Java > Open Source Codes > org > jboss > test > security > test > WebUserDataPermissionUnitTestCase


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.test.security.test;
23
24 import java.security.Permissions ;
25 import javax.security.jacc.WebUserDataPermission ;
26
27 import junit.framework.TestCase;
28
29 /** Tests of the JAAC WebUserDataPermission
30  *
31  * @author Scott.Stark@jboss.org
32  * @version $Revision: 37406 $
33  */
34 public class WebUserDataPermissionUnitTestCase
35    extends TestCase
36 {
37
38    public WebUserDataPermissionUnitTestCase(String name)
39    {
40       super(name);
41    }
42
43    public void testCtor2() throws Exception
44    {
45       String nullActions = null;
46       WebUserDataPermission p = new WebUserDataPermission ("/", nullActions);
47       String actions = p.getActions();
48       assertTrue("actions("+actions+") == null", actions == null);
49       
50       p = new WebUserDataPermission ("", "POST");
51       actions = p.getActions();
52       assertTrue("actions("+actions+") == POST", actions.equals("POST"));
53
54       p = new WebUserDataPermission ("/", "POST");
55       actions = p.getActions();
56       assertTrue("actions("+actions+") == POST", actions.equals("POST"));
57
58       p = new WebUserDataPermission ("/", "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE");
59       actions = p.getActions();
60       assertTrue("actions("+actions+") == null", actions == null);
61
62       p = new WebUserDataPermission ("/", "TRACE,GET,DELETE");
63       actions = p.getActions();
64       assertTrue("actions("+actions+") == DELETE,GET,TRACE",
65          actions.equals("DELETE,GET,TRACE"));
66
67       p = new WebUserDataPermission ("/", "TRACE,GET,DELETE:NONE");
68       actions = p.getActions();
69       assertTrue("actions("+actions+") == DELETE,GET,TRACE",
70          actions.equals("DELETE,GET,TRACE"));
71
72       p = new WebUserDataPermission ("/", "TRACE,GET,DELETE:CONFIDENTIAL");
73       actions = p.getActions();
74       assertTrue("actions("+actions+") == DELETE,GET,TRACE:CONFIDENTIAL",
75          actions.equals("DELETE,GET,TRACE:CONFIDENTIAL"));
76    }
77
78    public void testImpliesPermission() throws Exception
79    {
80       String nullActions = null;
81       WebUserDataPermission p0 = new WebUserDataPermission ("/", nullActions);
82       WebUserDataPermission p1 = new WebUserDataPermission ("/", "GET");
83       assertTrue("p0.implies(p1)", p0.implies(p1));
84
85       p0 = new WebUserDataPermission ("/", "");
86       assertTrue("p0.implies(p1)", p0.implies(p1));
87
88       p0 = new WebUserDataPermission ("/", "GET");
89       assertTrue("p0.implies(p1)", p0.implies(p1));
90
91       p1 = new WebUserDataPermission ("", "GET");
92       assertTrue("p0.implies(p1)", p0.implies(p1));
93
94       p0 = new WebUserDataPermission ("/*", nullActions);
95       p1 = new WebUserDataPermission ("/any", "GET");
96       assertTrue("p0.implies(p1)", p0.implies(p1));
97
98       p0 = new WebUserDataPermission ("/*", "GET");
99       p1 = new WebUserDataPermission ("/any", "GET");
100       assertTrue("p0.implies(p1)", p0.implies(p1));
101
102       p0 = new WebUserDataPermission ("/any/*", "GET");
103       p1 = new WebUserDataPermission ("/any", "GET");
104       assertTrue("p0.implies(p1)", p0.implies(p1));
105
106       p1 = new WebUserDataPermission ("/any/", "GET");
107       assertTrue("p0.implies(p1)", p0.implies(p1));
108
109       p0 = new WebUserDataPermission ("/any/more/*", "GET");
110       p1 = new WebUserDataPermission ("/any/more/andsome", "GET");
111       assertTrue("p0.implies(p1)", p0.implies(p1));
112
113       p0 = new WebUserDataPermission ("*.jsp", "POST,GET");
114       p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST");
115       assertTrue("p0.implies(p1)", p0.implies(p1));
116
117       p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST:NONE");
118       assertTrue("p0.implies(p1)", p0.implies(p1));
119
120       p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE");
121       assertTrue("p0.implies(p1)", p0.implies(p1));
122
123       p0 = new WebUserDataPermission ("/snoop.jsp", "POST,GET,TRACE");
124       assertTrue("p0.implies(p1)", p0.implies(p1));
125
126       p0 = new WebUserDataPermission ("/:/secured.jsp:/unchecked.jsp:/excluded.jsp:/sslprotected.jsp", "POST,GET");
127       p1 = new WebUserDataPermission ("/:/secured.jsp:/excluded.jsp:/sslprotected.jsp:/unchecked.jsp", "GET,POST");
128       assertTrue("p0.implies(p1)", p0.implies(p1));
129       
130       p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:NONE");
131       p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST");
132       assertTrue("p0.implies(p1)", p0.implies(p1));
133
134       p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:CONFIDENTIAL");
135       p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST:CONFIDENTIAL");
136       assertTrue("p0.implies(p1)", p0.implies(p1));
137    }
138
139    public void testNotImpliesPermission() throws Exception
140    {
141       String nullActions = null;
142       WebUserDataPermission p0 = new WebUserDataPermission ("/", "GET");
143       WebUserDataPermission p1 = new WebUserDataPermission ("/", nullActions);
144       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
145
146       p1 = new WebUserDataPermission ("/", "POST");
