src/test/java/org/apache/directory/fortress/core/samples/CreateSessionSample.java - directory-fortress-core - Git at Google

 /*
  *   Licensed to the Apache Software Foundation (ASF) under one
  *   or more contributor license agreements.  See the NOTICE file
  *   distributed with this work for additional information
  *   regarding copyright ownership.  The ASF licenses this file
  *   to you under the Apache License, Version 2.0 (the
  *   "License"); you may not use this file except in compliance
  *   with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *   Unless required by applicable law or agreed to in writing,
  *   software distributed under the License is distributed on an
  *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *   KIND, either express or implied.  See the License for the
  *   specific language governing permissions and limitations
  *   under the License.
  *
  */
 package org.apache.directory.fortress.core.samples;

 import java.util.List;

 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;

 import org.apache.directory.fortress.core.AccessMgr;
 import org.apache.directory.fortress.core.AccessMgrFactory;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.PasswordException;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.impl.TestUtils;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 /**
  * CreateSessionSample JUnit Test. Fortress Sessions are modeled on the RBAC specification.  Each Session
  * may contain User attributes plus all of their activated Roles.  The Session will also contain pw policy
  * and error status flags that were set during User's previous CreateSession invocation.
  *
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class CreateSessionSample extends TestCase
 {
     private static final String CLS_NM = CreateSessionSample.class.getName();
     private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );

     public CreateSessionSample(String name)
     {
         super(name);
     }

     /**
      * Run several Use cases that demonstrate RBAC Session creation attempts using common scenarios.
      * @return Test
      */
     public static Test suite()
     {
         TestSuite suite = new TestSuite();
         suite.addTest(new CreateSessionSample("testCreateSession"));
         suite.addTest(new CreateSessionSample("testCreateSessionWithRole"));
         suite.addTest(new CreateSessionSample("testCreateSessionTrusted"));
         suite.addTest(new CreateSessionSample("testCreateSessionWithRolesTrusted"));
         return suite;
     }

     /**
      * This method is simple wrapper.
      *
      */
     public void testCreateSession()
     {
         //createSession("oamuser1", "passw0rd1", 10);
         createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, 10);
     }

     /**
      * Another wrapper for create session with roles.
      *
      */
     public void testCreateSessionWithRole()
     {
         //createSessionsWithRole(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE);
         createSessionsWithRole(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, CreateRoleSample.TEST_ROLE_PREFIX + "1");
     }

     /**
      * This wrapper will create a session passing roles without a password.
      *
      */
     public void testCreateSessionWithRolesTrusted()
     {
         createSessionsWithRolesTrusted(CreateUserSample.TEST_USERID, new String[]{CreateRoleSample.TEST_ROLE_PREFIX + "1", CreateRoleSample.TEST_ROLE_PREFIX + "3", CreateRoleSample.TEST_ROLE_PREFIX + "4"}, 3);
     }

     /**
      * This wrapper will create a session without a password.
      *
      */
     public void testCreateSessionTrusted()
     {
         createSessionTrusted(CreateUserSample.TEST_USERID);
     }

     /**
      * Calls AccessMgr createSession API.  Will check to ensure the RBAC Session contains the expected number of Roles
      * activated.
      *
      * @param userId  Case insensitive userId.
      * @param password Password is case sensitive, clear text but is stored in directory as hashed value.
      * @param expectedRoles integer contains the expected number of Roles in the Session.
      */
     public static void createSession(String userId, String password, int expectedRoles)
     {
         String szLocation = ".createSession";
         try
         {
             // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
             AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

             // The User entity is used to pass data into the createSession API.
             User user = new User(userId, password);

             // This API will return a Session object that contains the User's activated Roles and other info.
             Session session = accessMgr.createSession(user, false);

             // createSession will throw SecurityException if fails thus the Session should never be null.
             assertNotNull(session);

             // Pull the userId from the Session.
             String sessUserId = accessMgr.getUserId(session);
             assertTrue(szLocation + " failed compare found userId in session [" + sessUserId + "] valid userId [" + userId + "]", userId.equalsIgnoreCase(sessUserId));

             // Get the User's activated Roles.
             List<UserRole> uRoles = session.getRoles();

             // do some validations
             assertNotNull(uRoles);
             assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, uRoles.size());
             // now try negative test case:
             try
             {
                 // this better fail
                 User userBad = new User(user.getUserId(), "badpw");

