1 16 17 package org.apache.jetspeed.services.security.registry; 18 19 import java.util.Iterator ; 21 import java.util.Vector ; 22 23 import junit.awtui.TestRunner; 24 import junit.framework.Test; 25 import junit.framework.TestSuite; 26 27 import org.apache.jetspeed.om.BaseSecurityReference; 28 import org.apache.jetspeed.om.SecurityReference; 29 import org.apache.jetspeed.om.profile.Entry; 30 import org.apache.jetspeed.om.profile.psml.PsmlEntry; 31 import org.apache.jetspeed.om.registry.RegistryEntry; 32 import org.apache.jetspeed.om.registry.SecurityAccess; 33 import org.apache.jetspeed.om.registry.SecurityAllow; 34 import org.apache.jetspeed.om.registry.SecurityEntry; 35 import org.apache.jetspeed.om.registry.base.BaseSecurityAccess; 36 import org.apache.jetspeed.om.registry.base.BaseSecurityAllow; 37 import org.apache.jetspeed.om.registry.base.BaseSecurityEntry; 38 import org.apache.jetspeed.om.security.JetspeedUser; 39 import org.apache.jetspeed.services.JetspeedPortalAccessController; 40 import org.apache.jetspeed.services.JetspeedSecurity; 41 import org.apache.jetspeed.services.Registry; 42 import org.apache.jetspeed.services.resources.JetspeedResources; 43 import org.apache.jetspeed.services.security.JetspeedGroupManagement; 44 import org.apache.jetspeed.services.security.JetspeedRoleManagement; 45 import org.apache.jetspeed.test.JetspeedTestCase; 46 import org.apache.turbine.util.StringUtils; 47 import org.apache.turbine.util.TurbineConfig; 48 49 55 public class TestAccessController extends JetspeedTestCase 56 { 57 58 private static String ADMIN_PORTLET = "GlobalAdminPortlet"; private static SecurityReference adminSecurityRef = new BaseSecurityReference(); 60 private static String ALL_PORTLET = "HelloVelocity"; private static SecurityReference defaultSecurityRef = new BaseSecurityReference(); 62 private static String TEST_GROUP = "Jetspeed"; 63 private static String TEST_SECURITY_PAGE = "SecurityTest"; 64 private static String USER_PORTLET = "SkinBrowser"; private static String USERANON_PORTLET = "Welcome"; private static SecurityReference userSecurityRef = new BaseSecurityReference(); 67 private static SecurityReference userAllAnonViewSecurityRef = new BaseSecurityReference(); 68 69 74 public TestAccessController( String name ) 75 { 76 super( name ); 77 } 78 79 84 public static void main(String args[]) 85 { 86 TestRunner.main( new String [] 87 { TestAccessController.class.getName() } ); 88 } 89 90 public void setup() 91 { 92 System.out.println("Setup: Testing categories of Profiler Service"); 93 } 94 100 public static Test suite() 101 { 102 return new TestSuite( TestAccessController.class ); 104 } 105 106 public void testVerifyEnvironment() throws Exception 107 { 108 assertEquals( "Using TurbineAccessController", 109 "org.apache.jetspeed.services.security.registry.RegistryAccessController", 110 JetspeedResources.getString("services.PortalAccessController.classname")); 111 112 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", null, "admin", null, "*")); 113 assertNotNull( "Getting admin_only security " , Registry.getEntry( Registry.SECURITY, "admin_only")); 114 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", null, "user", null, "*")); 115 assertNotNull( "Getting user_only security " , Registry.getEntry( Registry.SECURITY, "user_only")); 116 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, null, null, "*")); 117 assertNotNull( "Getting wide_open security " , Registry.getEntry( Registry.SECURITY, "wide_open")); 118 119 131 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", null, "user", null, "*")); 132 assertNotNull( "Getting all_users-view_anon security " , Registry.getEntry( Registry.SECURITY, "all_users-view_anon")); 133 SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "all_users-view_anon"); 134 Vector accessVector = secEntry.getAccesses(); 135 assertEquals( "Getting number of accesses for all_users-view_anon", 1, accessVector.size()); 136 BaseSecurityAllow allowElement = new BaseSecurityAllow(); 137 allowElement.setRole("guest"); 138 Vector