KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > outerj > daisy > repository > test > AbstractUserManagementTest


1 /*
2  * Copyright 2004 Outerthought bvba and Schaubroeck nv
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package org.outerj.daisy.repository.test;
17
18 import org.outerj.daisy.repository.*;
19 import org.outerj.daisy.repository.testsupport.AbstractDaisyTestCase;
20 import org.outerj.daisy.repository.user.Role;
21 import org.outerj.daisy.repository.user.Roles;
22 import org.outerj.daisy.repository.user.User;
23 import org.outerj.daisy.repository.user.UserManagementException;
24 import org.outerj.daisy.repository.user.UserManager;
25
26 /**
27  * Tests for user management.
28  */
29 public abstract class AbstractUserManagementTest extends AbstractDaisyTestCase {
30
31     protected boolean resetDataStores() {
32         /* we want to use a clean data store
33          * for this testcase, hence return
34          * true in this method
35          */
36         return true;
37     }
38     
39     protected abstract RepositoryManager getRepositoryManager() throws Exception JavaDoc;
40     
41     /**
42      * setup this test, assumes that the repository has been freshly created and the password
43      * of the system user didn't change yet - which shouldn't be a problem since the testcases
44      * are running against a separate testdatabase (under normal circumstances)
45      */
46     private void setUpBasicUsersAndRoles() throws Exception JavaDoc {
47         Repository repository = getRepositoryManager().getRepository(new Credentials("testuser", "testuser"));
48         repository.switchRole(Role.ADMINISTRATOR);
49         UserManager userMan = repository.getUserManager();
50         
51         setupRole(userMan, "guest");
52         
53         Role adminRole = userMan.getRole(1, true);
54         Role userRole = userMan.getRole("User", true);
55         Role guestRole = userMan.getRole("guest", true);
56         
57         
58         User testAdminUser = userMan.createUser("testadmin");
59         testAdminUser.addToRole(adminRole);
60         testAdminUser.addToRole(userRole);
61         testAdminUser.setDefaultRole(userRole);
62         testAdminUser.setPassword("secret");
63         testAdminUser.save();
64         
65         User user = userMan.createUser("testnonadmin");
66         user.addToRole(userRole);
67         user.setDefaultRole(userRole);
68         user.setPassword("spa");
69         user.save();
70                         
71     }
72
73     private void setupRole(UserManager userMan, String JavaDoc roleName) throws Exception JavaDoc{
74         try {
75             userMan.getRole(roleName, true);
76         } catch (UserManagementException e) {
77             Role userRole = userMan.createRole(roleName);
78             userRole.save();
79         }
80     }
81     
82     
83     public void testUserManagement() throws Exception JavaDoc {
84         setUpBasicUsersAndRoles();
85         UserManager userManager = null;
86         Repository repository = null;
87         
88         System.out.println("starting user management tests");
89         
90         //2. get the usermanager for an administrative user
91 RepositoryManager repositoryManager = getRepositoryManager();
92         repository = repositoryManager.getRepository(new Credentials("testadmin", "secret"));
93         repository.switchRole(1);
94         long[] availableRoles = repository.getAvailableRoles();
95
96         userManager = repository.getUserManager();
97         assertNotNull(userManager);
98
99         String JavaDoc tmpRoleName = "Confessor"+System.currentTimeMillis();
100         Role confessorRole = userManager.createRole(tmpRoleName);
101
102         confessorRole.setDescription("if you're touched by confessor magic - you're in quite some trouble :)");
103
104         confessorRole.save();
105         //id should at this point have been updated from the data store
106 assertTrue(confessorRole.getId()!=-1);
107
108         //let's doublecheck through other method as well
109 Role cfRole = userManager.getRole(tmpRoleName, true);
110         assertTrue(cfRole.getId()!=-1);
111
112         System.out.println("About to delete role with id "+confessorRole.getId());
113         userManager.deleteRole(confessorRole.getId());
114
115         try {
116             userManager.getRole(tmpRoleName, true);
117             assertTrue("role deletion didn't succeed", false);
118         } catch (UserManagementException e6) {}
119
120         tmpRoleName+="-partDeux";
121         Role anotherConfessorRole = userManager.createRole(tmpRoleName);
122
123         tmpRoleName+="x";
124         Role yetAnotherConfessorRole = userManager.createRole(tmpRoleName);
125         //this should work..