147       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
148
149       p0 = new WebUserDataPermission ("", "");
150       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
151
152       p1 = new WebUserDataPermission ("/", "GET,POST");
153       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
154
155       p0 = new WebUserDataPermission ("/any/*", "GET");
156       p1 = new WebUserDataPermission ("/anymore", "GET");
157       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
158
159       p1 = new WebUserDataPermission ("/anyx", "GET");
160       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
161
162       p1 = new WebUserDataPermission ("/any/more", "GET,POST");
163       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
164
165       p0 = new WebUserDataPermission ("/*", "GET");
166       p1 = new WebUserDataPermission ("/anyx", "GET,POST");
167       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
168
169       p0 = new WebUserDataPermission ("*.jsp", "GET");
170       p1 = new WebUserDataPermission ("/", "GET");
171       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
172
173       p0 = new WebUserDataPermission ("*.jsp", "GET");
174       p1 = new WebUserDataPermission ("/*", "GET");
175       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
176
177       p0 = new WebUserDataPermission ("*.jsp", "GET");
178       p1 = new WebUserDataPermission ("/jsp", "GET");
179       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
180
181       p0 = new WebUserDataPermission ("*.jsp", "GET");
182       p1 = new WebUserDataPermission ("/snoop,jsp", "GET");
183       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
184
185       p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:CONFIDENTIAL");
186       p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST");
187       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
188
189       p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:CONFIDENTIAL");
190       p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST:INTEGRAL");
191       assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
192    }
193
194    public void testMatch()
195    {
196       Permissions perms = new Permissions ();
197       WebUserDataPermission p = new WebUserDataPermission ("/protected/exact/get/roleA",
198          "DELETE,HEAD,OPTIONS,POST,PUT,TRACEL");
199       perms.add(p);
200       p = new WebUserDataPermission ("/protected/exact/get/roleA", "GET");
201       perms.add(p);
202
203       p = new WebUserDataPermission ("/protected/exact/get/roleA", null);
204       assertFalse("/protected/exact/get/roleA null is implied", perms.implies(p));
205    }
206
207    public void testQualifiedPatterns()
208    {
209       try
210       {
211          /* No pattern may exist in the URLPatternList that matches
212          the first pattern.
213          */
214          WebUserDataPermission p = new WebUserDataPermission ("/:/*", "");
215          fail("Should not have been able to use a pattern with matching qualifiying pattern");
216       }
217       catch(IllegalArgumentException e)
218       {
219          // Failed as expected
220 }
221
222       try
223       {
224          /* If the first pattern is a path-prefix pattern, only exact
225          patterns matched by the first pattern and path-prefix patterns
226          matched by, but different from, the first pattern may occur
227          in the URLPatternList.
228          */
229          WebUserDataPermission p = new WebUserDataPermission ("/*:*.ext", "");
230          fail("Should not have been able to use a pattern with extension qualifiying pattern");
231       }
232       catch(IllegalArgumentException e)
233       {
234          // Failed as expected
235 }
236       
237       try
238       {
239          /* If the first pattern is an extension pattern, only exact
240          patterns that are matched by the first pattern and path-prefix
241          patterns may occur in the URLPatternList.
242          */
243          WebUserDataPermission p = new WebUserDataPermission ("*.ext:*.ext2", "");
244          fail("Should not have been able to use an extension in qualifiying pattern");
245       }
246       catch(IllegalArgumentException e)
247       {
248          // Failed as expected
249 }
250
251       try
252       {
253          /* If the first pattern is the default pattern, "/", any
254          pattern except the default pattern may occur in the
255          URLPatternList.
256          */
257          WebUserDataPermission p0 = new WebUserDataPermission ("/:/", "");
258          fail("Should not have been able to use the default pattern in qualifiying pattern");
259       }
260       catch(IllegalArgumentException e)
261       {
262          // Failed as expected
263 }
264
265       try
266       {
267          /* If the first pattern is an exact pattern a URLPatternList
268          must not be present in the URLPatternSpec.
269          */
270          WebUserDataPermission p0 = new WebUserDataPermission ("/exact:/*", "");
271          fail("Should not have been able to use a qualifiying pattern");
272       }
273       catch(IllegalArgumentException e)
274       {
275          // Failed as expected
276 }
277    }
278 }
279

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags