1 22 package org.jboss.test.security.test; 23 24 import java.security.Permissions ; 25 import javax.security.jacc.WebUserDataPermission ; 26 27 import junit.framework.TestCase; 28 29 34 public class WebUserDataPermissionUnitTestCase 35 extends TestCase 36 { 37 38 public WebUserDataPermissionUnitTestCase(String name) 39 { 40 super(name); 41 } 42 43 public void testCtor2() throws Exception 44 { 45 String nullActions = null; 46 WebUserDataPermission p = new WebUserDataPermission ("/", nullActions); 47 String actions = p.getActions(); 48 assertTrue("actions("+actions+") == null", actions == null); 49 50 p = new WebUserDataPermission ("", "POST"); 51 actions = p.getActions(); 52 assertTrue("actions("+actions+") == POST", actions.equals("POST")); 53 54 p = new WebUserDataPermission ("/", "POST"); 55 actions = p.getActions(); 56 assertTrue("actions("+actions+") == POST", actions.equals("POST")); 57 58 p = new WebUserDataPermission ("/", "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE"); 59 actions = p.getActions(); 60 assertTrue("actions("+actions+") == null", actions == null); 61 62 p = new WebUserDataPermission ("/", "TRACE,GET,DELETE"); 63 actions = p.getActions(); 64 assertTrue("actions("+actions+") == DELETE,GET,TRACE", 65 actions.equals("DELETE,GET,TRACE")); 66 67 p = new WebUserDataPermission ("/", "TRACE,GET,DELETE:NONE"); 68 actions = p.getActions(); 69 assertTrue("actions("+actions+") == DELETE,GET,TRACE", 70 actions.equals("DELETE,GET,TRACE")); 71 72 p = new WebUserDataPermission ("/", "TRACE,GET,DELETE:CONFIDENTIAL"); 73 actions = p.getActions(); 74 assertTrue("actions("+actions+") == DELETE,GET,TRACE:CONFIDENTIAL", 75 actions.equals("DELETE,GET,TRACE:CONFIDENTIAL")); 76 } 77 78 public void testImpliesPermission() throws Exception 79 { 80 String nullActions = null; 81 WebUserDataPermission p0 = new WebUserDataPermission ("/", nullActions); 82 WebUserDataPermission p1 = new WebUserDataPermission ("/", "GET"); 83 assertTrue("p0.implies(p1)", p0.implies(p1)); 84 85 p0 = new WebUserDataPermission ("/", ""); 86 assertTrue("p0.implies(p1)", p0.implies(p1)); 87 88 p0 = new WebUserDataPermission ("/", "GET"); 89 assertTrue("p0.implies(p1)", p0.implies(p1)); 90 91 p1 = new WebUserDataPermission ("", "GET"); 92 assertTrue("p0.implies(p1)", p0.implies(p1)); 93 94 p0 = new WebUserDataPermission ("/*", nullActions); 95 p1 = new WebUserDataPermission ("/any", "GET"); 96 assertTrue("p0.implies(p1)", p0.implies(p1)); 97 98 p0 = new WebUserDataPermission ("/*", "GET"); 99 p1 = new WebUserDataPermission ("/any", "GET"); 100 assertTrue("p0.implies(p1)", p0.implies(p1)); 101 102 p0 = new WebUserDataPermission ("/any/*", "GET"); 103 p1 = new WebUserDataPermission ("/any", "GET"); 104 assertTrue("p0.implies(p1)", p0.implies(p1)); 105 106 p1 = new WebUserDataPermission ("/any/", "GET"); 107 assertTrue("p0.implies(p1)", p0.implies(p1)); 108 109 p0 = new WebUserDataPermission ("/any/more/*", "GET"); 110 p1 = new WebUserDataPermission ("/any/more/andsome", "GET"); 111 assertTrue("p0.implies(p1)", p0.implies(p1)); 112 113 p0 = new WebUserDataPermission ("*.jsp", "POST,GET"); 114 p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST"); 115 assertTrue("p0.implies(p1)", p0.implies(p1)); 116 117 p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST:NONE"); 118 assertTrue("p0.implies(p1)", p0.implies(p1)); 119 120 p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE"); 121 assertTrue("p0.implies(p1)", p0.implies(p1)); 122 123 p0 = new WebUserDataPermission ("/snoop.jsp", "POST,GET,TRACE"); 124 assertTrue("p0.implies(p1)", p0.implies(p1)); 125 126 p0 = new WebUserDataPermission ("/:/secured.jsp:/unchecked.jsp:/excluded.jsp:/sslprotected.jsp", "POST,GET"); 127 p1 = new WebUserDataPermission ("/:/secured.jsp:/excluded.jsp:/sslprotected.jsp:/unchecked.jsp", "GET,POST"); 128 assertTrue("p0.implies(p1)", p0.implies(p1)); 129 130 p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:NONE"); 131 p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST"); 132 assertTrue("p0.implies(p1)", p0.implies(p1)); 133 134 p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:CONFIDENTIAL"); 135 