geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.geode.internal.cache.tier.sockets.command;

 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;

 import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;

 import org.apache.geode.CancelCriterion;
 import org.apache.geode.cache.AttributesFactory;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.internal.cache.LocalRegion;
 import org.apache.geode.internal.cache.tier.sockets.CacheServerStats;
 import org.apache.geode.internal.cache.tier.sockets.Message;
 import org.apache.geode.internal.cache.tier.sockets.Part;
 import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
 import org.apache.geode.internal.security.AuthorizeRequest;
 import org.apache.geode.internal.security.SecurityService;
 import org.apache.geode.internal.serialization.Version;
 import org.apache.geode.security.NotAuthorizedException;
 import org.apache.geode.security.ResourcePermission.Operation;
 import org.apache.geode.security.ResourcePermission.Resource;
 import org.apache.geode.test.junit.categories.ClientServerTest;

 @Category({ClientServerTest.class})
 public class CreateRegionTest {

   private static final String REGION_NAME = "region1";
   private static final String PARENT_REGION_NAME = "parent-region";

   @Mock
   private SecurityService securityService;
   @Mock
   private Message message;
   @Mock
   private ServerConnection serverConnection;
   @Mock
   private AuthorizeRequest authzRequest;
   @Mock
   private LocalRegion region;
   @Mock
   private LocalRegion parentRegion;
   @Mock
   private InternalCache cache;
   @Mock
   private Message errorResponseMessage;
   @Mock
   private Message responseMessage;
   @Mock
   private Part regionNamePart;
   @Mock
   private Part parentRegionNamePart;
   @InjectMocks
   private CreateRegion createRegion;

   @Before
   public void setUp() throws Exception {
     this.createRegion = new CreateRegion();
     MockitoAnnotations.initMocks(this);

     when(this.cache.getRegion(eq(PARENT_REGION_NAME))).thenReturn(this.parentRegion);
     when(this.cache.getCancelCriterion()).thenReturn(mock(CancelCriterion.class));

     when(this.message.getPart(eq(0))).thenReturn(this.parentRegionNamePart);
     when(this.message.getPart(eq(1))).thenReturn(this.regionNamePart);

     when(this.parentRegion.getAttributes()).thenReturn(new AttributesFactory().create());

     when(this.parentRegionNamePart.getCachedString()).thenReturn(PARENT_REGION_NAME);

     when(this.regionNamePart.getCachedString()).thenReturn(REGION_NAME);

     when(this.serverConnection.getCache()).thenReturn(this.cache);
     when(this.serverConnection.getAuthzRequest()).thenReturn(this.authzRequest);
     when(this.serverConnection.getCacheServerStats()).thenReturn(mock(CacheServerStats.class));
     when(this.serverConnection.getReplyMessage()).thenReturn(this.responseMessage);
     when(this.serverConnection.getErrorResponseMessage()).thenReturn(this.errorResponseMessage);
     when(this.serverConnection.getClientVersion()).thenReturn(Version.CURRENT);
   }

   @Test
   public void noSecurityShouldSucceed() throws Exception {
     when(this.securityService.isClientSecurityRequired()).thenReturn(false);

     this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

     verify(this.responseMessage).send(this.serverConnection);
   }

   @Test
   public void integratedSecurityShouldSucceedIfAuthorized() throws Exception {
     // arrange
     when(this.securityService.isClientSecurityRequired()).thenReturn(true);
     when(this.securityService.isIntegratedSecurity()).thenReturn(true);

     // act
     this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

     // assert
     verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
     verify(this.responseMessage).send(this.serverConnection);
   }

   @Test
   public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
     when(this.securityService.isClientSecurityRequired()).thenReturn(true);
     when(this.securityService.isIntegratedSecurity()).thenReturn(true);
     doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
         Operation.MANAGE);

     this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

     verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
     verify(this.errorResponseMessage).send(eq(this.serverConnection));
   }

   @Test
   public void oldSecurityShouldSucceedIfAuthorized() throws Exception {
     when(this.securityService.isClientSecurityRequired()).thenReturn(true);
     when(this.securityService.isIntegratedSecurity()).thenReturn(false);

     this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

     verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
     verify(this.responseMessage).send(this.serverConnection);
   }

