UncheckedExactWebConstraintsUnitTestCase


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.test.web.security.jacc;
23  
24  import java.security.Policy  ;
25  import java.security.ProtectionDomain  ;
26  import java.util.ArrayList  ;
27  import java.util.List  ;
28  import javax.security.jacc.PolicyConfiguration  ;
29  import javax.security.jacc.PolicyContext  ;
30  import javax.security.jacc.WebResourcePermission  ;
31  
32  import junit.framework.TestCase;
33  import org.jboss.metadata.WebMetaData;
34  import org.jboss.metadata.WebSecurityMetaData;
35  import org.jboss.security.SimplePrincipal;
36  import org.jboss.security.jacc.DelegatingPolicy;
37  import org.jboss.security.jacc.JBossPolicyConfigurationFactory;
38  import org.jboss.web.WebPermissionMapping;
39  
40  /**
41   * Test 
42   * @author Scott.Stark@jboss.org
43   * @version $Revision: 37459 $
44   */
45  public class UncheckedExactWebConstraintsUnitTestCase extends TestCase
46  {
47     private PolicyConfiguration   pc;
48  
49     public void testUncheckedExact() throws Exception  
50     {
51        Policy   p = Policy.getPolicy();
52        SimplePrincipal[] caller = null;
53        ProtectionDomain   pd = new ProtectionDomain  (null, null, null, caller);
54  
55        WebResourcePermission   wrp = new WebResourcePermission  ("/protected/exact/get/roleA", "GET");
56        assertFalse("/protected/exact/get/roleA GET", p.implies(pd, wrp));
57        wrp = new WebResourcePermission  ("/protected/exact/get/roleA", "POST");
58        assertFalse("/protected/exact/get/roleA POST", p.implies(pd, wrp));
59  
60        caller = new SimplePrincipal[]{new SimplePrincipal("RoleA")};
61        wrp = new WebResourcePermission  ("/protected/exact/get/roleA", "GET");
62        assertFalse("/protected/exact/get/roleA GET", p.implies(pd, wrp));
63        wrp = new WebResourcePermission  ("/protected/exact/get/roleA", "POST");
64        assertFalse("/protected/exact/get/roleA POST", p.implies(pd, wrp));
65  
66        caller = new SimplePrincipal[]{new SimplePrincipal("RoleB")};
67        pd = new ProtectionDomain  (null, null, null, caller);
68        wrp = new WebResourcePermission  ("/protected/exact/get/roleA", "GET");
69        assertFalse("/protected/exact/get/roleA GET", p.implies(pd, wrp));
70        wrp = new WebResourcePermission  ("/protected/exact/get/roleA", "POST");
71        assertTrue("/protected/exact/get/roleA POST", p.implies(pd, wrp));
72     }
73  
74     protected void setUp() throws Exception  
75     {
76        WebMetaData metaData = new WebMetaData();
77        ArrayList   securityContraints = new ArrayList  ();
78        addProtectedASC(securityContraints);
79        addProtectedBSC(securityContraints);
80        metaData.setSecurityConstraints(securityContraints);
81  
82        DelegatingPolicy policy = new DelegatingPolicy();
83        Policy.setPolicy(policy);
84        JBossPolicyConfigurationFactory pcf = new JBossPolicyConfigurationFactory();
85        pc = pcf.getPolicyConfiguration("UncheckedWebConstraintsUnitTestCase", true);
86        WebPermissionMapping.createPermissions(metaData, pc);
87        pc.commit();
88        System.out.println(policy.listContextPolicies());
89        PolicyContext.setContextID("UncheckedWebConstraintsUnitTestCase");
90     }
91  
92     /*
93     <security-constraint>
94         <web-resource-collection>
95             <web-resource-name>exact, get method, roleA</web-resource-name>
96             <url-pattern>/protected/exact/get/roleA</url-pattern>
97             <http-method>GET</http-method>
98         </web-resource-collection>
99         <auth-constraint>
100            <role-name>RoleA</role-name>
101        </auth-constraint>
102        <user-data-constraint>
103            <transport-guarantee>NONE</transport-guarantee>
104        </user-data-constraint>
105    </security-constraint>
106    */
107    private void addProtectedASC(List   securityContraints)
108    {
109       WebSecurityMetaData wsmd = new WebSecurityMetaData();
110       securityContraints.add(wsmd);
111       // web-resource-collection/web-resource-name = exact, get method, roleA
112       WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("exact, get method, roleA");
113       wrc.addPattern("/protected/exact/get/roleA");
114       wrc.addHttpMethod("GET");
115 
116       // auth-constraint/role-name = RoleA
117       wsmd.addRole("RoleA");
118 
119       // user-data-constraint/transport-guarantee
120       wsmd.setTransportGuarantee("NONE");      
121    }
122 
123    /*
124    <security-constraint>
125        <web-resource-collection>
126            <web-resource-name>exact, get method, roleA verifier</web-resource-name>
127            <url-pattern>/protected/exact/get/roleA</url-pattern>
128            <http-method>POST</http-method>
129            <http-method>PUT</http-method>
130            <http-method>HEAD</http-method>
131            <http-method>TRACE</http-method>
132            <http-method>OPTIONS</http-method>
133            <http-method>DELETE</http-method>
134        </web-resource-collection>
135        <auth-constraint>
136            <role-name>RoleB</role-name>
137        </auth-constraint>
138    </security-constraint> 
139    */
140    private void addProtectedBSC(List   securityContraints)
141    {
142       WebSecurityMetaData wsmd = new WebSecurityMetaData();
143       securityContraints.add(wsmd);
144       // web-resource-collection/web-resource-name = exact, get method, roleA verifier
145       WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("exact, get method, roleA verifier");
146       wrc.addPattern("/protected/exact/get/roleA");
147       wrc.addHttpMethod("POST");
148       wrc.addHttpMethod("PUT");
149       wrc.addHttpMethod("HEAD");
150       wrc.addHttpMethod("TRACE");
151       wrc.addHttpMethod("OPTIONS");
152       wrc.addHttpMethod("DELETE");
153 
154       // auth-constraint/role-name = RoleB
155       wsmd.addRole("RoleB");
156    }
157 }
158
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags