KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > jetspeed > services > security > registry > TestAccessController


1 /*
2  * Copyright 2000-2001,2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.jetspeed.services.security.registry;
18
19 // Java imports
20 import java.util.Iterator JavaDoc;
21 import java.util.Vector JavaDoc;
22
23 import junit.awtui.TestRunner;
24 import junit.framework.Test;
25 import junit.framework.TestSuite;
26
27 import org.apache.jetspeed.om.BaseSecurityReference;
28 import org.apache.jetspeed.om.SecurityReference;
29 import org.apache.jetspeed.om.profile.Entry;
30 import org.apache.jetspeed.om.profile.psml.PsmlEntry;
31 import org.apache.jetspeed.om.registry.RegistryEntry;
32 import org.apache.jetspeed.om.registry.SecurityAccess;
33 import org.apache.jetspeed.om.registry.SecurityAllow;
34 import org.apache.jetspeed.om.registry.SecurityEntry;
35 import org.apache.jetspeed.om.registry.base.BaseSecurityAccess;
36 import org.apache.jetspeed.om.registry.base.BaseSecurityAllow;
37 import org.apache.jetspeed.om.registry.base.BaseSecurityEntry;
38 import org.apache.jetspeed.om.security.JetspeedUser;
39 import org.apache.jetspeed.services.JetspeedPortalAccessController;
40 import org.apache.jetspeed.services.JetspeedSecurity;
41 import org.apache.jetspeed.services.Registry;
42 import org.apache.jetspeed.services.resources.JetspeedResources;
43 import org.apache.jetspeed.services.security.JetspeedGroupManagement;
44 import org.apache.jetspeed.services.security.JetspeedRoleManagement;
45 import org.apache.jetspeed.test.JetspeedTestCase;
46 import org.apache.turbine.util.StringUtils;
47 import org.apache.turbine.util.TurbineConfig;
48
49 /**
50  * TestAccessController
51  *
52  * @author <a HREF="paulsp@apache.org">Paul Spencer</a>
53  * @version $Id: TestAccessController.java,v 1.1 2004/04/07 22:02:43 jford Exp $
54  */
55 public class TestAccessController extends JetspeedTestCase
56 {
57  
58     private static String JavaDoc ADMIN_PORTLET = "GlobalAdminPortlet"; // Portlet accessable by Admin user, role = admin
59 private static SecurityReference adminSecurityRef = new BaseSecurityReference();
60     private static String JavaDoc ALL_PORTLET = "HelloVelocity"; // Portlet accessable by Anonymous user
61 private static SecurityReference defaultSecurityRef = new BaseSecurityReference();
62     private static String JavaDoc TEST_GROUP = "Jetspeed";
63     private static String JavaDoc TEST_SECURITY_PAGE = "SecurityTest";
64     private static String JavaDoc USER_PORTLET = "SkinBrowser"; // Portlet accessable by general user, role = user
65 private static String JavaDoc USERANON_PORTLET = "Welcome"; // Portlet viewable by Anonymous user, all by role=user
66 private static SecurityReference userSecurityRef = new BaseSecurityReference();
67     private static SecurityReference userAllAnonViewSecurityRef = new BaseSecurityReference();
68
69     /**
70      * Defines the testcase name for JUnit.
71      *
72      * @param name the testcase's name.
73      */
74     public TestAccessController( String JavaDoc name )
75     {
76         super( name );
77     }
78     
79     /**
80      * Start the tests.
81      *
82      * @param args the arguments. Not used
83      */
84     public static void main(String JavaDoc args[])
85     {
86         TestRunner.main( new String JavaDoc[]
87         { TestAccessController.class.getName() } );
88     }
89     
90     public void setup()
91     {
92         System.out.println("Setup: Testing categories of Profiler Service");
93     }
94     /**
95      * Creates the test suite.
96      *
97      * @return a test suite (<code>TestSuite</code>) that includes all methods
98      * starting with "test"
99      */
100     public static Test suite()
101     {
102         // All methods starting with "test" will be executed in the test suite.