                 // The API will authenticate the User password, evaluate password policies and perform Role activations.
                 accessMgr.createSession(userBad, false);
                 fail(szLocation + " userId [" + userId + "]  failed negative test");
             }
             catch (PasswordException pe)
             {
                 assertTrue(szLocation + " userId [" + userId + "]  excep id check", pe.getErrorId() == GlobalErrIds.USER_PW_INVLD);
                 // pass
             }
             catch (SecurityException se)
             {
                 fail(szLocation + " userId [" + userId + "]  failed with unexpected errorId" + se.getErrorId() + " msg=" + se.getMessage());
                 // pass
             }
             LOG.info(szLocation + " userId [" + userId + "] successful");
         }
         catch (SecurityException ex)
         {
             LOG.error(szLocation + " userId [" + userId + "]  caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
             fail(ex.getMessage());
         }
     }

     /**
      * Call the AccessMgr createSession API passing a single Role for activation.  Successful RBAC Session should
      * contains same Role activated.
      *
      * @param userId  Case insensitive userId.
      * @param password Password is case sensitive, clear text but is stored in directory as hashed value.
      * @param role contains role name of Role targeted for Activation.
      */
     public static void createSessionsWithRole(String userId, String password, String role)
     {
         String szLocation = ".createSessionsWithRole";
         try
         {
             // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
             AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

             // The User entity is used to pass data into the createSession API.
             User user = new User(userId, password, role);

             // The API will authenticate the User password, evaluate password policies and perform Role activations.
             Session session = accessMgr.createSession(user, false);

             // createSession will throw SecurityException if fails thus the Session should never be null.
             assertNotNull(session);

             // do some validations
             // Get the User's activated Roles.
             List<UserRole> sessRoles = session.getRoles();
             assertTrue(szLocation + " userId [" + userId + "]  with roles failed role check", sessRoles.contains(new UserRole(role)));
             LOG.info(szLocation + "  userId [" + userId + "] successful");
         }
         catch (SecurityException ex)
         {
             LOG.error(szLocation + " userId [" + userId + "]  caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
             fail(ex.getMessage());
         }
     }

     /**
      * Create RBAC Session and activated supplied Roles.  This scenario perform authentication in trusted manner
      * which does not require User password.
      *
      * @param userId  Case insensitive userId.
      * @param roles array of Role names to activate into RBAC Session.
      * @param expectedRoles integer contains the expected number of Roles in the Session.
      */
     public static void createSessionsWithRolesTrusted(String userId, String[] roles, int expectedRoles)
     {
         String szLocation = ".createSessionsWithRolesTrusted";
         try
         {
             AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

             // The User entity is used to pass data into the createSession API.
             User user = new User(userId);

             // iterate over array of input Role names.
             for (String roleName : roles)
             {
                 // Add the Role name to list of Roles to be activated on Session.
                 user.setRoleName(roleName);
             }

             // The API will verify User is good and perform Role activations.  Request will fail if User is locked out of ldap for any reason.
             Session session = accessMgr.createSession(user, true);

             // createSession will throw SecurityException if fails thus the Session should never be null.
             assertNotNull(session);

             // Get the User's activated Roles.
             List<UserRole> sessRoles = session.getRoles();

             // do some validations
             assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, sessRoles.size());
             for (String roleName : roles)
             {
                 assertTrue(szLocation + " userId [" + userId + "]  with roles trusted failed role check", sessRoles.contains(new UserRole(roleName)));
             }

             LOG.info(szLocation + "  userId [" + userId + "] successful");
         }
         catch (SecurityException ex)
         {
             LOG.error(szLocation + " caught userId [" + userId + "]  SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
             fail(ex.getMessage());
         }
     }

     /**
      * Create trusted RBAC Session.  This API will attempt to activate all of the User's assigned Roles.
      *
      * @param userId  Case insensitive userId.
      */
     public static void createSessionTrusted(String userId)
     {
         String szLocation = ".createSessionTrusted";
         try
         {
             // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
             AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

             // The User entity is used to pass data into the createSession API.
             User user = new User(userId);

             // The API will verify User is good and perform Role activations.  Request will fail if User is locked out of ldap for any reason.
             Session session = accessMgr.createSession(user, true);

