sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java - incubator-sentry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sentry.binding.solr;

 import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertTrue;

 import java.io.File;
 import java.io.FileNotFoundException;
 import java.lang.reflect.InvocationTargetException;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.Set;

 import junit.framework.Assert;

 import org.apache.commons.io.FileUtils;
 import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
 import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
 import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
 import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
 import org.apache.sentry.core.common.Subject;
 import org.apache.sentry.core.model.search.Collection;
 import org.apache.sentry.core.model.search.SearchModelAction;
 import org.apache.sentry.provider.file.PolicyFiles;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;

 import com.google.common.collect.Sets;
 import com.google.common.io.Files;
 import com.google.common.io.Resources;

 /**
  * Test for solr authz binding
  */
 public class TestSolrAuthzBinding {
   private static final String RESOURCE_PATH = "test-authz-provider.ini";
   private SolrAuthzConf authzConf = new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
   private File baseDir;

   private Collection infoCollection = new Collection("info");
   private Collection generalInfoCollection = new Collection("generalInfo");

   private Subject corporal1 = new Subject("corporal1");
   private Subject sergeant1 = new Subject("sergeant1");
   private Subject general1 = new Subject("general1");

   private EnumSet<SearchModelAction> querySet = EnumSet.of(SearchModelAction.QUERY);
   private EnumSet<SearchModelAction> updateSet = EnumSet.of(SearchModelAction.UPDATE);
   private EnumSet<SearchModelAction> allSet = EnumSet.of(SearchModelAction.ALL);
   private EnumSet<SearchModelAction> allOfSet = EnumSet.allOf(SearchModelAction.class);
   private EnumSet<SearchModelAction> emptySet = EnumSet.noneOf(SearchModelAction.class);

   @Before
   public void setUp() throws Exception {
     baseDir = Files.createTempDir();
     PolicyFiles.copyToDir(baseDir, RESOURCE_PATH);
     authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, RESOURCE_PATH).getPath());
   }

   @After
   public void teardown() {
     if(baseDir != null) {
       FileUtils.deleteQuietly(baseDir);
     }
   }

   private void setUsableAuthzConf(SolrAuthzConf conf) {
     conf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider");
     conf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, RESOURCE_PATH).getPath());
     conf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getDefault());
     conf.set(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), AuthzConfVars.AUTHZ_POLICY_ENGINE.getDefault());
   }

   /**
    * Test that incorrect specification of classes for
    * AUTHZ_PROVIDER, AUTHZ_PROVIDER_BACKEND, and AUTHZ_POLICY_ENGINE
    * correctly throw ClassNotFoundExceptions
    */
   @Test
   public void testClassNotFound() throws Exception {
     SolrAuthzConf solrAuthzConf =
       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
     setUsableAuthzConf(solrAuthzConf);
     // verify it is usable
     new SolrAuthzBinding(solrAuthzConf);

     // give a bogus provider
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.BogusProvider");
     try {
       new SolrAuthzBinding(solrAuthzConf);
       Assert.fail("Expected ClassNotFoundException");
     } catch (ClassNotFoundException e) {}

     setUsableAuthzConf(solrAuthzConf);
     // give a bogus provider backend
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), "org.apache.sentry.provider.file.BogusProviderBackend");
     try {
       new SolrAuthzBinding(solrAuthzConf);
       Assert.fail("Expected ClassNotFoundException");
     } catch (ClassNotFoundException e) {}

     setUsableAuthzConf(solrAuthzConf);
     // give a bogus policy enine
     solrAuthzConf.set(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), "org.apache.sentry.provider.solr.BogusPolicyEngine");
     try {
       new SolrAuthzBinding(solrAuthzConf);
       Assert.fail("Expected ClassNotFoundException");
     } catch (ClassNotFoundException e) {}
   }

   /**
    * Test that incorrect specification of the provider resource
    * throws an exception
    */
   @Test
   public void testResourceNotFound() throws Exception {
     SolrAuthzConf solrAuthzConf =
       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
     setUsableAuthzConf(solrAuthzConf);

     // bogus specification
     solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, "test-authz-bogus-provider.ini").getPath());
     try {
       new SolrAuthzBinding(solrAuthzConf);
       Assert.fail("Expected InvocationTargetException");
     } catch (InvocationTargetException e) {
       assertTrue(e.getTargetException() instanceof FileNotFoundException);
     }

     // missing specification
     solrAuthzConf.unset(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar());
     try {
       new SolrAuthzBinding(solrAuthzConf);
       Assert.fail("Expected InvocationTargetException");
     } catch (InvocationTargetException e) {
       assertTrue(e.getTargetException() instanceof IllegalArgumentException);
     }
   }