103 return new TestSuite( TestAccessController.class );
104     }
105     
106     public void testVerifyEnvironment() throws Exception JavaDoc
107     {
108         assertEquals( "Using TurbineAccessController",
109         "org.apache.jetspeed.services.security.registry.RegistryAccessController",
110         JetspeedResources.getString("services.PortalAccessController.classname"));
111
112         Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", null, "admin", null, "*"));
113         assertNotNull( "Getting admin_only security " , Registry.getEntry( Registry.SECURITY, "admin_only"));
114         Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", null, "user", null, "*"));
115         assertNotNull( "Getting user_only security " , Registry.getEntry( Registry.SECURITY, "user_only"));
116         Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, null, null, "*"));
117         assertNotNull( "Getting wide_open security " , Registry.getEntry( Registry.SECURITY, "wide_open"));
118
119         /*
120          * Create a security entry that looks look like the following
121          *
122          * <security-entry name="all_users-view_anon">
123          * <access action="*">
124          * <allow-if role="user"/>
125          * </access>
126          * <access action="view">
127          * <allow-if role="guest"/>
128          * </access>
129          * </security-entry>
130          */
131         Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", null, "user", null, "*"));
132         assertNotNull( "Getting all_users-view_anon security " , Registry.getEntry( Registry.SECURITY, "all_users-view_anon"));
133         SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "all_users-view_anon");
134         Vector JavaDoc accessVector = secEntry.getAccesses();
135         assertEquals( "Getting number of accesses for all_users-view_anon", 1, accessVector.size());
136         BaseSecurityAllow allowElement = new BaseSecurityAllow();
137         allowElement.setRole("guest");
138         Vector JavaDoc allowVector = new Vector JavaDoc();
139         allowVector.addElement(allowElement);
140         BaseSecurityAccess accessElement = new BaseSecurityAccess();
141         accessElement.setAction("view");
142         accessElement.setAllows( allowVector );
143         accessVector.addElement(accessElement);
144         secEntry.setAccesses(accessVector);
145         assertEquals( "Getting number of accesses for all_users-view_anon", 2, secEntry.getAccesses().size());
146         
147         // Verify users and their groups
148 assertNotNull( "Getting admin user", JetspeedSecurity.getUser("admin"));
149         assertTrue( "Admin user has Admin role", JetspeedRoleManagement.hasRole("admin","admin"));
150         assertTrue( "Admin user has User role", JetspeedRoleManagement.hasRole("admin","user"));
151         assertNotNull( "Getting turbine user", JetspeedSecurity.getUser("turbine"));
152         assertTrue( "Turbine user does not have Admin role", !JetspeedRoleManagement.hasRole("turbine","admin"));
153         assertTrue( "Turbine user has User role", JetspeedRoleManagement.hasRole("turbine","user"));
154         assertNotNull( "Getting anonymous user", JetspeedSecurity.getAnonymousUser());
155         assertTrue( "anonymous user does not have Admin role", !JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"admin"));
156         assertTrue( "anonymous user does not have User role", !JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"user"));
157         assertTrue( "anonymous user does not have Guest role", JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"guest"));
158         
159         assertNotNull( "adminSecurityRef", adminSecurityRef);
160         adminSecurityRef.setParent("admin_only");
161         assertNotNull( "Getting security for " + adminSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, adminSecurityRef.getParent()));
162
163         assertNotNull( "userSecurityRef", userSecurityRef);
164         userSecurityRef.setParent("user_only");
165         assertNotNull( "Getting security for " + userSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, userSecurityRef.getParent()));
166
167         assertNotNull( "defaultSecurityRef", defaultSecurityRef);
168         defaultSecurityRef.setParent("wide_open");
169         assertNotNull( "Getting security for " + defaultSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent()));
170
171         assertNotNull( "userAllAnonViewSecurityRef", userAllAnonViewSecurityRef);
172         userAllAnonViewSecurityRef.setParent("all_users-view_anon");
173         assertNotNull( "Getting security for " + userAllAnonViewSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent()));
174
175     }
176         
177     public void testRequiredActions() throws Exception JavaDoc
178     {
179         JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
180         assertNotNull( "Getting admin user", adminUser);
181         adminUser.setHasLoggedIn(Boolean.TRUE);
182         
183         JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
184         assertNotNull( "Getting turbine user", turbineUser);
185         turbineUser.setHasLoggedIn(Boolean.TRUE);
186         
187         JetspeedUser anonymousUser = (JetspeedUser) JetspeedSecurity.getAnonymousUser();
188         assertNotNull( "Getting anonymous user", anonymousUser);
189         Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin", adminSecurityRef);
190         Entry userEntry = createEntry( USER_PORTLET, "ST_01.user", userSecurityRef);
191         Entry allEntry = createEntry( ALL_PORTLET, "ST_01.all", defaultSecurityRef);
192         Entry userAnonEntry = createEntry( USERANON_PORTLET, "ST_01.userAnon", userAllAnonViewSecurityRef);
193         
194         assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
195         assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
196         assertEquals( "Anonymous user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, adminEntry, "view"));
197         
198         assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
