KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > appfuse > service > UserSecurityAdviceTest


1 package org.appfuse.service;
2
3 import org.acegisecurity.AccessDeniedException;
4 import org.acegisecurity.Authentication;
5 import org.acegisecurity.GrantedAuthority;
6 import org.acegisecurity.GrantedAuthorityImpl;
7 import org.acegisecurity.context.SecurityContext;
8 import org.acegisecurity.context.SecurityContextHolder;
9 import org.acegisecurity.context.SecurityContextImpl;
10 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
11 import org.acegisecurity.providers.dao.UserCache;
12 import org.appfuse.Constants;
13 import org.appfuse.dao.UserDao;
14 import org.appfuse.model.Role;
15 import org.appfuse.model.User;
16 import org.jmock.Mock;
17 import org.springframework.context.ApplicationContext;
18 import org.springframework.context.support.ClassPathXmlApplicationContext;
19
20 public class UserSecurityAdviceTest extends BaseManagerTestCase {
21     Mock userDao = null;
22     ApplicationContext ctx = null;
23     SecurityContext initialSecurityContext = null;
24
25     protected void setUp() throws Exception JavaDoc {
26         super.setUp();
27         
28         // store initial security context for later restoration
29 initialSecurityContext = SecurityContextHolder.getContext();
30         
31         SecurityContext context = new SecurityContextImpl();
32         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user",
33                 "password",
34                 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.USER_ROLE)});
35         context.setAuthentication(token);
36         SecurityContextHolder.setContext(context);
37     }
38
39     protected void tearDown() {
40         SecurityContextHolder.setContext(initialSecurityContext);
41     }
42     
43     public void testAddUserWithoutAdminRole() throws Exception JavaDoc {
44         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
45         assertTrue(auth.isAuthenticated());
46         UserManager userManager = makeInterceptedTarget();
47         User user = new User("admin");
48
49         try {
50             userManager.saveUser(user);
51             fail("AccessDeniedException not thrown");
52         } catch (AccessDeniedException expected) {
53             assertNotNull(expected);
54             assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
55         }
56     }
57
58     public void testAddUserAsAdmin() throws Exception JavaDoc {
59         SecurityContext context = new SecurityContextImpl();
60         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin",
61                 "password",
62                 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.ADMIN_ROLE)});
63         context.setAuthentication(token);
64         SecurityContextHolder.setContext(context);
65
66         UserManager userManager = makeInterceptedTarget();
67         User user = new User("admin");
68
69         userDao.expects(once()).method("saveUser");
70         userManager.saveUser(user);
71         userDao.verify();
72     }
73
74     public void testUpdateUserProfile() throws Exception JavaDoc {
75         UserManager userManager = makeInterceptedTarget();
76         User user = new User("user");;
77         user.getRoles().add(new Role(Constants.USER_ROLE));
78
79         userDao.expects(once()).method("saveUser");
80         userManager.saveUser(user);
81         userDao.verify();
82     }
83
84     // Test fix to http://issues.appfuse.org/browse/APF-96
85 public void testChangeToAdminRoleFromUserRole() throws Exception JavaDoc {
86         UserManager userManager = makeInterceptedTarget();
87         User user = new User("user");
88         user.getRoles().add(new Role(Constants.ADMIN_ROLE));
89
90         try {
91             userManager.saveUser(user);
92             fail("AccessDeniedException not thrown");
93         } catch (AccessDeniedException expected) {
94             assertNotNull(expected);
95             assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
96         }
97     }
98
99     // Test fix to http://issues.appfuse.org/browse/APF-96
100 public void testAddAdminRoleWhenAlreadyHasUserRole() throws Exception JavaDoc {
101         UserManager userManager = makeInterceptedTarget();
102         User user = new User("user");
103         user.getRoles().add(new Role(Constants.ADMIN_ROLE));
104         user.getRoles().add(new Role(Constants.USER_ROLE));
105
106         try {
107             userManager.saveUser(user);
108             fail("AccessDeniedException not thrown");
109         } catch (AccessDeniedException expected) {
110             assertNotNull(expected);
111             assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
112         }
113     }
114
115         // Test fix to http://issues.appfuse.org/browse/APF-96
116 public void testAddUserRoleWhenHasAdminRole() throws Exception JavaDoc {
117         SecurityContext context = new SecurityContextImpl();
118         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user",
119                 "password",
120                 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.ADMIN_ROLE)});
121         context.setAuthentication(token);
122         SecurityContextHolder.setContext(context);
123
124         UserManager userManager = (UserManager) makeInterceptedTarget();
125         User user = new User("user");
126         user.getRoles().add(new Role(Constants.ADMIN_ROLE));
127         user.getRoles().add(new Role(Constants.USER_ROLE));
128
129         userDao.expects(once()).method("saveUser");
130         userManager.saveUser(user);
131         userDao.verify();
132     }
133
134     // Test fix to http://issues.appfuse.org/browse/APF-96
135 public void testUpdateUserWithUserRole() throws Exception JavaDoc {
136         UserManager userManager = makeInterceptedTarget();
137         User user = new User("user");
138         user.getRoles().add(new Role(Constants.USER_ROLE));
139
140         userDao.expects(once()).method("saveUser");
141         userManager.saveUser(user);
142         userDao.verify();
143     }
144     
145     // Test removing user from cache after update
146 public void testRemoveUserFromCache() throws Exception JavaDoc {
147         SecurityContext context = new SecurityContextImpl();
148         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user",
149                 "password",
150                 new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.ADMIN_ROLE)});
151         context.setAuthentication(token);
152         SecurityContextHolder.setContext(context);
153         
154         UserManager userManager = makeInterceptedTarget();
155         
156         UserCache cache = (UserCache) ctx.getBean("userCache");
157         User user = new User("cacheduser");
158         user.setVersion(new Integer JavaDoc(1));
159         user.getRoles().add(new Role(Constants.USER_ROLE));
160         cache.putUserInCache(user);
161         
162         assertNotNull(cache.getUserFromCache(user.getUsername().toLowerCase()));
163         
164         userDao.expects(once()).method("saveUser");
165         userManager.saveUser(user);
166         assertNull(cache.getUserFromCache(user.getUsername()));
167     }
168
169     private UserManager makeInterceptedTarget() {
170         ctx = new ClassPathXmlApplicationContext("org/appfuse/service/applicationContext-test.xml");
171
172         UserManager userManager = (UserManager) ctx.getBean("target");
173
174         // Mock the userDao
175 userDao = new Mock(UserDao.class);
176         userManager.setUserDao((UserDao) userDao.proxy());
177         return userManager;
178     }
179 }
180
Popular Tags