KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jcorporate > expresso > services > dbobj > tests > DBObjSecurityTests


1 /* ====================================================================
2  * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3  *
4  * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. The end-user documentation included with the redistribution,
19  * if any, must include the following acknowledgment:
20  * "This product includes software developed by Jcorporate Ltd.
21  * (http://www.jcorporate.com/)."
22  * Alternately, this acknowledgment may appear in the software itself,
23  * if and wherever such third-party acknowledgments normally appear.
24  *
25  * 4. "Jcorporate" and product names such as "Expresso" must
26  * not be used to endorse or promote products derived from this
27  * software without prior written permission. For written permission,
28  * please contact info@jcorporate.com.
29  *
30  * 5. Products derived from this software may not be called "Expresso",
31  * or other Jcorporate product names; nor may "Expresso" or other
32  * Jcorporate product names appear in their name, without prior
33  * written permission of Jcorporate Ltd.
34  *
35  * 6. No product derived from this software may compete in the same
36  * market space, i.e. framework, without prior written permission
37  * of Jcorporate Ltd. For written permission, please contact
38  * partners@jcorporate.com.
39  *
40  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43  * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This software consists of voluntary contributions made by many
55  * individuals on behalf of the Jcorporate Ltd. Contributions back
56  * to the project(s) are encouraged when you make modifications.
57  * Please send them to support@jcorporate.com. For more information
58  * on Jcorporate Ltd. and its products, please see
59  * <http://www.jcorporate.com/>.
60  *
61  * Portions of this software are based upon other open source
62  * products and are subject to their respective licenses.
63  */
64
65 package com.jcorporate.expresso.services.dbobj.tests;
66
67 import com.jcorporate.expresso.core.db.DBException;
68 import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
69 import com.jcorporate.expresso.core.security.User;
70 import com.jcorporate.expresso.services.dbobj.DBObjSecurity;
71 import com.jcorporate.expresso.services.dbobj.GroupMembers;
72 import com.jcorporate.expresso.services.dbobj.UserGroup;
73 import com.jcorporate.expresso.services.dbobj.UserPreference;
74 import com.jcorporate.expresso.services.test.ExpressoTestCase;
75 import com.jcorporate.expresso.services.test.TestSystemInitializer;
76 import junit.framework.TestSuite;
77
78 import java.util.ArrayList JavaDoc;
79 import java.util.Iterator JavaDoc;
80
81
82 /**
83  * Perform unit tests to determine if the db object security is working correctly.
84  * These unit tests create a temporary user entry, assign it certain permissions,
85  * verifying that the permissions
86  * are granted appropriately, then remove the permissions and check that they are
87  * removed. Note that this test requires that the default UserDBObj implentation
88  * of User is used - e.g. don't have LDAP enabled when this test is run.
89  *
90  * @author Michael Rimov
91  * @version $Revision: 1.2 $ on $Date: 2004/11/17 20:48:24 $
92  */
93 public class DBObjSecurityTests
94         extends ExpressoTestCase {
95     private static final String JavaDoc TEST_GROUP = "TestGroup";
96     private static final String JavaDoc TEST_LOGIN = "testUser";
97     private int TEST_UID = 0;
98
99     public DBObjSecurityTests(String JavaDoc name)
100             throws Exception JavaDoc {
101         super(name);
102     }
103
104     public static void main(String JavaDoc[] args)
105             throws java.lang.Exception JavaDoc {
106
107         //Set the system properties we need
108 junit.textui.TestRunner.run(suite());
109     }
110
111     /**
112      * Creates the test cases. Order is important, thus the manual
113      * creation.
114      */
115     public static junit.framework.Test suite()
116             throws Exception JavaDoc {
117         return new TestSuite(DBObjSecurityTests.class);
118     }
119
120     /**
121      * Create a SetupCache and make sure that the values are reading correctly.