126 yetAnotherConfessorRole.setName(tmpRoleName);
127         yetAnotherConfessorRole.save();
128
129         User kahlanUser = userManager.createUser("KahlanAmnell"+System.currentTimeMillis());
130
131         kahlanUser.setPassword("ConDar");
132
133         try {
134             kahlanUser.addToRole(anotherConfessorRole);
135
136
137             assertTrue("adding user to role that wasn't saved yet didn't throw an exception!", false);
138         } catch (Exception JavaDoc e1) {}
139
140         anotherConfessorRole.save();
141         //ok, we just tried to add, role is saved now, so now we can add the user to this new role
142 kahlanUser.addToRole(anotherConfessorRole);
143         kahlanUser.setDefaultRole(anotherConfessorRole);
144         kahlanUser.save();
145
146         // now let's load this testuser from the manager again
147 kahlanUser = userManager.getUser(kahlanUser.getLogin(), true);
148         Roles wuRoles = kahlanUser.getAllRoles();
149         // this user should belong to 1 role (see before)
150 Role[] wuRolesArr = wuRoles.getArray();
151         System.out.println("this user belongs to "+wuRolesArr.length+" roles");
152         System.out.println("just checking: this user's login was "+kahlanUser.getLogin());
153
154         assertEquals(wuRolesArr.length, 1);
155         //we can safely just get the first index from the array and run our test on it
156 assertEquals(wuRolesArr[0].getName(), anotherConfessorRole.getName());
157
158         //this user has only one role, we now try to delete that role itself
159
160         try {
161             userManager.deleteRole(anotherConfessorRole.getId());
162             assertTrue("deleting role when some users only have it as their " +
163                     "default role didn't throw an exception", false);
164
165         } catch (UserManagementException e5) {}
166
167         String JavaDoc userToBeDeletedLogin = kahlanUser.getLogin();
168         //this should still work....
169 userManager.getUser(userToBeDeletedLogin, true);
170         userManager.deleteUser(kahlanUser.getId());
171
172         try {
173             userManager.getUser(userToBeDeletedLogin, true);
174             assertTrue("user deletion didn't succeed", false);
175         } catch (UserManagementException e4) {}
176
177         //just create another user to do further tests
178
179         // create a user with no password... and try to save
180 User warshanUser = userManager.createUser("Warshan"+System.currentTimeMillis());
181         warshanUser.addToRole(anotherConfessorRole);
182         warshanUser.addToRole(anotherConfessorRole);
183         warshanUser.addToRole(anotherConfessorRole);
184         //added three times to same role - should result in just 1 time addition
185 //and should not have thrown an exception
186 warshanUser.addToRole(yetAnotherConfessorRole);
187
188         warshanUser.setDefaultRole(anotherConfessorRole);
189
190         try {
191             warshanUser.save();
192             assertTrue("saving user with empty password succeeded! Houston, we have a problem!", false);
193         } catch (UserManagementException e2) {}
194
195         warshanUser.setPassword("Tyskie");
196
197         // now let's see what happens if we save after correction...
198 warshanUser.save();
199
200
201         //let's go for a user update test now
202 User userToUpdate = userManager.getUser(warshanUser.getLogin(), true);
203         //this user should belong to two roles at this moment...