   @Test
   public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
     when(this.securityService.isClientSecurityRequired()).thenReturn(true);
     when(this.securityService.isIntegratedSecurity()).thenReturn(false);
     doThrow(new NotAuthorizedException("")).when(this.authzRequest)
         .createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));

     this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

     verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
     verify(this.errorResponseMessage).send(eq(this.serverConnection));
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.geode.internal.cache.tier.sockets.command;

	import static org.mockito.ArgumentMatchers.eq;
	import static org.mockito.Mockito.doThrow;
	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.verify;
	import static org.mockito.Mockito.when;

	import org.junit.Before;
	import org.junit.Test;
	import org.junit.experimental.categories.Category;
	import org.mockito.InjectMocks;
	import org.mockito.Mock;
	import org.mockito.MockitoAnnotations;

	import org.apache.geode.CancelCriterion;
	import org.apache.geode.cache.AttributesFactory;
	import org.apache.geode.internal.cache.InternalCache;
	import org.apache.geode.internal.cache.LocalRegion;
	import org.apache.geode.internal.cache.tier.sockets.CacheServerStats;
	import org.apache.geode.internal.cache.tier.sockets.Message;
	import org.apache.geode.internal.cache.tier.sockets.Part;
	import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
	import org.apache.geode.internal.security.AuthorizeRequest;
	import org.apache.geode.internal.security.SecurityService;
	import org.apache.geode.internal.serialization.Version;
	import org.apache.geode.security.NotAuthorizedException;
	import org.apache.geode.security.ResourcePermission.Operation;
	import org.apache.geode.security.ResourcePermission.Resource;
	import org.apache.geode.test.junit.categories.ClientServerTest;

	@Category({ClientServerTest.class})
	public class CreateRegionTest {

	private static final String REGION_NAME = "region1";
	private static final String PARENT_REGION_NAME = "parent-region";

	@Mock
	private SecurityService securityService;
	@Mock
	private Message message;
	@Mock
	private ServerConnection serverConnection;
	@Mock
	private AuthorizeRequest authzRequest;
	@Mock
	private LocalRegion region;
	@Mock
	private LocalRegion parentRegion;
	@Mock
	private InternalCache cache;
	@Mock
	private Message errorResponseMessage;
	@Mock
	private Message responseMessage;
	@Mock
	private Part regionNamePart;
	@Mock
	private Part parentRegionNamePart;
	@InjectMocks
	private CreateRegion createRegion;

	@Before
	public void setUp() throws Exception {
	this.createRegion = new CreateRegion();
	MockitoAnnotations.initMocks(this);

	when(this.cache.getRegion(eq(PARENT_REGION_NAME))).thenReturn(this.parentRegion);
	when(this.cache.getCancelCriterion()).thenReturn(mock(CancelCriterion.class));

	when(this.message.getPart(eq(0))).thenReturn(this.parentRegionNamePart);
	when(this.message.getPart(eq(1))).thenReturn(this.regionNamePart);

	when(this.parentRegion.getAttributes()).thenReturn(new AttributesFactory().create());

	when(this.parentRegionNamePart.getCachedString()).thenReturn(PARENT_REGION_NAME);

	when(this.regionNamePart.getCachedString()).thenReturn(REGION_NAME);

	when(this.serverConnection.getCache()).thenReturn(this.cache);
	when(this.serverConnection.getAuthzRequest()).thenReturn(this.authzRequest);
	when(this.serverConnection.getCacheServerStats()).thenReturn(mock(CacheServerStats.class));
	when(this.serverConnection.getReplyMessage()).thenReturn(this.responseMessage);
	when(this.serverConnection.getErrorResponseMessage()).thenReturn(this.errorResponseMessage);
	when(this.serverConnection.getClientVersion()).thenReturn(Version.CURRENT);
	}

	@Test
	public void noSecurityShouldSucceed() throws Exception {
	when(this.securityService.isClientSecurityRequired()).thenReturn(false);

	this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

	verify(this.responseMessage).send(this.serverConnection);
	}

	@Test
	public void integratedSecurityShouldSucceedIfAuthorized() throws Exception {
	// arrange
	when(this.securityService.isClientSecurityRequired()).thenReturn(true);
	when(this.securityService.isIntegratedSecurity()).thenReturn(true);

	// act
	this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

	// assert
	verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
	verify(this.responseMessage).send(this.serverConnection);
	}

	@Test
	public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
	when(this.securityService.isClientSecurityRequired()).thenReturn(true);
	when(this.securityService.isIntegratedSecurity()).thenReturn(true);
	doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
	Operation.MANAGE);

	this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

	verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
	verify(this.errorResponseMessage).send(eq(this.serverConnection));
	}

	@Test
	public void oldSecurityShouldSucceedIfAuthorized() throws Exception {
	when(this.securityService.isClientSecurityRequired()).thenReturn(true);
	when(this.securityService.isIntegratedSecurity()).thenReturn(false);

	this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

	verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
	verify(this.responseMessage).send(this.serverConnection);
	}

	@Test
	public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
	when(this.securityService.isClientSecurityRequired()).thenReturn(true);
	when(this.securityService.isIntegratedSecurity()).thenReturn(false);
	doThrow(new NotAuthorizedException("")).when(this.authzRequest)
	.createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));

	this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);

	verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
	verify(this.errorResponseMessage).send(eq(this.serverConnection));
	}

	}