ROLE_USER
209          */
210     }
211     
212     /**
213      * For our report unit without a parent:
214      * ROLE_USER: SimpleAclEntry.READ
215      * ROLE_ADMINISTRATOR: SimpleAclEntry.ADMINISTRATION
216      *
217      * and
218      *
219      * testUserName: TestUser has role: ROLE_USER
220      * tomcatUserName: tomcat has role: ROLE_ADMINISTRATOR
221      */
222     public void testObjectPermissionSetup() {
223         
224         setAuthenticatedUser(tomcatUserName);
225         
226         List JavaDoc l = objectPermissionService.getObjectPermissionsForObjectAndRecipient(null, unit, adminRole);
227         
228         assertTrue("getObjectPermissionsForObjectAndRecipient size not 0: " +
229                     (l == null ? "null" : (new Integer JavaDoc(l.size())).toString()), l == null || l.size() == 0);
230 /*
231         ObjectPermission op = (ObjectPermission) l.get(0);
232         
233         System.out.println("ObjectPermission for unit and adminRole: " + op);
234 */
235         ReportUnit ru = (ReportUnit) repo.getResource(null, unit.getURI());
236
237         assertTrue("Null report unit for " + unit.getURI(), ru != null);
238         
239         assertTrue(ru.getName().equals(reportUnitName));
240 /*
241         assertTrue("op has a non-null recipient: " + op.getPermissionRecipient(), op.getPermissionRecipient() == null);
242 */
243         String JavaDoc p = ru.getParentFolder();
244         
245         Folder f = repo.getFolder(null, p);
246         
247         assertTrue("Invalid folder: " + p, f != null);
248         
249         l = objectPermissionService.getObjectPermissionsForObject(null, f);
250         
251         System.out.println("ObjectPermission for unit folder: " + l);
252         
253         assertTrue("getObjectPermissionsForObject size not 0: " +
254                     (l == null ? "null" : (new Integer JavaDoc(l.size())).toString()), l == null || l.size() == 0);
255     }
256     
257     public void testAclAccess() {
258         
259         Authentication aUser = setAuthenticatedUser(tomcatUserName);
260
261         BasicAclEntry[] aclEntries = ((AclService) objectPermissionService).getAcls(unit);
262         
263         assertTrue("aclEntries = null", aclEntries != null);
264
265         printAclEntries("getAcls(unit)", aclEntries);
266         
267         assertTrue("aclEntries.length = " + aclEntries.length + " not 3", aclEntries.length == 3);
268         
269         AclEntry[] userEntries = ((AclProvider) objectPermissionService).getAcls(unit, aUser);
270         assertTrue("userEntries = null", userEntries != null);
271
272         printAclEntries("getAcls(unit, aUser)", (BasicAclEntry[]) userEntries);
273         
274         // 1 entry from the root for ROLE_ADMINISTRATOR
275 assertTrue("userEntries.length = " + userEntries.length + " not 2", userEntries.length == 2);
276         
277         AclEntry found = null;
278         for (int i = 0; i < userEntries.length && found == null; i++ ) {
279             found = (((BasicAclEntry) userEntries[i]).getRecipient() instanceof Role) ?
280                     userEntries[i] : null;
281         }
282         
283         assertTrue("Role recipient not found", found != null);
284         assertTrue("Wrong role: " + ((BasicAclEntry) found).getRecipient(), ((Role) ((BasicAclEntry) found).getRecipient()).getRoleName().equals(administratorRoleName));
285     }
286
287     public void testMethodAndObjectAccess() {
288         
289         setAuthenticatedUser(tomcatUserName);
290         
291         /*
292          * Now test access:
293          * tomcat is the user, that has a ROLE_ADMINISTRATOR
294
295                 HibernateRepositoryService.loadResourcesList=ROLE_ADMINISTRATOR,AFTER_ACL_COLLECTION_READ
296
297          */
298
299         Resource r = repo.getResource(null, reportUnitPath); // should be OK - not secured
300
301         assertNotNull("null Resource", r);
302
303         exerciseResourcesListAccess(tomcatUserName, true,
304                 "Administrator should have access to report unit via role at root",
305                 "Administrator has access to report unit");
306         
307         //System.out.println("Administrator has access to report unit");
308
309         /*
310          * The TestUser has ROLE_TEST role, but
311          * does not have ROLE_ADMINISTRATOR access to the report unit, so it will not appear in the list
312          */
313
314         exerciseResourcesListAccess(testUserName, false,
315                 "ROLE_TEST should not have access to report unit because there is no permissions for ROLE_TEST or this user",
316                 "ROLE_TEST does not have access to report unit");
317         
318         //System.out.println("ROLE_TEST does not have access to report unit");
319
320         /*
321          * Now add permissions for the testUserName to the report unit
322          */
323         assertNotNull("null testUserName", testUserName);
324         ObjectPermission op = createObjectPermission(r, testUser, SimpleAclEntry.READ);
325
326         /*
327          * Should be able to access now
328          */
329
330         exerciseResourcesListAccess(testUserName, true,
331                 "Test user should have specific access to report unit",
332                 "Test user has access to report unit");
333         