   /**
    * Verify that an definition of only the AuthorizationProvider
    * (not ProviderBackend or PolicyEngine) works.
    */
   @Test
   public void testAuthProviderOnlySolrAuthzConfs() throws Exception {
     new SolrAuthzBinding(authzConf);
   }

   /**
    * Test for group mapping
    */
   @Test
   public void testGroupMapping() throws Exception {
     SolrAuthzConf solrAuthzConf =
       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
     setUsableAuthzConf(solrAuthzConf);
     SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
     Set<String> emptyList = Collections.emptySet();

     // check non-existant users
     assertEquals(binding.getGroups(null), emptyList);
     assertEquals(binding.getGroups("nonExistantUser"), emptyList);

     // check group names don't map to user names
     assertEquals(binding.getGroups("corporal"), emptyList);
     assertEquals(binding.getGroups("sergeant"), emptyList);
     assertEquals(binding.getGroups("general"), emptyList);
     assertEquals(binding.getGroups("othergeneralgroup"), emptyList);

     // check valid group names
     assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
     assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
     assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
   }

   /**
    * Test that a full sentry-site definition works.
    */
   @Test
   public void testSolrAuthzConfs() throws Exception {
      SolrAuthzConf solrAuthzConf =
        new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
      setUsableAuthzConf(solrAuthzConf);
      new SolrAuthzBinding(solrAuthzConf);
   }

   private void expectAuthException(SolrAuthzBinding binding, Subject subject,
       Collection collection, EnumSet<SearchModelAction> action) throws Exception {
      try {
        binding.authorizeCollection(subject, collection, action);
        Assert.fail("Expected SentrySolrAuthorizationException");
      } catch(SentrySolrAuthorizationException e) {
      }
   }

   /**
    * Test that a user that doesn't exist throws an exception
    * when trying to authorize
    */
   @Test
   public void testNoUser() throws Exception {
      SolrAuthzConf solrAuthzConf =
        new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
      setUsableAuthzConf(solrAuthzConf);
      SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
      expectAuthException(binding, new Subject("bogus"), infoCollection, querySet);
   }

   /**
    * Test that a bogus collection name throws an exception
    */
   @Test
   public void testNoCollection() throws Exception {
      SolrAuthzConf solrAuthzConf =
        new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
      setUsableAuthzConf(solrAuthzConf);
      SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
      expectAuthException(binding, corporal1, new Collection("bogus"), querySet);
   }

   /**
    * Test if no action is attempted an exception is thrown
    */
   @Test
   public void testNoAction() throws Exception {
     SolrAuthzConf solrAuthzConf =
       new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
     setUsableAuthzConf(solrAuthzConf);
     SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
     try {
       binding.authorizeCollection(corporal1, infoCollection, emptySet);
       Assert.fail("Expected IllegalArgumentException");
     } catch (IllegalArgumentException e) {
     }
   }

   /**
    * Test that standard unauthorized attempts fail
    */
   @Test
   public void testAuthException() throws Exception {
     SolrAuthzConf solrAuthzConf =
        new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
      setUsableAuthzConf(solrAuthzConf);
      SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
      expectAuthException(binding, corporal1, infoCollection, updateSet);
      expectAuthException(binding, corporal1, infoCollection, allSet);
      expectAuthException(binding, corporal1, generalInfoCollection, querySet);
      expectAuthException(binding, corporal1, generalInfoCollection, updateSet);
      expectAuthException(binding, corporal1, generalInfoCollection, allSet);
      expectAuthException(binding, sergeant1, infoCollection, allSet);
      expectAuthException(binding, sergeant1, generalInfoCollection, querySet);
      expectAuthException(binding, sergeant1, generalInfoCollection, updateSet);
      expectAuthException(binding, sergeant1, generalInfoCollection, allSet);
   }

   /**
    * Test that standard authorized attempts succeed
    */
   @Test
   public void testAuthAllowed() throws Exception {
      SolrAuthzConf solrAuthzConf =
        new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
      setUsableAuthzConf(solrAuthzConf);
      SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
      binding.authorizeCollection(corporal1, infoCollection, querySet);
      binding.authorizeCollection(sergeant1, infoCollection, querySet);
      binding.authorizeCollection(sergeant1, infoCollection, updateSet);
      binding.authorizeCollection(general1, infoCollection, querySet);
      binding.authorizeCollection(general1, infoCollection, updateSet);
      binding.authorizeCollection(general1, infoCollection, allSet);
      binding.authorizeCollection(general1, infoCollection, allOfSet);
      binding.authorizeCollection(general1, generalInfoCollection, querySet);
      binding.authorizeCollection(general1, generalInfoCollection, updateSet);
      binding.authorizeCollection(general1, generalInfoCollection, allSet);
      binding.authorizeCollection(general1, generalInfoCollection, allOfSet);
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sentry.binding.solr;

	import static junit.framework.Assert.assertEquals;
	import static junit.framework.Assert.assertTrue;