199         assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
200         assertEquals( "Anonymous user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userEntry, "view"));
201         
202         assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
203         assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
204         assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
205
206         assertEquals( "Admin user has view access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userAnonEntry, "view"));
207         assertEquals( "Admin user has maximize access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userAnonEntry, "maximize"));
208         assertEquals( "Anonymous user has view access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "view"));
209         assertEquals( "Anonymous user has maximize access to " + USERANON_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "maximize"));
210     }
211
212     public void testRolesAndGroups() throws Exception JavaDoc
213     {
214         /*
215          * Create a security entry that looks look like the following
216          *
217          * <security-entry name="powerusers_all-anon_view">
218          * <access action="*">
219          * <allow-if group="apache" role="admin"/>
220          * </access>
221          * </security-entry>
222          */
223         
224         assertEquals( "Using RegistryAccessController",
225         "org.apache.jetspeed.services.security.registry.RegistryAccessController",
226         JetspeedResources.getString("services.PortalAccessController.classname"));
227
228         SecurityEntry paav = createSecurityEntry( "powerusers_all-anon_view", "apache", "admin", null, "*");
229         Registry.addEntry(Registry.SECURITY, (RegistryEntry) paav);
230         assertNotNull( "Getting powerusers_all-anon_view" , Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view"));
231         
232         SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view");
233         Vector JavaDoc accessVector = secEntry.getAccesses();
234         
235         for (Iterator JavaDoc it = accessVector.iterator(); it.hasNext();)
236         {
237             SecurityAccess access = (SecurityAccess) it.next();
238             System.out.println("Action:" + access.getAction().toString());
239             
240             Vector JavaDoc allAllows = access.getAllAllows();
241             for (Iterator JavaDoc it1 = allAllows.iterator(); it1.hasNext();)
242             {
243                 SecurityAllow allow = (SecurityAllow) it1.next();
244                 System.out.println("Allow group: " + allow.getGroup() + ", role: " + allow.getRole() + ", user: " + allow.getUser());
245             }
246         }
247         
248         SecurityReference secRef = new BaseSecurityReference();
249         secRef.setParent("powerusers_all-anon_view");
250         Entry adminEntry = createEntry(ADMIN_PORTLET, "ST_01.apache.admin", secRef);
251                 
252         JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
253         assertNotNull( "Getting turbine user", turbineUser);
254         turbineUser.setHasLoggedIn(Boolean.TRUE);
255
256         try
257         {
258             JetspeedGroupManagement.joinGroup("turbine", "apache", "admin");
259         }
260         catch (Exception JavaDoc e)
261         {
262             e.printStackTrace();
263         }
264         
265         assertEquals( "Turbine user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
266
267         try
268         {
269             JetspeedGroupManagement.unjoinGroup("turbine", "apache", "admin");
270         }
271         catch (Exception JavaDoc e)
272         {
273             e.printStackTrace();
274         }
275
276         assertEquals( "Turbine user has no view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
277     }
278
279     /*
280      * Setup Turbine environment
281      */
282     
283     /*
284      * Configuration object to run Turbine outside a servlet container
285      * ( uses turbine.properties )
286      */
287     private static TurbineConfig config = null;
288     
289     /*
290      * Sets up TurbineConfig using the system property:
291      * <pre>turbine.properties</pre>
292      */
293     static
294     {
295         try
296         {
297             config = new TurbineConfig( "webapp", "/WEB-INF/conf/TurbineResources.properties");
298             config.init();
299         }
300         catch (Exception JavaDoc e)
301         {
302             fail(StringUtils.stackTrace(e));
303         }
304     }
305     
306     private PsmlEntry createEntry(String JavaDoc parent, String JavaDoc entryId, SecurityReference security)
307     {
308         PsmlEntry entry = new PsmlEntry();
309         entry.setParent( parent);
310         if (entryId != null)
311             entry.setId( entryId);
312         if (security != null)
313             entry.setSecurityRef( security);
314         return entry;
315     }
316
317     private SecurityEntry createSecurityEntry( String JavaDoc name, String JavaDoc group, String JavaDoc role, String JavaDoc user, String JavaDoc action)
318     {
319         Vector JavaDoc allowVector = null;
320         if (role != null || group != null || user != null)
321         {
322             BaseSecurityAllow allowElement = new BaseSecurityAllow();
323             allowElement.setRole(role);
324             allowElement.setGroup(group);
325             allowElement.setUser(user);
326             allowVector = new Vector JavaDoc();
327             allowVector.addElement(allowElement);
328         }
329         
330         BaseSecurityAccess accessElement = new BaseSecurityAccess();
331         accessElement.setAction(action);
332         accessElement.setAllows( allowVector );
333         Vector JavaDoc accessVector = new Vector JavaDoc();
334         accessVector.addElement(accessElement);
335         
336         BaseSecurityEntry securityEntry = new BaseSecurityEntry();
337         securityEntry.setName(name);
338         securityEntry.setAccesses( accessVector);
339         return securityEntry;
340     }
341     
342 }
343
Popular Tags