             // createSession will throw SecurityException if fails thus the Session should never be null.
             assertNotNull(session);
             LOG.info(szLocation + "  userId [" + userId + "] successful");
         }
         catch (SecurityException ex)
         {
             LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
             fail(ex.getMessage());
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.fortress.core.samples;

	import java.util.List;

	import junit.framework.Test;
	import junit.framework.TestCase;
	import junit.framework.TestSuite;

	import org.apache.directory.fortress.core.AccessMgr;
	import org.apache.directory.fortress.core.AccessMgrFactory;
	import org.apache.directory.fortress.core.GlobalErrIds;
	import org.apache.directory.fortress.core.PasswordException;
	import org.apache.directory.fortress.core.SecurityException;
	import org.apache.directory.fortress.core.impl.TestUtils;
	import org.apache.directory.fortress.core.model.Session;
	import org.apache.directory.fortress.core.model.User;
	import org.apache.directory.fortress.core.model.UserRole;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	/**
	* CreateSessionSample JUnit Test. Fortress Sessions are modeled on the RBAC specification. Each Session
	* may contain User attributes plus all of their activated Roles. The Session will also contain pw policy
	* and error status flags that were set during User's previous CreateSession invocation.
	*
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	*/
	public class CreateSessionSample extends TestCase
	{
	private static final String CLS_NM = CreateSessionSample.class.getName();
	private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );

	public CreateSessionSample(String name)
	{
	super(name);
	}

	/**
	* Run several Use cases that demonstrate RBAC Session creation attempts using common scenarios.
	* @return Test
	*/
	public static Test suite()
	{
	TestSuite suite = new TestSuite();
	suite.addTest(new CreateSessionSample("testCreateSession"));
	suite.addTest(new CreateSessionSample("testCreateSessionWithRole"));
	suite.addTest(new CreateSessionSample("testCreateSessionTrusted"));
	suite.addTest(new CreateSessionSample("testCreateSessionWithRolesTrusted"));
	return suite;
	}

	/**
	* This method is simple wrapper.
	*
	*/
	public void testCreateSession()
	{
	//createSession("oamuser1", "passw0rd1", 10);
	createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, 10);
	}

	/**
	* Another wrapper for create session with roles.
	*
	*/
	public void testCreateSessionWithRole()
	{
	//createSessionsWithRole(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE);
	createSessionsWithRole(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, CreateRoleSample.TEST_ROLE_PREFIX + "1");
	}

	/**
	* This wrapper will create a session passing roles without a password.
	*
	*/
	public void testCreateSessionWithRolesTrusted()
	{
	createSessionsWithRolesTrusted(CreateUserSample.TEST_USERID, new String[]{CreateRoleSample.TEST_ROLE_PREFIX + "1", CreateRoleSample.TEST_ROLE_PREFIX + "3", CreateRoleSample.TEST_ROLE_PREFIX + "4"}, 3);
	}

	/**
	* This wrapper will create a session without a password.
	*
	*/
	public void testCreateSessionTrusted()
	{
	createSessionTrusted(CreateUserSample.TEST_USERID);
	}

	/**
	* Calls AccessMgr createSession API. Will check to ensure the RBAC Session contains the expected number of Roles
	* activated.
	*
	* @param userId Case insensitive userId.
	* @param password Password is case sensitive, clear text but is stored in directory as hashed value.
	* @param expectedRoles integer contains the expected number of Roles in the Session.
	*/
	public static void createSession(String userId, String password, int expectedRoles)
	{
	String szLocation = ".createSession";
	try
	{
	// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
	AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

	// The User entity is used to pass data into the createSession API.
	User user = new User(userId, password);

	// This API will return a Session object that contains the User's activated Roles and other info.
	Session session = accessMgr.createSession(user, false);

	// createSession will throw SecurityException if fails thus the Session should never be null.
	assertNotNull(session);

	// Pull the userId from the Session.
	String sessUserId = accessMgr.getUserId(session);
	assertTrue(szLocation + " failed compare found userId in session [" + sessUserId + "] valid userId [" + userId + "]", userId.equalsIgnoreCase(sessUserId));

	// Get the User's activated Roles.
	List<UserRole> uRoles = session.getRoles();

	// do some validations
	assertNotNull(uRoles);
	assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, uRoles.size());
	// now try negative test case:
	try
	{
	// this better fail
	User userBad = new User(user.getUserId(), "badpw");