122      */
123     public void testDBObjSecurity()
124             throws Exception JavaDoc {
125
126         /* Remove all permission for the test group initially */
127         DBObjSecurity oneSec = null;
128         DBObjSecurity secList = new DBObjSecurity();
129         secList.setDataContext(TestSystemInitializer.getTestContext());
130         secList.setField("GroupName", TEST_GROUP);
131
132         for (Iterator JavaDoc e1 = secList.searchAndRetrieveList().iterator();
133              e1.hasNext();) {
134             oneSec = (DBObjSecurity) e1.next();
135             oneSec.delete();
136         }
137
138         /* Make sure the test user has no permission now */
139         UserPreference testPref = new UserPreference(this.TEST_UID);
140         testPref.setDataContext(TestSystemInitializer.getTestContext());
141
142         if (testPref.checkAllowed("A")) {
143             fail("Test user was allowed add permission to " +
144                     "UserPreference and should not have been");
145         }
146         if (testPref.checkAllowed("U")) {
147             fail("Test user was allowed update permission to " +
148                     "UserPreference and should not have been");
149         }
150         if (testPref.checkAllowed("D")) {
151             fail("Test user was allowed delete permission to " +
152                     "UserPreference and should not have been");
153         }
154         if (testPref.checkAllowed("S")) {
155             fail("Test user was allowed search permission to " +
156                     "UserPreference and should not have been");
157         }
158
159         String JavaDoc testPrefDB = testPref.getDataContext();
160
161         /* Now grant "add" permission and see what happens */
162         DBObjSecurity newSec = new DBObjSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
163         newSec.setDataContext(TestSystemInitializer.getTestContext());
164         newSec.setField("GroupName", "TestGroup");
165         newSec.setField("MethodCode", "A");
166         newSec.setField("DBObjectName",
167                 "com.jcorporate.expresso.services.dbobj.UserPreference");
168         newSec.add();
169         testPrefDB = testPref.getDataContext();
170         if (!testPref.checkAllowed("A")) {
171             fail("Test user was not allowed add permission to " +
172                     "UserPreference and should have been - add of permissions " +
173                     "did not work");
174         }
175         if (testPref.checkAllowed("U")) {
176             fail("Test user was allowed update permission to " +
177                     "UserPreference and should not have been");
178         }
179         if (testPref.checkAllowed("D")) {
180             fail("Test user was allowed delete permission to " +
181                     "UserPreference and should not have been");
182         }
183         if (testPref.checkAllowed("S")) {
184             fail("Test user was allowed search permission to " +
185                     "UserPreference and should not have been");
186         }
187
188         /* Now remove add permission and make sure it gets removed */
189         newSec.setField("GroupName", TEST_GROUP);
190         newSec.setField("MethodCode", "A");
191         newSec.setField("DBObjectName",
192                 com.jcorporate.expresso.services.dbobj.UserPreference.class.getName());
193         newSec.delete();
194
195         if (testPref.checkAllowed("A")) {
196             fail("Test user was allowed add permission to " +
197                     "UserPreference and should not have been - delete of " +
198                     "permissions did not work");
199         }
200         if (testPref.checkAllowed("U")) {
201             fail("Test user was allowed update permission " +
202                     "to UserPreference and should not have been");
203         }
204         if (testPref.checkAllowed("D")) {
205             fail("Test user was allowed delete permission to " +
206                     "UserPreference and should not have been");
207         }
208         if (testPref.checkAllowed("S")) {
209             fail("Test user was allowed search permission " +
210                     "to UserPreference and should not have been");
211         }
212     }
213
214     protected void setUp()
215             throws java.lang.Exception JavaDoc {
216         User testUser = new User();
217         testUser.setDataContext(TestSystemInitializer.getTestContext());