p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST:CONFIDENTIAL"); 136 assertTrue("p0.implies(p1)", p0.implies(p1)); 137 } 138 139 public void testNotImpliesPermission() throws Exception 140 { 141 String nullActions = null; 142 WebUserDataPermission p0 = new WebUserDataPermission ("/", "GET"); 143 WebUserDataPermission p1 = new WebUserDataPermission ("/", nullActions); 144 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 145 146 p1 = new WebUserDataPermission ("/", "POST"); 147 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 148 149 p0 = new WebUserDataPermission ("", ""); 150 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 151 152 p1 = new WebUserDataPermission ("/", "GET,POST"); 153 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 154 155 p0 = new WebUserDataPermission ("/any/*", "GET"); 156 p1 = new WebUserDataPermission ("/anymore", "GET"); 157 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 158 159 p1 = new WebUserDataPermission ("/anyx", "GET"); 160 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 161 162 p1 = new WebUserDataPermission ("/any/more", "GET,POST"); 163 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 164 165 p0 = new WebUserDataPermission ("/*", "GET"); 166 p1 = new WebUserDataPermission ("/anyx", "GET,POST"); 167 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 168 169 p0 = new WebUserDataPermission ("*.jsp", "GET"); 170 p1 = new WebUserDataPermission ("/", "GET"); 171 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 172 173 p0 = new WebUserDataPermission ("*.jsp", "GET"); 174 p1 = new WebUserDataPermission ("/*", "GET"); 175 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 176 177 p0 = new WebUserDataPermission ("*.jsp", "GET"); 178 p1 = new WebUserDataPermission ("/jsp", "GET"); 179 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 180 181 p0 = new WebUserDataPermission ("*.jsp", "GET"); 182 p1 = new WebUserDataPermission ("/snoop,jsp", "GET"); 183 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 184 185 p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:CONFIDENTIAL"); 186 p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST"); 187 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 188 189 p0 = new WebUserDataPermission ("*.jsp", "POST,GET,TRACE:CONFIDENTIAL"); 190 p1 = new WebUserDataPermission ("/snoop.jsp", "GET,POST:INTEGRAL"); 191 assertTrue("! p0.implies(p1)", p0.implies(p1) == false); 192 } 193 194 public void testMatch() 195 { 196 Permissions perms = new Permissions (); 197 WebUserDataPermission p = new WebUserDataPermission ("/protected/exact/get/roleA", 198 "DELETE,HEAD,OPTIONS,POST,PUT,TRACEL"); 199 perms.add(p); 200 p = new WebUserDataPermission ("/protected/exact/get/roleA", "GET"); 201 perms.add(p); 202 203 p = new WebUserDataPermission ("/protected/exact/get/roleA", null); 204 assertFalse("/protected/exact/get/roleA null is implied", perms.implies(p)); 205 } 206 207 public void testQualifiedPatterns() 208 { 209 try 210 { 211 214 WebUserDataPermission p = new WebUserDataPermission ("/:/*", ""); 215 fail("Should not have been able to use a pattern with matching qualifiying pattern"); 216 } 217 catch(IllegalArgumentException e) 218 { 219 } 221 222 try 223 { 224 229 WebUserDataPermission p = new WebUserDataPermission ("/*:*.ext", ""); 230 fail("Should not have been able to use a pattern with extension qualifiying pattern"); 231 } 232 catch(IllegalArgumentException e) 233 { 234 } 236 237 try 238 { 239 243 WebUserDataPermission p = new WebUserDataPermission ("*.ext:*.ext2", ""); 244 fail("Should not have been able to use an extension in qualifiying pattern"); 245 } 246 catch(IllegalArgumentException e) 247 { 248 } 250 251 try 252 { 253 257 WebUserDataPermission p0 = new WebUserDataPermission ("/:/", ""); 258 fail("Should not have been able to use the default pattern in qualifiying pattern"); 259 } 260 catch(IllegalArgumentException e) 261 { 262 } 264 265 try 266 { 267 270 WebUserDataPermission p0 = new WebUserDataPermission ("/exact:/*", ""); 271 fail("Should not have been able to use a qualifiying pattern"); 272 } 273 catch(IllegalArgumentException e) 274 { 275 } 277 } 278 } 279 | Popular Tags |