	// The API will authenticate the User password, evaluate password policies and perform Role activations.
	accessMgr.createSession(userBad, false);
	fail(szLocation + " userId [" + userId + "] failed negative test");
	}
	catch (PasswordException pe)
	{
	assertTrue(szLocation + " userId [" + userId + "] excep id check", pe.getErrorId() == GlobalErrIds.USER_PW_INVLD);
	// pass
	}
	catch (SecurityException se)
	{
	fail(szLocation + " userId [" + userId + "] failed with unexpected errorId" + se.getErrorId() + " msg=" + se.getMessage());
	// pass
	}
	LOG.info(szLocation + " userId [" + userId + "] successful");
	}
	catch (SecurityException ex)
	{
	LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
	fail(ex.getMessage());
	}
	}

	/**
	* Call the AccessMgr createSession API passing a single Role for activation. Successful RBAC Session should
	* contains same Role activated.
	*
	* @param userId Case insensitive userId.
	* @param password Password is case sensitive, clear text but is stored in directory as hashed value.
	* @param role contains role name of Role targeted for Activation.
	*/
	public static void createSessionsWithRole(String userId, String password, String role)
	{
	String szLocation = ".createSessionsWithRole";
	try
	{
	// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
	AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

	// The User entity is used to pass data into the createSession API.
	User user = new User(userId, password, role);

	// The API will authenticate the User password, evaluate password policies and perform Role activations.
	Session session = accessMgr.createSession(user, false);

	// createSession will throw SecurityException if fails thus the Session should never be null.
	assertNotNull(session);

	// do some validations
	// Get the User's activated Roles.
	List<UserRole> sessRoles = session.getRoles();
	assertTrue(szLocation + " userId [" + userId + "] with roles failed role check", sessRoles.contains(new UserRole(role)));
	LOG.info(szLocation + " userId [" + userId + "] successful");
	}
	catch (SecurityException ex)
	{
	LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
	fail(ex.getMessage());
	}
	}

	/**
	* Create RBAC Session and activated supplied Roles. This scenario perform authentication in trusted manner
	* which does not require User password.
	*
	* @param userId Case insensitive userId.
	* @param roles array of Role names to activate into RBAC Session.
	* @param expectedRoles integer contains the expected number of Roles in the Session.
	*/
	public static void createSessionsWithRolesTrusted(String userId, String[] roles, int expectedRoles)
	{
	String szLocation = ".createSessionsWithRolesTrusted";
	try
	{
	AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

	// The User entity is used to pass data into the createSession API.
	User user = new User(userId);

	// iterate over array of input Role names.
	for (String roleName : roles)
	{
	// Add the Role name to list of Roles to be activated on Session.
	user.setRoleName(roleName);
	}

	// The API will verify User is good and perform Role activations. Request will fail if User is locked out of ldap for any reason.
	Session session = accessMgr.createSession(user, true);

	// createSession will throw SecurityException if fails thus the Session should never be null.
	assertNotNull(session);

	// Get the User's activated Roles.
	List<UserRole> sessRoles = session.getRoles();

	// do some validations
	assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, sessRoles.size());
	for (String roleName : roles)
	{
	assertTrue(szLocation + " userId [" + userId + "] with roles trusted failed role check", sessRoles.contains(new UserRole(roleName)));
	}

	LOG.info(szLocation + " userId [" + userId + "] successful");
	}
	catch (SecurityException ex)
	{
	LOG.error(szLocation + " caught userId [" + userId + "] SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
	fail(ex.getMessage());
	}
	}

	/**
	* Create trusted RBAC Session. This API will attempt to activate all of the User's assigned Roles.
	*
	* @param userId Case insensitive userId.
	*/
	public static void createSessionTrusted(String userId)
	{
	String szLocation = ".createSessionTrusted";
	try
	{
	// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
	AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());

	// The User entity is used to pass data into the createSession API.
	User user = new User(userId);

	// The API will verify User is good and perform Role activations. Request will fail if User is locked out of ldap for any reason.
	Session session = accessMgr.createSession(user, true);

	// createSession will throw SecurityException if fails thus the Session should never be null.
	assertNotNull(session);
	LOG.info(szLocation + " userId [" + userId + "] successful");
	}
	catch (SecurityException ex)
	{
	LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
	fail(ex.getMessage());
	}
	}
	}