KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > security > test > WebResourcePermissionUnitTestCase


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */

22 package org.jboss.test.security.test;
23
24 import java.security.Permissions JavaDoc;
25 import javax.security.jacc.WebResourcePermission JavaDoc;
26
27 import junit.framework.TestCase;
28
29 /** Tests of the JAAC WebResourcePermission
30  *
31  * @author Scott.Stark@jboss.org
32  * @version $Revision: 37406 $
33  */

34 public class WebResourcePermissionUnitTestCase
35    extends TestCase
36 {
37
38    public WebResourcePermissionUnitTestCase(String JavaDoc name)
39    {
40       super(name);
41    }
42
43    public void testCtor2() throws Exception JavaDoc
44    {
45       String JavaDoc nullActions = null;
46       WebResourcePermission JavaDoc p = new WebResourcePermission JavaDoc("/", nullActions);
47       String JavaDoc actions = p.getActions();
48       assertTrue("actions("+actions+") == null", actions == null);
49
50       p = new WebResourcePermission JavaDoc("", nullActions);
51       actions = p.getActions();
52       assertTrue("actions("+actions+") == null", actions == null);
53
54       String JavaDoc[] emtpy = {};
55       p = new WebResourcePermission JavaDoc("/", emtpy);
56       actions = p.getActions();
57       assertTrue("actions("+actions+") == null", actions == null);
58
59       p = new WebResourcePermission JavaDoc("/", "POST");
60       actions = p.getActions();
61       assertTrue("actions("+actions+") == POST", actions.equals("POST"));
62
63       p = new WebResourcePermission JavaDoc("/", "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE");
64       actions = p.getActions();
65       assertTrue("actions("+actions+") == null", actions == null);
66
67       p = new WebResourcePermission JavaDoc("/", "TRACE,GET,DELETE");
68       actions = p.getActions();
69       assertTrue("actions("+actions+") == DELETE,GET,TRACE",
70          actions.equals("DELETE,GET,TRACE"));
71    }
72
73    public void testImpliesPermission() throws Exception JavaDoc
74    {
75       String JavaDoc nullActions = null;
76       WebResourcePermission JavaDoc p0 = new WebResourcePermission JavaDoc("/", nullActions);
77       WebResourcePermission JavaDoc p1 = new WebResourcePermission JavaDoc("/", "GET");
78       assertTrue("p0.implies(p1)", p0.implies(p1));
79
80       p0 = new WebResourcePermission JavaDoc("/", "");
81       assertTrue("p0.implies(p1)", p0.implies(p1));
82
83       p1 = new WebResourcePermission JavaDoc("", "GET");
84       assertTrue("p0.implies(p1)", p0.implies(p1));
85
86       String JavaDoc[] emtpy = {};
87       p0 = new WebResourcePermission JavaDoc("/", emtpy);
88       assertTrue("p0.implies(p1)", p0.implies(p1));
89
90       p0 = new WebResourcePermission JavaDoc("/", "GET");
91       assertTrue("p0.implies(p1)", p0.implies(p1));
92
93       p0 = new WebResourcePermission JavaDoc("/*", nullActions);
94       p1 = new WebResourcePermission JavaDoc("/any", "GET");
95       assertTrue("p0.implies(p1)", p0.implies(p1));
96
97       p0 = new WebResourcePermission JavaDoc("/*", "GET");
98       p1 = new WebResourcePermission JavaDoc("/any", "GET");
99       assertTrue("p0.implies(p1)", p0.implies(p1));
100
101       p0 = new WebResourcePermission JavaDoc("/any/*", "GET");
102       p1 = new WebResourcePermission JavaDoc("/any", "GET");
103       assertTrue("p0.implies(p1)", p0.implies(p1));
104
105       p1 = new WebResourcePermission JavaDoc("/any/", "GET");
106       assertTrue("p0.implies(p1)", p0.implies(p1));
107
108       p0 = new WebResourcePermission JavaDoc("/any/more/*", "GET");
109       p1 = new WebResourcePermission JavaDoc("/any/more/andsome", "GET");
110       assertTrue("p0.implies(p1)", p0.implies(p1));
111
112       p0 = new WebResourcePermission JavaDoc("*.jsp", "POST,GET");
113       p1 = new WebResourcePermission JavaDoc("/snoop.jsp", "GET,POST");
114       assertTrue("p0.implies(p1)", p0.implies(p1));
115
116       p0 = new WebResourcePermission JavaDoc("*.jsp", "POST,GET,TRACE");
117       assertTrue("p0.implies(p1)", p0.implies(p1));
118
119       p0 = new WebResourcePermission JavaDoc("/snoop.jsp", "POST,GET,TRACE");
120       assertTrue("p0.implies(p1)", p0.implies(p1));
121
122       p0 = new WebResourcePermission JavaDoc("/:/secured.jsp:/unchecked.jsp:/excluded.jsp:/sslprotected.jsp", "POST,GET");
123       p1 = new WebResourcePermission JavaDoc("/:/secured.jsp:/excluded.jsp:/sslprotected.jsp:/unchecked.jsp", "GET,POST");
124       assertTrue("p0.implies(p1)", p0.implies(p1));
125       
126       p0 = new WebResourcePermission JavaDoc("/restricted/*", "DELETE,GET,HEAD,POST,PUT");
127       p1 = new WebResourcePermission JavaDoc("/restricted/SecureServlet", "GET");
128       assertTrue("p0.implies(p1)", p0.implies(p1));
129    }
130
131    public void testNotImpliesPermission() throws Exception JavaDoc
132    {