allowVector = new Vector (); 139 allowVector.addElement(allowElement); 140 BaseSecurityAccess accessElement = new BaseSecurityAccess(); 141 accessElement.setAction("view"); 142 accessElement.setAllows( allowVector ); 143 accessVector.addElement(accessElement); 144 secEntry.setAccesses(accessVector); 145 assertEquals( "Getting number of accesses for all_users-view_anon", 2, secEntry.getAccesses().size()); 146 147 assertNotNull( "Getting admin user", JetspeedSecurity.getUser("admin")); 149 assertTrue( "Admin user has Admin role", JetspeedRoleManagement.hasRole("admin","admin")); 150 assertTrue( "Admin user has User role", JetspeedRoleManagement.hasRole("admin","user")); 151 assertNotNull( "Getting turbine user", JetspeedSecurity.getUser("turbine")); 152 assertTrue( "Turbine user does not have Admin role", !JetspeedRoleManagement.hasRole("turbine","admin")); 153 assertTrue( "Turbine user has User role", JetspeedRoleManagement.hasRole("turbine","user")); 154 assertNotNull( "Getting anonymous user", JetspeedSecurity.getAnonymousUser()); 155 assertTrue( "anonymous user does not have Admin role", !JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"admin")); 156 assertTrue( "anonymous user does not have User role", !JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"user")); 157 assertTrue( "anonymous user does not have Guest role", JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"guest")); 158 159 assertNotNull( "adminSecurityRef", adminSecurityRef); 160 adminSecurityRef.setParent("admin_only"); 161 assertNotNull( "Getting security for " + adminSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, adminSecurityRef.getParent())); 162 163 assertNotNull( "userSecurityRef", userSecurityRef); 164 userSecurityRef.setParent("user_only"); 165 assertNotNull( "Getting security for " + userSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, userSecurityRef.getParent())); 166 167 assertNotNull( "defaultSecurityRef", defaultSecurityRef); 168 defaultSecurityRef.setParent("wide_open"); 169 assertNotNull( "Getting security for " + defaultSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent())); 170 171 assertNotNull( "userAllAnonViewSecurityRef", userAllAnonViewSecurityRef); 172 userAllAnonViewSecurityRef.setParent("all_users-view_anon"); 173 assertNotNull( "Getting security for " + userAllAnonViewSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent())); 174 175 } 176 177 public void testRequiredActions() throws Exception 178 { 179 JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin"); 180 assertNotNull( "Getting admin user", adminUser); 181 adminUser.setHasLoggedIn(Boolean.TRUE); 182 183 JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine"); 184 assertNotNull( "Getting turbine user", turbineUser); 185 turbineUser.setHasLoggedIn(Boolean.TRUE); 186 187 JetspeedUser anonymousUser = (JetspeedUser) JetspeedSecurity.getAnonymousUser(); 188 assertNotNull( "Getting anonymous user", anonymousUser); 189 Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin", adminSecurityRef); 190 Entry userEntry = createEntry( USER_PORTLET, "ST_01.user", userSecurityRef); 191 Entry allEntry = createEntry( ALL_PORTLET, "ST_01.all", defaultSecurityRef); 192 Entry userAnonEntry = createEntry( USERANON_PORTLET, "ST_01.userAnon", userAllAnonViewSecurityRef); 193 194 assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view")); 195 assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view")); 196 assertEquals( "Anonymous user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, adminEntry, "view")); 197 198 assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view")); 199 assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view")); 200 assertEquals( "Anonymous user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userEntry, "view")); 201 202 assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view")); 203 assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view")); 204 assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view")); 205 206 assertEquals( "Admin user has view