Google Git
Sign in
apache / jackrabbit-oak / 89773459d65d1753f05feecbae18333d42e4d775 / . / trunk / oak-core / src / test / java / org / apache / jackrabbit / oak / security / authorization / permission / PermissionEntryProviderImplTest.java
blob: d4239bb8b63ef4faca1556a96f43474da46b41c5 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertTrue;
public class PermissionEntryProviderImplTest {
private final String GROUP_LONG_MAX = "groupLongMax";
private final String GROUP_LONG_MAX_MINUS_10 = "groupLongMaxMinus10";
private final String GROUP_50 = "group50";
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-2465">OAK-2465</a>
*/
@Test
public void testInitLongOverflow() throws Exception {
MockPermissionStore store = new MockPermissionStore();
Set<String> principalNames = ImmutableSet.of(GROUP_LONG_MAX);
/*
create a new PermissionEntryProviderImpl to have it's #init() method
called, which may trigger the cache to be pre-filled if the max number
if entries is not exceeded -> in case of PermissionStore#getNumEntries
return Long.MAX_VALUE the cache should not be filled (-> the mock-cache
implementation will fail.
*/
PermissionEntryProviderImpl provider = new PermissionEntryProviderImpl(store, principalNames, ConfigurationParameters.EMPTY);
// test that PermissionEntryProviderImpl.noExistingNames nevertheless is
// properly set
assertFalse(getNoExistingNames(provider));
assertNotSame(Collections.emptyIterator(), provider.getEntryIterator(new EntryPredicate()));
}
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-2465">OAK-2465</a>
*/
@Test
public void testInitLongOverflow2() throws Exception {
MockPermissionStore store = new MockPermissionStore();
Set<String> principalNames = ImmutableSet.of(GROUP_LONG_MAX_MINUS_10, GROUP_50);
/*
create a new PermissionEntryProviderImpl to have it's #init() method
called, which may trigger the cache to be pre-filled if the max number
if entries is not exceeded -> still counting up the number of permission
entries must deal with the fact that the counter may become bigger that
Long.MAX_VALUE
*/
PermissionEntryProviderImpl provider = new PermissionEntryProviderImpl(store, principalNames, ConfigurationParameters.EMPTY);
assertFalse(getNoExistingNames(provider));
assertNotSame(Collections.emptyIterator(), provider.getEntryIterator(new EntryPredicate()));
}
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-2465">OAK-2465</a>
*/
@Test
public void testExistingNamesAndLongOverFlow() throws Exception {
MockPermissionStore store = new MockPermissionStore();
Set<String> principalNames = Sets.newHashSet(GROUP_LONG_MAX_MINUS_10, GROUP_50, "noEntries");
/*
same as before but principal-set contains a name for which not entries exist
*/
PermissionEntryProviderImpl provider = new PermissionEntryProviderImpl(store, principalNames, ConfigurationParameters.EMPTY);
assertFalse(getNoExistingNames(provider));
}
@Test
public void testNoExistingName() throws Exception {
MockPermissionStore store = new MockPermissionStore();
Set<String> principalNames = Sets.newHashSet("noEntries", "noEntries2", "noEntries3");
PermissionEntryProviderImpl provider = new PermissionEntryProviderImpl(store, principalNames, ConfigurationParameters.EMPTY);
assertTrue(getNoExistingNames(provider));
}
/**
* Use reflection to access the private "existingNames" field storing the
* names of those principals associated with the entry provider for which
* any permission entries exist.
*
* @param provider The permission entry provider
* @return the existingNames set.
* @throws Exception
*/
private static boolean getNoExistingNames(@NotNull PermissionEntryProviderImpl provider) throws Exception {
Field noExistingNamesField = provider.getClass().getDeclaredField("noExistingNames");
noExistingNamesField.setAccessible(true);
return (boolean) noExistingNamesField.get(provider);
}
// Inner Classes
private class MockPermissionStore implements PermissionStore {
@Nullable
@Override
public Collection<PermissionEntry> load(
@NotNull String principalName,
@NotNull String path) {
return null;
}
@NotNull
@Override
public PrincipalPermissionEntries load(@NotNull String principalName) {
return new PrincipalPermissionEntries();
}
@NotNull
@Override
public NumEntries getNumEntries(@NotNull String principalName, long max) {
long cnt = 0;
switch (principalName) {
case GROUP_LONG_MAX_MINUS_10:
cnt = Long.MAX_VALUE - 10;
break;
case GROUP_50:
cnt = 50;
break;
case GROUP_LONG_MAX:
cnt = Long.MAX_VALUE;
break;
}
return NumEntries.valueOf(cnt, true);
}
public void flush(@NotNull Root root) {
}
}
}