oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.security.authorization;

 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlImporter;
 import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidatorProvider;
 import org.apache.jackrabbit.oak.security.authorization.permission.MountPermissionProvider;
 import org.apache.jackrabbit.oak.security.authorization.permission.PermissionHook;
 import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl;
 import org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreValidatorProvider;
 import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
 import org.apache.jackrabbit.oak.security.authorization.permission.VersionablePathHook;
 import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
 import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
 import org.junit.Rule;
 import org.junit.Test;

 import java.lang.reflect.Field;
 import java.util.List;
 import java.util.Map;

 import static org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants.PARAM_ADMINISTRATIVE_PRINCIPALS;
 import static org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants.PARAM_READ_PATHS;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;

 public class AuthorizationConfigurationImplOSGiTest extends AbstractSecurityTest {

     @Rule
     public final OsgiContext context = new OsgiContext();

     private AuthorizationConfigurationImpl authorizationConfiguration;

     private MountInfoProvider mip;

     @Override
     public void before() throws Exception {
         super.before();

         authorizationConfiguration =  new AuthorizationConfigurationImpl(getSecurityProvider());
         authorizationConfiguration.setTreeProvider(getTreeProvider());
         authorizationConfiguration.setRootProvider(getRootProvider());

         mip = when(mock(MountInfoProvider.class).hasNonDefaultMounts()).thenReturn(true).getMock();
         context.registerService(MountInfoProvider.class, mip);

         Map options = ImmutableMap.of(PARAM_ADMINISTRATIVE_PRINCIPALS, "administrators");
         context.registerInjectActivateService(authorizationConfiguration, options);
     }

     @Test
     public void testGetParameters() {
         ConfigurationParameters params = authorizationConfiguration.getParameters();
         assertEquals("administrators", params.getConfigValue(PARAM_ADMINISTRATIVE_PRINCIPALS, "undefined"));
         assertEquals(PermissionConstants.DEFAULT_READ_PATHS, params.getConfigValue(PARAM_READ_PATHS, ImmutableSet.of()));
     }

     @Test
     public void testGetName() {
         assertEquals(AuthorizationConfiguration.NAME, authorizationConfiguration.getName());
     }

     @Test
     public void testGetContext() {
         assertSame(AuthorizationContext.getInstance(), authorizationConfiguration.getContext());
     }

     @Test
     public void testGetWorkspaceInitializer() {
         assertTrue(authorizationConfiguration.getWorkspaceInitializer() instanceof AuthorizationInitializer);
     }

     @Test
     public void testGetCommitHooks() {
         List<Class> expected = ImmutableList.of(VersionablePathHook.class, PermissionHook.class);
         assertTrue(Iterables.elementsEqual(expected, Iterables.transform(authorizationConfiguration.getCommitHooks(adminSession.getWorkspaceName()), commitHook -> commitHook.getClass())));
     }

     @Test
     public void testGetValidators() {
         List<Class> expected = ImmutableList.of(PermissionStoreValidatorProvider.class, PermissionValidatorProvider.class, AccessControlValidatorProvider.class);
         assertTrue(Iterables.elementsEqual(expected, Iterables.transform(authorizationConfiguration.getValidators(adminSession.getWorkspaceName(), ImmutableSet.of(), new MoveTracker()), commitHook -> commitHook.getClass())));
     }

     @Test
     public void testGetProtectedItemImporters() {
         List<ProtectedItemImporter> importers = authorizationConfiguration.getProtectedItemImporters();
         assertEquals(1, importers.size());
         assertTrue(importers.get(0) instanceof AccessControlImporter);
     }

     @Test
     public void testDefaultMountInfoProvider() {
         AuthorizationConfigurationImpl ac = new AuthorizationConfigurationImpl(getSecurityProvider());
         ac.setRootProvider(getRootProvider());
         ac.setTreeProvider(getTreeProvider());

         PermissionProvider pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
         assertTrue(pp instanceof PermissionProviderImpl);
     }

     @Test
     public void testBindMountInfoProvider() {
         PermissionProvider pp = authorizationConfiguration.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
         assertTrue(pp instanceof MountPermissionProvider);
     }

     @Test
     public void testUnbindMountInfoProvider() throws Exception {
         authorizationConfiguration.unbindMountInfoProvider(mip);