133       String JavaDoc nullActions = null;
134       WebResourcePermission JavaDoc p0 = new WebResourcePermission JavaDoc("/", "GET");
135       WebResourcePermission JavaDoc p1 = new WebResourcePermission JavaDoc("/", nullActions);
136       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
137
138       p1 = new WebResourcePermission JavaDoc("/", "POST");
139       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
140
141       p1 = new WebResourcePermission JavaDoc("", "GET");
142       assertTrue("! p1.implies(p0)", p1.implies(p0) == false);
143
144       p1 = new WebResourcePermission JavaDoc("/", "GET,POST");
145       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
146
147       p0 = new WebResourcePermission JavaDoc("/any/*", "GET");
148       p1 = new WebResourcePermission JavaDoc("/anymore", "GET");
149       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
150
151       p1 = new WebResourcePermission JavaDoc("/anyx", "GET");
152       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
153
154       p1 = new WebResourcePermission JavaDoc("/any/more", "GET,POST");
155       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
156
157       p0 = new WebResourcePermission JavaDoc("/*", "GET");
158       p1 = new WebResourcePermission JavaDoc("/anyx", "GET,POST");
159       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
160
161       p0 = new WebResourcePermission JavaDoc("*.jsp", "GET");
162       p1 = new WebResourcePermission JavaDoc("/", "GET");
163       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
164
165       p0 = new WebResourcePermission JavaDoc("*.jsp", "GET");
166       p1 = new WebResourcePermission JavaDoc("/*", "GET");
167       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
168
169       p0 = new WebResourcePermission JavaDoc("*.jsp", "GET");
170       p1 = new WebResourcePermission JavaDoc("/jsp", "GET");
171       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
172
173       p0 = new WebResourcePermission JavaDoc("*.jsp", "GET");
174       p1 = new WebResourcePermission JavaDoc("/snoop,jsp", "GET");
175       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
176    }
177
178    public void testBestMatch() throws Exception JavaDoc
179    {
180       WebResourcePermission JavaDoc cp = new WebResourcePermission JavaDoc("/restricted/not", "GET");
181       WebResourcePermission JavaDoc excluded = new WebResourcePermission JavaDoc("/restricted/*", "");
182       WebResourcePermission JavaDoc unchecked = new WebResourcePermission JavaDoc("/restricted/not/*", "");
183       assertTrue("cp is excluded", excluded.implies(cp));
184       assertTrue("cp is unchecked", unchecked.implies(cp));
185
186       assertTrue("unchecked is excluded", excluded.implies(unchecked));
187       assertTrue("excluded is NOT unchecked", unchecked.implies(excluded) == false);
188
189       Permissions JavaDoc excludedPC = new Permissions JavaDoc();
190       excludedPC.add(new WebResourcePermission JavaDoc("/restricted/*", ""));
191       excludedPC.add(new WebResourcePermission JavaDoc("/restricted/get-only/*", "DELETE,HEAD,OPTIONS,POST,PUT,TRACE"));
192       excludedPC.add(new WebResourcePermission JavaDoc("/restricted/post-only/*", "DELETE,HEAD,OPTIONS,POST,PUT,TRACE"));
193       excludedPC.add(new WebResourcePermission JavaDoc("/restricted/put-only/excluded/*", ""));
194       excludedPC.add(new WebResourcePermission JavaDoc("/restricted/get-only/excluded/*", ""));
195       excludedPC.add(new WebResourcePermission JavaDoc("/excluded/*", ""));
196
197       Permissions JavaDoc uncheckedPC = new Permissions JavaDoc();
198       uncheckedPC.add(new WebResourcePermission JavaDoc("/unchecked/*", ""));
199       uncheckedPC.add(new WebResourcePermission JavaDoc("/restricted/post-only/*", "GET"));
200       uncheckedPC.add(new WebResourcePermission JavaDoc("/restricted/not/*", ""));
201       uncheckedPC.add(new WebResourcePermission JavaDoc("/unchecked/*:/restricted/not/*:/restricted/*:/restricted/put-only/excluded/*:/restricted/get-only/excluded/*:/restricted/any/*:/restricted/post-only/*:/restricted/get-only/*:/excluded/*", ""));
202
203       assertTrue("unchecked is in excludedPC", excludedPC.implies(unchecked));
204       assertTrue("excluded is NOT in uncheckedPC", uncheckedPC.implies(excluded) == false);
205       
206    }
207
208    public void testQualifiedMatch()
209    {
210       WebResourcePermission JavaDoc p0 = new WebResourcePermission JavaDoc("/restricted/*:/restricted/any/excluded/*:/restricted/not/*", "");
211       WebResourcePermission JavaDoc p1 = new WebResourcePermission JavaDoc("/restricted/not", "GET");
212       assertFalse("/restricted/not GET is NOT implied", p0.implies(p1));
213    }
214
215    public void testQualifiedPatterns()
216    {
217       try
218       {
219          /* No pattern may exist in the URLPatternList that matches
220          the first pattern.
221          */

