1 22 package org.jboss.test.jacc.test.portal; 23 24 import java.security.Policy ; 25 import java.security.Principal ; 26 import java.security.ProtectionDomain ; 27 import java.security.acl.Group ; 28 29 import javax.security.auth.Subject ; 30 import javax.security.jacc.PolicyConfiguration ; 31 import javax.security.jacc.PolicyConfigurationFactory ; 32 import javax.security.jacc.PolicyContext ; 33 34 import org.jboss.security.SecurityAssociation; 35 import org.jboss.security.SimpleGroup; 36 import org.jboss.security.SimplePrincipal; 37 import org.jboss.security.jacc.DelegatingPolicy; 38 import org.jboss.security.jacc.SubjectPolicyContextHandler; 39 import org.jboss.test.JBossTestCase; 40 41 43 50 public class BasePortalJaccTestCase extends JBossTestCase 51 { 52 protected PolicyConfiguration pc = null; 53 54 public BasePortalJaccTestCase(String name) 55 { 56 super(name); 57 } 58 59 public void setUp() 60 { 61 Policy policy = Policy.getPolicy(); 62 if(policy instanceof DelegatingPolicy == false) 63 { 64 policy = new DelegatingPolicy(); 66 } 67 Class [] ext = new Class [] {PortalPermission.class}; 69 70 ((DelegatingPolicy)policy).setExternalPermissionTypes(ext); 71 Policy.setPolicy(policy); 72 policy.refresh(); 74 } 75 76 protected void checkAdminAccess(Policy policy) throws Exception 77 { 78 PortalObjectPermission callerperm = getPortalObjectPermission("/"); 80 ProtectionDomain pd = getProtectionDomain("testAdmin", "admin"); 81 assertTrue("Admin can access context?", policy.implies(pd, callerperm)); 82 83 callerperm = getPortalObjectPermission("/default"); 85 assertTrue("Admin can access portal?", policy.implies(pd, callerperm)); 86 87 callerperm = getPortalObjectPermission("/default/default"); 89 assertTrue("Admin can access page?", policy.implies(pd, callerperm)); 90 91 callerperm = getPortalObjectPermission("/default/default/a"); 93 assertTrue("Admin can access window?", policy.implies(pd, callerperm)); 94 } 95 96 protected void checkEmployeeAccess(Policy policy) throws Exception 97 { 98 PortalObjectPermission callerperm = getPortalObjectPermission("/"); 100 ProtectionDomain pd = getProtectionDomain("testEmployee", "employee"); 101 assertFalse("Employee can't access context?", policy.implies(pd, callerperm)); 102 103 callerperm = getPortalObjectPermission("/default"); 105 assertTrue("Employee can access portal?", policy.implies(pd, callerperm)); 106 107 callerperm = getPortalObjectPermission("/default/default"); 109 assertTrue("Employee can access page?", policy.implies(pd, callerperm)); 110 111 callerperm = getPortalObjectPermission("/default/default/a"); 113 assertTrue("Employee can access window?", policy.implies(pd, callerperm)); 114 115 callerperm = getPortalObjectPermission("/someportal"); 116 assertFalse("Employee cant access someportal?", policy.implies(pd, callerperm)); 117 } 118 119 protected void checkBadEmployeeAccess(Policy policy) throws Exception 120 { 121 PortalObjectPermission callerperm = getPortalObjectPermission("/"); 123 ProtectionDomain pd = getProtectionDomain("testBadEmployee", "bademployee"); 124 assertFalse("BadEmployee can't access context?", policy.implies(pd, callerperm)); 125 126 callerperm = getPortalObjectPermission("/default"); 128 assertFalse("BadEmployee can't access portal?", policy.implies(pd, callerperm)); 129 130 callerperm = getPortalObjectPermission("/default/default"); 132 assertFalse("BadEmployee can't access page?", policy.implies(pd, callerperm)); 133 134 callerperm = getPortalObjectPermission("/default/default/a"); 136 assertFalse("BadEmployee can't access window?", policy.implies(pd, callerperm)); 137 } 138 139 protected void checkJanitorAccess(Policy policy) throws Exception 140 { 141 PortalObjectPermission callerperm = getPortalObjectPermission("/"); 143 ProtectionDomain pd = getProtectionDomain("testJanitor", "janitor"); 144 assertFalse("Janitor can't access context?", policy.implies(pd, callerperm)); 145 146 callerperm = getPortalObjectPermission("/default"); 148 assertFalse("Janitor can't access portal?", policy.implies(pd, callerperm)); 149 150 callerperm = getPortalObjectPermission("/default/default"); 152 assertFalse("Janitor can't access page?", policy.implies(pd, callerperm)); 153 154 callerperm = getPortalObjectPermission("/default/default/a"); 156 assertTrue("Janitor can access window?", policy.implies(pd, callerperm)); 157 } 158 159 protected ProtectionDomain getProtectionDomain(String username, String role) throws Exception 160 { 161 Group gp = new SimpleGroup("Roles"); 162 gp.addMember(new SimplePrincipal(role)); 163 Principal sp = new SimplePrincipal(username); 164 prepareAndSetAuthenticatedSubject(sp,gp); 165 return new ProtectionDomain (null,null,null,new Principal [] { sp,gp} ); 166 } 167 168 protected PolicyConfiguration getPolicyConfiguration(String ctx) throws Exception 169 { 170 PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory(); 171 pc = pcf.getPolicyConfiguration(ctx, true); 172 assertNotNull("PolicyConfiguration is not null", pc); 173 return pc; 174 } 175 176 protected PortalObjectPermission getPortalObjectPermission(String uri) 177 { 178 return new PortalObjectPermission(uri, "view"); 179 } 180 181 190 private void prepareAndSetAuthenticatedSubject(Principal p , Group gp) throws Exception 191 { 192 Subject subject = new Subject (); 193 subject.getPrincipals().add(p); 194 subject.getPrincipals().add(gp); 195 196 SecurityAssociation.setSubject(subject); 197 SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler(); 199 PolicyContext.registerHandler(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY, 200 handler, true); 201 } 202 203 } 204 | Popular Tags |