218         testUser.setLoginName(TEST_LOGIN);
219
220         if (!testUser.find()) {
221             testUser.setEmail("testme@example.org");
222             testUser.setLoginName(TEST_LOGIN);
223             testUser.setDisplayName("User for DBObjSecurity unit test - remove");
224             testUser.add();
225         }
226         if (testUser.find()) {
227             TEST_UID = testUser.getUid();
228         } else {
229             fail("Unable to create Test User");
230         }
231
232         UserGroup testGroup = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
233         testGroup.setDataContext(TestSystemInitializer.getTestContext());
234         testGroup.setField("GroupName", TEST_GROUP);
235
236         if (!testGroup.find()) {
237             testGroup.setField("Descrip",
238                     "Group for DBObjSecurity unit test - remove");
239             testGroup.add();
240         }
241
242         GroupMembers testGroupMembers = new GroupMembers(SecuredDBObject.SYSTEM_ACCOUNT);
243         testGroupMembers.setDataContext(TestSystemInitializer.getTestContext());
244         testGroupMembers.setField("GroupName", TEST_GROUP);
245         testGroupMembers.setField("ExpUid", TEST_UID);
246
247         if (!testGroupMembers.find()) {
248             testGroupMembers.add();
249         }
250
251         /* Now the test user is in the test group */
252         super.setUp();
253     }
254
255     /**
256      * Makes sure that all objects are deleted properly. Notice that everything
257      * is removed in reverse order to allow for referential integrity.
258      */
259     protected void tearDown()
260             throws java.lang.Exception JavaDoc {
261         //remove all group members
262 try {
263             GroupMembers testGroupMembers = new GroupMembers(SecuredDBObject.SYSTEM_ACCOUNT);
264             testGroupMembers.setDataContext(TestSystemInitializer.getTestContext());
265             testGroupMembers.setField("GroupName", TEST_GROUP);
266             testGroupMembers.setField("ExpUid", TEST_UID);
267             ArrayList JavaDoc al = testGroupMembers.searchAndRetrieveList();
268
269             for (Iterator JavaDoc i = al.iterator(); i.hasNext();) {
270                 GroupMembers oneMember = (GroupMembers) i.next();
271                 oneMember.delete();
272             }
273         } catch (DBException dbe) {
274             dbe.printStackTrace();
275             System.out.println("Error Deleting Test Group Members: " +
276                     dbe.getMessage());
277         }
278
279         //Remove all security entries for test group
280 try {
281             DBObjSecurity oneSec = null;
282             DBObjSecurity secList = new DBObjSecurity();
283             secList.setDataContext(TestSystemInitializer.getTestContext());
284             secList.setField("GroupName", TEST_GROUP);
285
286             for (Iterator JavaDoc e1 = secList.searchAndRetrieveList().iterator();
287                  e1.hasNext();) {
288                 oneSec = (DBObjSecurity) e1.next();
289                 oneSec.delete();
290             }
291         } catch (DBException dbe) {
292             dbe.printStackTrace();
293             System.out.println("DBObject Security Entries: " +
294                     dbe.getMessage());
295         }
296
297         //Remove the user group.
298 try {
299             UserGroup testGroup = new UserGroup();
300             testGroup.setDataContext(TestSystemInitializer.getTestContext());
301             testGroup.setField("GroupName", TEST_GROUP);
302
303             if (testGroup.find()) {
304                 testGroup.delete();
305             }
306         } catch (DBException dbe) {
307             dbe.printStackTrace();
308             System.out.println("Error Deleting Test Group: " +
309                     dbe.getMessage());
310         }
311
312         //Remove the user himself
313 try {
314             User testUser = new User();
315             testUser.setDataContext(TestSystemInitializer.getTestContext());
316             testUser.setLoginName(TEST_LOGIN);
317
318             if (testUser.find()) {
319                 testUser.delete();
320             }
321         } catch (DBException dbe) {
322             dbe.printStackTrace();
323             System.out.println("Error Deleting Test User: " +
324                     dbe.getMessage());
325         }
326
327         super.tearDown();
328     }
329 }
Popular Tags