222          WebResourcePermission JavaDoc p = new WebResourcePermission JavaDoc("/:/*", "");
223          fail("Should not have been able to use a pattern with matching qualifiying pattern");
224       }
225       catch(IllegalArgumentException JavaDoc e)
226       {
227          // Failed as expected
228
}
229
230       try
231       {
232          /* If the first pattern is a path-prefix pattern, only exact
233          patterns matched by the first pattern and path-prefix patterns
234          matched by, but different from, the first pattern may occur
235          in the URLPatternList.
236          */

237          WebResourcePermission JavaDoc p = new WebResourcePermission JavaDoc("/*:*.ext", "");
238          fail("Should not have been able to use a pattern with extension qualifiying pattern");
239       }
240       catch(IllegalArgumentException JavaDoc e)
241       {
242          // Failed as expected
243
}
244       
245       try
246       {
247          /* If the first pattern is an extension pattern, only exact
248          patterns that are matched by the first pattern and path-prefix
249          patterns may occur in the URLPatternList.
250          */

251          WebResourcePermission JavaDoc p = new WebResourcePermission JavaDoc("*.ext:*.ext2", "");
252          fail("Should not have been able to use an extension in qualifiying pattern");
253       }
254       catch(IllegalArgumentException JavaDoc e)
255       {
256          // Failed as expected
257
}
258
259       try
260       {
261          /* If the first pattern is the default pattern, "/", any
262          pattern except the default pattern may occur in the
263          URLPatternList.
264          */

265          WebResourcePermission JavaDoc p0 = new WebResourcePermission JavaDoc("/:/", "");
266          fail("Should not have been able to use the default pattern in qualifiying pattern");
267       }
268       catch(IllegalArgumentException JavaDoc e)
269       {
270          // Failed as expected
271
}
272
273       try
274       {
275          /* If the first pattern is an exact pattern a URLPatternList
276          must not be present in the URLPatternSpec.
277          */

278          WebResourcePermission JavaDoc p0 = new WebResourcePermission JavaDoc("/exact:/*", "");
279          fail("Should not have been able to use a qualifiying pattern");
280       }
281       catch(IllegalArgumentException JavaDoc e)
282       {
283          // Failed as expected
284
}
285    }
286 }
287
Popular Tags