334         //System.out.println("Test user has access to report unit");
335
336         objectPermissionService.deleteObjectPermission(null, op);
337
338         // Give the testUserName a ROLE_USER role
339
340         userAuthService.addRole(null, testUser, userRole);
341
342         /*
343          * Should still be able to access
344          */
345         exerciseResourcesListAccess(testUserName, true,
346                 "ROLE_USER should have access to root level",
347                 "ROLE_USER given access to root level");
348         
349         //System.out.println("ROLE_USER given access to root level");
350
351         Folder f = repo.getFolder(null, reportUnitFolder);
352
353         // Block permissions at the folder level
354
355         op = createObjectPermission(f, userRole, SimpleAclEntry.NOTHING);
356
357         /*
358          * Should not be able to access
359          */
360         exerciseResourcesListAccess(testUserName, false,
361                 "ROLE_USER should have no access to report unit folder level",
362                 "ROLE_USER given no access to report unit folder level");
363         
364         //System.out.println("ROLE_USER given no access to report unit folder level");
365 }
366     
367     private Authentication setAuthenticatedUser(String JavaDoc username) {
368         UserDetails userDetails = ((UserDetailsService)userAuthService).loadUserByUsername(username);
369         Authentication aUser = new TestingAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
370         aUser.setAuthenticated(true);
371
372         SecurityContextHolder.getContext().setAuthentication(aUser);
373         return aUser;
374     }
375     
376     private void printAclEntries(String JavaDoc name, BasicAclEntry[] aclEntries) {
377         
378         System.out.println("AclEntry set: " + name);
379         
380         for (int i = 0; aclEntries != null && aclEntries.length > 0 && i < aclEntries.length; i++) {
381             System.out.println("aclEntries[" + i + "]: " + aclEntries[i].getAclObjectIdentity() +
382                     "\n\tparent: " + aclEntries[i].getAclObjectParentIdentity() +
383                     "\n\trecipient: " + aclEntries[i].getRecipient() +
384                     "\n\tmask: " + aclEntries[i].getMask());
385         }
386
387     }
388     
389     private void exerciseResourcesListAccess(String JavaDoc userName, boolean expectToFind,
390             String JavaDoc testDescription, String JavaDoc successMessage) {
391         FilterCriteria criteria = FilterCriteria.createFilter(ReportUnit.class);
392         List JavaDoc l;
393         
394         setAuthenticatedUser(userName);
395         
396         Iterator JavaDoc it;
397         boolean found = false;
398
399         try {
400             l = repo.loadResourcesList(criteria);
401             System.out.println("loadResourcesList size: " + l.size());
402             it = l.iterator();
403             found = false;
404             while (it.hasNext() && !found) {
405                 ResourceLookup rlu = (ResourceLookup) it.next();
406                 found = rlu.getURIString().equals(reportUnitPath);
407             }
408             
409             // If we found and did not expect to, or we did not find and we expected to
410
411             if (found != expectToFind) {
412                 fail(userName + ": loadResourcesList " + (expectToFind ? "did not contain " : "contained un") + "expected report unit for " + reportUnitName);
413             }
414         } catch (AccessDeniedException ex) {
415             fail(userName + ": loadResourcesList AccessDeniedException unexpected");
416         }
417         
418         System.out.println(successMessage);
419
420     }
421     
422     private ObjectPermission createObjectPermission(InternalURI target, Object JavaDoc recipient, int permissionMask) {
423         ObjectPermission permission = objectPermissionService.newObjectPermission(null);
424         permission.setURI(target.getURI());
425         permission.setPermissionRecipient(recipient);
426         permission.setPermissionMask(permissionMask);
427         objectPermissionService.putObjectPermission(null, permission);
428         return permission;
429     }
430
431     private void deleteObjectPermission(InternalURI target, Object JavaDoc recipient) {
432         
433         ObjectPermission op = objectPermissionService.newObjectPermission(null);
434         
435         String JavaDoc targetURI = target.getURI();
436         op.setURI(targetURI);
437         op.setPermissionRecipient(recipient);
438         
439         System.out.println("deleteObjectPermission: about to get: " + targetURI + ", recipient: " + recipient);
440         ObjectPermission op2 = objectPermissionService.getObjectPermission(null, op);
441         if (op2 != null) {
442             System.out.println("deleteObjectPermission: got " + op2 + ". about to delete: " + targetURI + ", recipient: " + recipient);
443             objectPermissionService.deleteObjectPermission(null, op);
444             System.out.println("deleted permission for uri: " + targetURI + ", recipient: " + recipient);
445         } else {
446             System.out.println("Can't delete permission for uri: " + targetURI + ", recipient: " + recipient + " because it does not exist");
447         }
448
449     }
450 }
451
Popular Tags