204 assertEquals(userToUpdate.getAllRoles().getArray().length, 2);
205
206         userToUpdate.setEmail("speedy@gonzales.org");
207         userToUpdate.setFirstName("speedy");
208         userToUpdate.setLastName("gonzales");
209         userToUpdate.setPassword("chachacha");
210         userToUpdate.setAuthenticationScheme("abc");
211
212         userToUpdate.removeFromRole(anotherConfessorRole);
213         userToUpdate.setDefaultRole(yetAnotherConfessorRole);
214
215         userToUpdate.save();
216         User updatedUser = userManager.getUser(warshanUser.getLogin(), true);
217         assertEquals(userToUpdate.getAllRoles().getArray().length, 1);
218         assertEquals(updatedUser.getEmail(), "speedy@gonzales.org");
219         assertEquals(updatedUser.getFirstName(), "speedy");
220         assertEquals(updatedUser.getLastName(), "gonzales");
221         assertNotNull(updatedUser.getDefaultRole());
222         assertEquals(updatedUser.getDefaultRole().getName(), yetAnotherConfessorRole.getName());
223         assertEquals("abc", updatedUser.getAuthenticationScheme());
224         //end user update test
225
226         //role update & concurrency test
227 //remark: normally we would have to actually test concurrency with another user,
228 //but we can test behaviour without having to be obliged to do this.
229
230         Role roleToUpdate = userManager.getRole(yetAnotherConfessorRole.getName(), true);
231         Role roleToUpdate2 = userManager.getRole(yetAnotherConfessorRole.getName(), true);
232         roleToUpdate.setDescription("bugsbunnyimitator");
233         roleToUpdate.save();
234
235         Role updatedRole = userManager.getRole(yetAnotherConfessorRole.getName(), true);
236         assertEquals(updatedRole.getDescription(), "bugsbunnyimitator");
237         //modify something (but we know someone else already modified at same time)
238 roleToUpdate2.setDescription("TomskiAndJerrySki");
239         try {
240             roleToUpdate2.save();
241             assertTrue("concurrency problem not detected!", false);
242         } catch (RepositoryException e7) {}
243
244         //end role update test
245
246
247         // check some stuff on the test users which we put in the database ourselves.
248
249         Role r = userManager.getRole("Administrator", true);
250         assertEquals(r.getName(), "Administrator");
251
252         // check to see if the list of all roles behaves ok
253 Role[] allRoles = userManager.getRoles().getArray();
254         
255         // at this point there should definitely be more than 1 role in the role list.
256 // theoretically we could even test to see if the net number of roles we created
257 // in this test is correct in the list of all roles.
258 assertTrue(allRoles.length>1);
259         for (int i = 0; i < allRoles.length; i++) {
260             Role role = allRoles[i];
261             assertNotNull(role);
262         }
263         
264         // some tests on the nonadministrative testuser we put in the database ourselves
265 User simpleNonAdminUser = userManager.getUser("testnonadmin", true);
266         assertNotNull(simpleNonAdminUser);
267         assertNotNull(simpleNonAdminUser.getDefaultRole());
268         Roles simpleNonAdminRoles = simpleNonAdminUser.getAllRoles();
269         
270         // testing the roles of testnonadmin
271 for (int i = 0; i < simpleNonAdminRoles.getArray().length; i++) {
272             Role role = simpleNonAdminRoles.getArray()[i];
273             assertNotNull(role);
274         }
275
276         // test direct retrieval of display names
277 assertEquals(simpleNonAdminUser.getDisplayName(), userManager.getUserDisplayName(simpleNonAdminUser.getId()));
278
279         // test caching of user objects (assuming caching is enabled)
280 User nonUpdateableUser1 = userManager.getUser(simpleNonAdminUser.getId(), false);
281         User nonUpdateableUser2 = userManager.getUser(simpleNonAdminUser.getId(), false);
282         assertTrue("retrieving cached user two times should give same object instance", nonUpdateableUser1 == nonUpdateableUser2);
283
284         simpleNonAdminUser.setFirstName("jules");
285         simpleNonAdminUser.save();
286         assertEquals("jules", userManager.getUserDisplayName(simpleNonAdminUser.getId()));
287
288         //
289 // test the "updateableByUser" flag
290 //
291 Role justAUser = userManager.createRole("just_a_user");
292         justAUser.save();
293         Role justAUser2 = userManager.createRole("just_a_user2");
294         justAUser2.save();