	import java.io.File;
	import java.io.FileNotFoundException;
	import java.lang.reflect.InvocationTargetException;
	import java.util.Collections;
	import java.util.EnumSet;
	import java.util.Set;

	import junit.framework.Assert;

	import org.apache.commons.io.FileUtils;
	import org.apache.sentry.binding.solr.authz.SentrySolrAuthorizationException;
	import org.apache.sentry.binding.solr.authz.SolrAuthzBinding;
	import org.apache.sentry.binding.solr.conf.SolrAuthzConf;
	import org.apache.sentry.binding.solr.conf.SolrAuthzConf.AuthzConfVars;
	import org.apache.sentry.core.common.Subject;
	import org.apache.sentry.core.model.search.Collection;
	import org.apache.sentry.core.model.search.SearchModelAction;
	import org.apache.sentry.provider.file.PolicyFiles;
	import org.junit.After;
	import org.junit.Before;
	import org.junit.Test;

	import com.google.common.collect.Sets;
	import com.google.common.io.Files;
	import com.google.common.io.Resources;

	/**
	* Test for solr authz binding
	*/
	public class TestSolrAuthzBinding {
	private static final String RESOURCE_PATH = "test-authz-provider.ini";
	private SolrAuthzConf authzConf = new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	private File baseDir;

	private Collection infoCollection = new Collection("info");
	private Collection generalInfoCollection = new Collection("generalInfo");

	private Subject corporal1 = new Subject("corporal1");
	private Subject sergeant1 = new Subject("sergeant1");
	private Subject general1 = new Subject("general1");

	private EnumSet<SearchModelAction> querySet = EnumSet.of(SearchModelAction.QUERY);
	private EnumSet<SearchModelAction> updateSet = EnumSet.of(SearchModelAction.UPDATE);
	private EnumSet<SearchModelAction> allSet = EnumSet.of(SearchModelAction.ALL);
	private EnumSet<SearchModelAction> allOfSet = EnumSet.allOf(SearchModelAction.class);
	private EnumSet<SearchModelAction> emptySet = EnumSet.noneOf(SearchModelAction.class);

	@Before
	public void setUp() throws Exception {
	baseDir = Files.createTempDir();
	PolicyFiles.copyToDir(baseDir, RESOURCE_PATH);
	authzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, RESOURCE_PATH).getPath());
	}

	@After
	public void teardown() {
	if(baseDir != null) {
	FileUtils.deleteQuietly(baseDir);
	}
	}

	private void setUsableAuthzConf(SolrAuthzConf conf) {
	conf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider");
	conf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, RESOURCE_PATH).getPath());
	conf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getDefault());
	conf.set(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), AuthzConfVars.AUTHZ_POLICY_ENGINE.getDefault());
	}

	/**
	* Test that incorrect specification of classes for
	* AUTHZ_PROVIDER, AUTHZ_PROVIDER_BACKEND, and AUTHZ_POLICY_ENGINE
	* correctly throw ClassNotFoundExceptions
	*/
	@Test
	public void testClassNotFound() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	// verify it is usable
	new SolrAuthzBinding(solrAuthzConf);

	// give a bogus provider
	solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER.getVar(), "org.apache.sentry.provider.BogusProvider");
	try {
	new SolrAuthzBinding(solrAuthzConf);
	Assert.fail("Expected ClassNotFoundException");
	} catch (ClassNotFoundException e) {}

	setUsableAuthzConf(solrAuthzConf);
	// give a bogus provider backend
	solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_BACKEND.getVar(), "org.apache.sentry.provider.file.BogusProviderBackend");
	try {
	new SolrAuthzBinding(solrAuthzConf);
	Assert.fail("Expected ClassNotFoundException");
	} catch (ClassNotFoundException e) {}

	setUsableAuthzConf(solrAuthzConf);
	// give a bogus policy enine
	solrAuthzConf.set(AuthzConfVars.AUTHZ_POLICY_ENGINE.getVar(), "org.apache.sentry.provider.solr.BogusPolicyEngine");
	try {
	new SolrAuthzBinding(solrAuthzConf);
	Assert.fail("Expected ClassNotFoundException");
	} catch (ClassNotFoundException e) {}
	}

	/**
	* Test that incorrect specification of the provider resource
	* throws an exception
	*/
	@Test
	public void testResourceNotFound() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);

	// bogus specification
	solrAuthzConf.set(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar(), new File(baseDir, "test-authz-bogus-provider.ini").getPath());
	try {
	new SolrAuthzBinding(solrAuthzConf);
	Assert.fail("Expected InvocationTargetException");
	} catch (InvocationTargetException e) {
	assertTrue(e.getTargetException() instanceof FileNotFoundException);
	}