access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userAnonEntry, "view")); 207 assertEquals( "Admin user has maximize access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userAnonEntry, "maximize")); 208 assertEquals( "Anonymous user has view access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "view")); 209 assertEquals( "Anonymous user has maximize access to " + USERANON_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "maximize")); 210 } 211 212 public void testRolesAndGroups() throws Exception 213 { 214 223 224 assertEquals( "Using RegistryAccessController", 225 "org.apache.jetspeed.services.security.registry.RegistryAccessController", 226 JetspeedResources.getString("services.PortalAccessController.classname")); 227 228 SecurityEntry paav = createSecurityEntry( "powerusers_all-anon_view", "apache", "admin", null, "*"); 229 Registry.addEntry(Registry.SECURITY, (RegistryEntry) paav); 230 assertNotNull( "Getting powerusers_all-anon_view" , Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view")); 231 232 SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view"); 233 Vector accessVector = secEntry.getAccesses(); 234 235 for (Iterator it = accessVector.iterator(); it.hasNext();) 236 { 237 SecurityAccess access = (SecurityAccess) it.next(); 238 System.out.println("Action:" + access.getAction().toString()); 239 240 Vector allAllows = access.getAllAllows(); 241 for (Iterator it1 = allAllows.iterator(); it1.hasNext();) 242 { 243 SecurityAllow allow = (SecurityAllow) it1.next(); 244 System.out.println("Allow group: " + allow.getGroup() + ", role: " + allow.getRole() + ", user: " + allow.getUser()); 245 } 246 } 247 248 SecurityReference secRef = new BaseSecurityReference(); 249 secRef.setParent("powerusers_all-anon_view"); 250 Entry adminEntry = createEntry(ADMIN_PORTLET, "ST_01.apache.admin", secRef); 251 252 JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine"); 253 assertNotNull( "Getting turbine user", turbineUser); 254 turbineUser.setHasLoggedIn(Boolean.TRUE); 255 256 try 257 { 258 JetspeedGroupManagement.joinGroup("turbine", "apache", "admin"); 259 } 260 catch (Exception e) 261 { 262 e.printStackTrace(); 263 } 264 265 assertEquals( "Turbine user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view")); 266 267 try 268 { 269 JetspeedGroupManagement.unjoinGroup("turbine", "apache", "admin"); 270 } 271 catch (Exception e) 272 { 273 e.printStackTrace(); 274 } 275 276 assertEquals( "Turbine user has no view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view")); 277 } 278 279 282 283 287 private static TurbineConfig config = null; 288 289 293 static 294 { 295 try 296 { 297 config = new TurbineConfig( "webapp", "/WEB-INF/conf/TurbineResources.properties"); 298 config.init(); 299 } 300 catch (Exception e) 301 { 302 fail(StringUtils.stackTrace(e)); 303 } 304 } 305 306 private PsmlEntry createEntry(String parent, String entryId, SecurityReference security) 307 { 308 PsmlEntry entry = new PsmlEntry(); 309 entry.setParent( parent); 310 if (entryId != null) 311 entry.setId( entryId); 312 if (security != null) 313 entry.setSecurityRef( security); 314 return entry; 315 } 316 317 private SecurityEntry createSecurityEntry( String name, String group, String role, String user, String action) 318 { 319 Vector allowVector = null; 320 if (role != null || group != null || user != null) 321 { 322 BaseSecurityAllow allowElement = new BaseSecurityAllow(); 323 allowElement.setRole(role); 324 allowElement.setGroup(group); 325 allowElement.setUser(user); 326 allowVector = new Vector (); 327 allowVector.addElement(allowElement); 328 } 329 330 BaseSecurityAccess accessElement = new BaseSecurityAccess(); 331 accessElement.setAction(action); 332 accessElement.setAllows( allowVector ); 333 Vector accessVector = new Vector (); 334 accessVector.addElement(accessElement); 335 336 BaseSecurityEntry securityEntry = new BaseSecurityEntry(); 337 securityEntry.setName(name); 338 securityEntry.setAccesses( accessVector); 339 return securityEntry; 340 } 341 342 } 343 | Popular Tags |