295         User herman = userManager.createUser("herman");
296         herman.setPassword("herman");
297         herman.addToRole(justAUser);
298         herman.addToRole(justAUser2);
299         herman.setDefaultRole(justAUser);
300         herman.setUpdateableByUser(true);
301         herman.save();
302
303         Repository hermanRepository = repositoryManager.getRepository(new Credentials("herman", "herman"));
304         herman = hermanRepository.getUserManager().getUser(herman.getId(), true);
305         herman.setEmail("herman@highanddry");
306         herman.save();
307
308         Role adminRole = hermanRepository.getUserManager().getRole(Role.ADMINISTRATOR, false);
309         herman.addToRole(adminRole);
310         try {
311             herman.save();
312             fail("User should not be able to change his/her own roles.");
313         } catch (Exception JavaDoc e) {
314         }
315
316         herman = hermanRepository.getUserManager().getUser(herman.getId(), true);
317         herman.setDefaultRole(justAUser2);
318         try {
319             herman.save();
320             fail("User should not be able to change his/her own default role.");
321         } catch (Exception JavaDoc e) {
322         }
323
324         herman = hermanRepository.getUserManager().getUser(herman.getId(), true);
325         herman.setLogin("otherHerman");
326         try {
327             herman.save();
328             fail("User should not be able to change his/her own login.");
329         } catch (Exception JavaDoc e) {
330         }
331
332         //
333 // Test that user $system cannot login and cannot be updated
334 //
335 try {
336             repositoryManager.getRepository(new Credentials("$system", "does_not_matter"));
337             fail("Logging in as user $system should not have succeeded.");
338         } catch (Exception JavaDoc e) {
339             // no good way to check the kind of exception
340 }
341
342         try {
343             User systemUser = repository.getUserManager().getUser(1, true);
344             systemUser.save();
345             fail("Saving the user $system should have failed.");
346         } catch (Exception JavaDoc e) {
347             // no good way to check the kind of exception
348 }
349
350         try {
351             User systemUser = repository.getUserManager().getUser("$system", true);
352             systemUser.save();
353             fail("Saving the user $system should have failed.");
354         } catch (Exception JavaDoc e) {
355             // no good way to check the kind of exception
356 }
357
358         //
359 // Test the confirmation options
360 //
361 Role testRole = userManager.createRole("test");
362         testRole.save();
363         User confirmUser = userManager.createUser("confirm");
364         confirmUser.setPassword("confirm");
365         confirmUser.addToRole(testRole);
366         confirmUser.setDefaultRole(testRole);
367         assertTrue(confirmUser.isConfirmed());
368         confirmUser.save();
369         assertTrue(confirmUser.isConfirmed());
370         confirmUser = userManager.getUser(confirmUser.getId(), true);
371         assertTrue(confirmUser.isConfirmed());
372         confirmUser.setConfirmed(false);
373         confirmUser.setConfirmKey("abc");
374         confirmUser.save();
375         confirmUser = userManager.getUser(confirmUser.getId(), true);
376         assertFalse(confirmUser.isConfirmed());
377         assertEquals("abc", confirmUser.getConfirmKey());
378
379         // unconfirmed user should not be able to log in
380 try {
381             repositoryManager.getRepository(new Credentials("confirm", "confirm"));
382             fail("Logging in with unconfirmed user should fail.");
383         } catch (AuthenticationFailedException e) {
384         }
385
386         //
387 // Test that a user which was last updated by himself can be deleted
388 // (was a problem before because of a foreign key constraint on the DB to itself)
389 //
390 User user = userManager.createUser("deleteLastUpdateTest");
391         Role guestRole = userManager.getRole("guest", false);
392         user.addToRole(guestRole);
393         user.setDefaultRole(guestRole);
394         user.setPassword("dummy");
395         user.setUpdateableByUser(true);
396         user.save();
397
398         User myself = repositoryManager.getRepository(new Credentials("deleteLastUpdateTest", "dummy")).getUserManager().getUser("deleteLastUpdateTest", true);
399         myself.save();
400
401         userManager.deleteUser(user.getId());
402     }
403 }
404
Popular Tags