         Field f = AuthorizationConfigurationImpl.class.getDeclaredField("mountInfoProvider");
         f.setAccessible(true);

         assertNull(f.get(authorizationConfiguration));
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.security.authorization;

	import com.google.common.collect.ImmutableList;
	import com.google.common.collect.ImmutableMap;
	import com.google.common.collect.ImmutableSet;
	import com.google.common.collect.Iterables;
	import org.apache.jackrabbit.oak.AbstractSecurityTest;
	import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlImporter;
	import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidatorProvider;
	import org.apache.jackrabbit.oak.security.authorization.permission.MountPermissionProvider;
	import org.apache.jackrabbit.oak.security.authorization.permission.PermissionHook;
	import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl;
	import org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreValidatorProvider;
	import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
	import org.apache.jackrabbit.oak.security.authorization.permission.VersionablePathHook;
	import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
	import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
	import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
	import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
	import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
	import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
	import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
	import org.junit.Rule;
	import org.junit.Test;

	import java.lang.reflect.Field;
	import java.util.List;
	import java.util.Map;

	import static org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants.PARAM_ADMINISTRATIVE_PRINCIPALS;
	import static org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants.PARAM_READ_PATHS;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertNull;
	import static org.junit.Assert.assertSame;
	import static org.junit.Assert.assertTrue;
	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.when;

	public class AuthorizationConfigurationImplOSGiTest extends AbstractSecurityTest {

	@Rule
	public final OsgiContext context = new OsgiContext();

	private AuthorizationConfigurationImpl authorizationConfiguration;

	private MountInfoProvider mip;

	@Override
	public void before() throws Exception {
	super.before();

	authorizationConfiguration = new AuthorizationConfigurationImpl(getSecurityProvider());
	authorizationConfiguration.setTreeProvider(getTreeProvider());
	authorizationConfiguration.setRootProvider(getRootProvider());

	mip = when(mock(MountInfoProvider.class).hasNonDefaultMounts()).thenReturn(true).getMock();
	context.registerService(MountInfoProvider.class, mip);

	Map options = ImmutableMap.of(PARAM_ADMINISTRATIVE_PRINCIPALS, "administrators");
	context.registerInjectActivateService(authorizationConfiguration, options);
	}

	@Test
	public void testGetParameters() {
	ConfigurationParameters params = authorizationConfiguration.getParameters();
	assertEquals("administrators", params.getConfigValue(PARAM_ADMINISTRATIVE_PRINCIPALS, "undefined"));
	assertEquals(PermissionConstants.DEFAULT_READ_PATHS, params.getConfigValue(PARAM_READ_PATHS, ImmutableSet.of()));
	}

	@Test
	public void testGetName() {
	assertEquals(AuthorizationConfiguration.NAME, authorizationConfiguration.getName());
	}

	@Test
	public void testGetContext() {
	assertSame(AuthorizationContext.getInstance(), authorizationConfiguration.getContext());
	}

	@Test
	public void testGetWorkspaceInitializer() {
	assertTrue(authorizationConfiguration.getWorkspaceInitializer() instanceof AuthorizationInitializer);
	}

	@Test
	public void testGetCommitHooks() {
	List<Class> expected = ImmutableList.of(VersionablePathHook.class, PermissionHook.class);
	assertTrue(Iterables.elementsEqual(expected, Iterables.transform(authorizationConfiguration.getCommitHooks(adminSession.getWorkspaceName()), commitHook -> commitHook.getClass())));
	}

	@Test
	public void testGetValidators() {
	List<Class> expected = ImmutableList.of(PermissionStoreValidatorProvider.class, PermissionValidatorProvider.class, AccessControlValidatorProvider.class);
	assertTrue(Iterables.elementsEqual(expected, Iterables.transform(authorizationConfiguration.getValidators(adminSession.getWorkspaceName(), ImmutableSet.of(), new MoveTracker()), commitHook -> commitHook.getClass())));
	}

	@Test
	public void testGetProtectedItemImporters() {
	List<ProtectedItemImporter> importers = authorizationConfiguration.getProtectedItemImporters();
	assertEquals(1, importers.size());
	assertTrue(importers.get(0) instanceof AccessControlImporter);
	}

	@Test
	public void testDefaultMountInfoProvider() {
	AuthorizationConfigurationImpl ac = new AuthorizationConfigurationImpl(getSecurityProvider());
	ac.setRootProvider(getRootProvider());
	ac.setTreeProvider(getTreeProvider());

	PermissionProvider pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
	assertTrue(pp instanceof PermissionProviderImpl);
	}

	@Test
	public void testBindMountInfoProvider() {
	PermissionProvider pp = authorizationConfiguration.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
	assertTrue(pp instanceof MountPermissionProvider);
	}

	@Test
	public void testUnbindMountInfoProvider() throws Exception {
	authorizationConfiguration.unbindMountInfoProvider(mip);

	Field f = AuthorizationConfigurationImpl.class.getDeclaredField("mountInfoProvider");
	f.setAccessible(true);

	assertNull(f.get(authorizationConfiguration));
	}
	}