	// missing specification
	solrAuthzConf.unset(AuthzConfVars.AUTHZ_PROVIDER_RESOURCE.getVar());
	try {
	new SolrAuthzBinding(solrAuthzConf);
	Assert.fail("Expected InvocationTargetException");
	} catch (InvocationTargetException e) {
	assertTrue(e.getTargetException() instanceof IllegalArgumentException);
	}
	}

	/**
	* Verify that an definition of only the AuthorizationProvider
	* (not ProviderBackend or PolicyEngine) works.
	*/
	@Test
	public void testAuthProviderOnlySolrAuthzConfs() throws Exception {
	new SolrAuthzBinding(authzConf);
	}

	/**
	* Test for group mapping
	*/
	@Test
	public void testGroupMapping() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
	Set<String> emptyList = Collections.emptySet();

	// check non-existant users
	assertEquals(binding.getGroups(null), emptyList);
	assertEquals(binding.getGroups("nonExistantUser"), emptyList);

	// check group names don't map to user names
	assertEquals(binding.getGroups("corporal"), emptyList);
	assertEquals(binding.getGroups("sergeant"), emptyList);
	assertEquals(binding.getGroups("general"), emptyList);
	assertEquals(binding.getGroups("othergeneralgroup"), emptyList);

	// check valid group names
	assertEquals(binding.getGroups("corporal1"), Sets.newHashSet("corporal"));
	assertEquals(binding.getGroups("sergeant1"), Sets.newHashSet("sergeant"));
	assertEquals(binding.getGroups("general1"), Sets.newHashSet("general", "othergeneralgroup"));
	}

	/**
	* Test that a full sentry-site definition works.
	*/
	@Test
	public void testSolrAuthzConfs() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	new SolrAuthzBinding(solrAuthzConf);
	}

	private void expectAuthException(SolrAuthzBinding binding, Subject subject,
	Collection collection, EnumSet<SearchModelAction> action) throws Exception {
	try {
	binding.authorizeCollection(subject, collection, action);
	Assert.fail("Expected SentrySolrAuthorizationException");
	} catch(SentrySolrAuthorizationException e) {
	}
	}

	/**
	* Test that a user that doesn't exist throws an exception
	* when trying to authorize
	*/
	@Test
	public void testNoUser() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
	expectAuthException(binding, new Subject("bogus"), infoCollection, querySet);
	}

	/**
	* Test that a bogus collection name throws an exception
	*/
	@Test
	public void testNoCollection() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
	expectAuthException(binding, corporal1, new Collection("bogus"), querySet);
	}

	/**
	* Test if no action is attempted an exception is thrown
	*/
	@Test
	public void testNoAction() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
	try {
	binding.authorizeCollection(corporal1, infoCollection, emptySet);
	Assert.fail("Expected IllegalArgumentException");
	} catch (IllegalArgumentException e) {
	}
	}

	/**
	* Test that standard unauthorized attempts fail
	*/
	@Test
	public void testAuthException() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
	expectAuthException(binding, corporal1, infoCollection, updateSet);
	expectAuthException(binding, corporal1, infoCollection, allSet);
	expectAuthException(binding, corporal1, generalInfoCollection, querySet);
	expectAuthException(binding, corporal1, generalInfoCollection, updateSet);
	expectAuthException(binding, corporal1, generalInfoCollection, allSet);
	expectAuthException(binding, sergeant1, infoCollection, allSet);
	expectAuthException(binding, sergeant1, generalInfoCollection, querySet);
	expectAuthException(binding, sergeant1, generalInfoCollection, updateSet);
	expectAuthException(binding, sergeant1, generalInfoCollection, allSet);
	}

	/**
	* Test that standard authorized attempts succeed
	*/
	@Test
	public void testAuthAllowed() throws Exception {
	SolrAuthzConf solrAuthzConf =
	new SolrAuthzConf(Resources.getResource("sentry-site.xml"));
	setUsableAuthzConf(solrAuthzConf);
	SolrAuthzBinding binding = new SolrAuthzBinding(solrAuthzConf);
	binding.authorizeCollection(corporal1, infoCollection, querySet);
	binding.authorizeCollection(sergeant1, infoCollection, querySet);
	binding.authorizeCollection(sergeant1, infoCollection, updateSet);
	binding.authorizeCollection(general1, infoCollection, querySet);
	binding.authorizeCollection(general1, infoCollection, updateSet);
	binding.authorizeCollection(general1, infoCollection, allSet);
	binding.authorizeCollection(general1, infoCollection, allOfSet);
	binding.authorizeCollection(general1, generalInfoCollection, querySet);
	binding.authorizeCollection(general1, generalInfoCollection, updateSet);
	binding.authorizeCollection(general1, generalInfoCollection, allSet);
	binding.authorizeCollection(general1, generalInfoCollection, allOfSet);
	}
	}