1 package org.appfuse.service; 2 3 import org.acegisecurity.AccessDeniedException; 4 import org.acegisecurity.Authentication; 5 import org.acegisecurity.GrantedAuthority; 6 import org.acegisecurity.GrantedAuthorityImpl; 7 import org.acegisecurity.context.SecurityContext; 8 import org.acegisecurity.context.SecurityContextHolder; 9 import org.acegisecurity.context.SecurityContextImpl; 10 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; 11 import org.acegisecurity.providers.dao.UserCache; 12 import org.appfuse.Constants; 13 import org.appfuse.dao.UserDao; 14 import org.appfuse.model.Role; 15 import org.appfuse.model.User; 16 import org.jmock.Mock; 17 import org.springframework.context.ApplicationContext; 18 import org.springframework.context.support.ClassPathXmlApplicationContext; 19 20 public class UserSecurityAdviceTest extends BaseManagerTestCase { 21 Mock userDao = null; 22 ApplicationContext ctx = null; 23 SecurityContext initialSecurityContext = null; 24 25 protected void setUp() throws Exception { 26 super.setUp(); 27 28 initialSecurityContext = SecurityContextHolder.getContext(); 30 31 SecurityContext context = new SecurityContextImpl(); 32 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", 33 "password", 34 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.USER_ROLE)}); 35 context.setAuthentication(token); 36 SecurityContextHolder.setContext(context); 37 } 38 39 protected void tearDown() { 40 SecurityContextHolder.setContext(initialSecurityContext); 41 } 42 43 public void testAddUserWithoutAdminRole() throws Exception { 44 Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 45 assertTrue(auth.isAuthenticated()); 46 UserManager userManager = makeInterceptedTarget(); 47 User user = new User("admin"); 48 49 try { 50 userManager.saveUser(user); 51 fail("AccessDeniedException not thrown"); 52 } catch (AccessDeniedException expected) { 53 assertNotNull(expected); 54 assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); 55 } 56 } 57 58 public void testAddUserAsAdmin() throws Exception { 59 SecurityContext context = new SecurityContextImpl(); 60 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin", 61 "password", 62 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.ADMIN_ROLE)}); 63 context.setAuthentication(token); 64 SecurityContextHolder.setContext(context); 65 66 UserManager userManager = makeInterceptedTarget(); 67 User user = new User("admin"); 68 69 userDao.expects(once()).method("saveUser"); 70 userManager.saveUser(user); 71 userDao.verify(); 72 } 73 74 public void testUpdateUserProfile() throws Exception { 75 UserManager userManager = makeInterceptedTarget(); 76 User user = new User("user");; 77 user.getRoles().add(new Role(Constants.USER_ROLE)); 78 79 userDao.expects(once()).method("saveUser"); 80 userManager.saveUser(user); 81 userDao.verify(); 82 } 83 84 public void testChangeToAdminRoleFromUserRole() throws Exception { 86 UserManager userManager = makeInterceptedTarget(); 87 User user = new User("user"); 88 user.getRoles().add(new Role(Constants.ADMIN_ROLE)); 89 90 try { 91 userManager.saveUser(user); 92 fail("AccessDeniedException not thrown"); 93 } catch (AccessDeniedException expected) { 94 assertNotNull(expected); 95 assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); 96 } 97 } 98 99 public void testAddAdminRoleWhenAlreadyHasUserRole() throws Exception { 101 UserManager userManager = makeInterceptedTarget(); 102 User user = new User("user"); 103 user.getRoles().add(new Role(Constants.ADMIN_ROLE)); 104 user.getRoles().add(new Role(Constants.USER_ROLE)); 105 106 try { 107 userManager.saveUser(user); 108 fail("AccessDeniedException not thrown"); 109 } catch (AccessDeniedException expected) { 110 assertNotNull(expected); 111 assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); 112 } 113 } 114 115 public void testAddUserRoleWhenHasAdminRole() throws Exception { 117 SecurityContext context = new SecurityContextImpl(); 118 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", 119 "password", 120 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.ADMIN_ROLE)}); 121 context.setAuthentication(token); 122 SecurityContextHolder.setContext(context); 123 124 UserManager userManager = (UserManager) makeInterceptedTarget(); 125 User user = new User("user"); 126 user.getRoles().add(new Role(Constants.ADMIN_ROLE)); 127 user.getRoles().add(new Role(Constants.USER_ROLE)); 128 129 userDao.expects(once()).method("saveUser"); 130 userManager.saveUser(user); 131 userDao.verify(); 132 } 133 134 public void testUpdateUserWithUserRole() throws Exception { 136 UserManager userManager = makeInterceptedTarget(); 137 User user = new User("user"); 138 user.getRoles().add(new Role(Constants.USER_ROLE)); 139 140 userDao.expects(once()).method("saveUser"); 141 userManager.saveUser(user); 142 userDao.verify(); 143 } 144 145 public void testRemoveUserFromCache() throws Exception { 147 SecurityContext context = new SecurityContextImpl(); 148 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", 149 "password", 150 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.ADMIN_ROLE)}); 151 context.setAuthentication(token); 152 SecurityContextHolder.setContext(context); 153 154 UserManager userManager = makeInterceptedTarget(); 155 156 UserCache cache = (UserCache) ctx.getBean("userCache"); 157 User user = new User("cacheduser"); 158 user.setVersion(new Integer (1)); 159 user.getRoles().add(new Role(Constants.USER_ROLE)); 160 cache.putUserInCache(user); 161 162 assertNotNull(cache.getUserFromCache(user.getUsername().toLowerCase())); 163 164 userDao.expects(once()).method("saveUser"); 165 userManager.saveUser(user); 166 assertNull(cache.getUserFromCache(user.getUsername())); 167 } 168 169 private UserManager makeInterceptedTarget() { 170 ctx = new ClassPathXmlApplicationContext("org/appfuse/service/applicationContext-test.xml"); 171 172 UserManager userManager = (UserManager) ctx.getBean("target"); 173 174 userDao = new Mock(UserDao.class); 176 userManager.setUserDao((UserDao) userDao.proxy()); 177 return userManager; 178 } 179 } 180 | Popular Tags |