oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalBasedAuthorizationConfigurationOsgiTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

 import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
 import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
 import org.apache.jackrabbit.oak.composite.MountInfoProviderService;
 import org.apache.jackrabbit.oak.plugins.tree.impl.RootProviderService;
 import org.apache.jackrabbit.oak.plugins.tree.impl.TreeProviderService;
 import org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl;
 import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
 import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
 import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl;
 import org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration;
 import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
 import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregationFilter;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.stats.StatisticsProvider;
 import org.apache.jackrabbit.util.Text;
 import org.apache.sling.testing.mock.osgi.ReferenceViolationException;
 import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
 import org.junit.Rule;
 import org.junit.Test;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;

 public class PrincipalBasedAuthorizationConfigurationOsgiTest extends AbstractPrincipalBasedTest {

     @Rule
     public final OsgiContext context = new OsgiContext();

     private final PrincipalBasedAuthorizationConfiguration pbac = new PrincipalBasedAuthorizationConfiguration();

     @Test(expected = ReferenceViolationException.class)
     public void testMissingMandatoryReferences() {
         context.registerInjectActivateService(pbac, ImmutableMap.of());
     }

     @Test(expected = ReferenceViolationException.class)
     public void testMissingMountInfoProviderReference() {
         context.registerInjectActivateService(new FilterProviderImpl(), ImmutableMap.of("path", SUPPORTED_PATH));
         context.registerInjectActivateService(pbac);
     }

     @Test(expected = ReferenceViolationException.class)
     public void testMissingFilterProviderReference() {
         context.registerInjectActivateService(new MountInfoProviderService());
         context.registerInjectActivateService(pbac, ImmutableMap.of());
     }

     @Test
     public void testMountCollidingWithFilterRoot() {
         FilterProviderImpl fp = new FilterProviderImpl();
         context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

         MountInfoProviderService mipService = new MountInfoProviderService();
         context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {SUPPORTED_PATH + "/some/subtree", "/etc"}));

         try {
             context.registerInjectActivateService(pbac, ImmutableMap.of());
         } catch (RuntimeException e) {
             assertTrue(e.getCause() instanceof IllegalStateException);
         }
     }

     @Test
     public void testMountMatchingFilterRoot() {
         FilterProviderImpl fp = new FilterProviderImpl();
         context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

         MountInfoProviderService mipService = new MountInfoProviderService();
         context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {SUPPORTED_PATH}));

         context.registerInjectActivateService(pbac, ImmutableMap.of());
     }

     @Test
     public void testMountAboveFilterRoot() {
         FilterProviderImpl fp = new FilterProviderImpl();
         context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

         MountInfoProviderService mipService = new MountInfoProviderService();
         context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {Text.getRelativeParent(SUPPORTED_PATH, 1)}));

         context.registerInjectActivateService(pbac, ImmutableMap.of());
     }

     @Test
     public void testMountsElsewhere() {
         FilterProviderImpl fp = new FilterProviderImpl();
         context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

         MountInfoProviderService mipService = new MountInfoProviderService();
         context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {"/etc", "/var/some/mount", UserConstants.DEFAULT_GROUP_PATH}));

         context.registerInjectActivateService(pbac, ImmutableMap.of());
     }

     @Test
     public void testEnableAggregationFilter() throws Exception {
         context.registerInjectActivateService(new FilterProviderImpl(), ImmutableMap.of("path", SUPPORTED_PATH));
         context.registerInjectActivateService(new MountInfoProviderService(), ImmutableMap.of("mountedPaths", new String[] {"/etc", "/var/some/mount", UserConstants.DEFAULT_GROUP_PATH}));

         context.registerInjectActivateService(pbac, ImmutableMap.of(Constants.PARAM_ENABLE_AGGREGATION_FILTER, true));
         assertNotNull(context.getService(AggregationFilter.class));

         context.registerInjectActivateService(new AuthorizationConfigurationImpl());
         context.registerInjectActivateService(new AuthenticationConfigurationImpl());
         context.registerInjectActivateService(new UserConfigurationImpl());
         context.registerInjectActivateService(new PrivilegeConfigurationImpl());
         context.registerInjectActivateService(new PrincipalConfigurationImpl());
         context.registerInjectActivateService(new RootProviderService());
         context.registerInjectActivateService(new TreeProviderService());
         context.registerService(StatisticsProvider.class, StatisticsProvider.NOOP);

         context.registerInjectActivateService(new SecurityProviderRegistration(), ImmutableMap.of("requiredServicePids", new String[0]));
         SecurityProvider securityProvider = context.getService(SecurityProvider.class);
         assertNotNull(securityProvider);

         AuthorizationConfiguration ac = securityProvider.getConfiguration(AuthorizationConfiguration.class);
         assertTrue(ac instanceof CompositeAuthorizationConfiguration);
         assertEquals(2, ((CompositeAuthorizationConfiguration) ac).getConfigurations().size());

         PermissionProvider pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(getTestSystemUser().getPrincipal()));
         assertTrue(pp instanceof PrincipalBasedPermissionProvider);

         pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(getTestUser().getPrincipal()));
         assertTrue(pp instanceof PermissionProviderImpl);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

	import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
	import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
	import org.apache.jackrabbit.oak.composite.MountInfoProviderService;
	import org.apache.jackrabbit.oak.plugins.tree.impl.RootProviderService;
	import org.apache.jackrabbit.oak.plugins.tree.impl.TreeProviderService;
	import org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl;
	import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
	import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
	import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl;
	import org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration;
	import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
	import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
	import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
	import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
	import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregationFilter;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
	import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
	import org.apache.jackrabbit.oak.stats.StatisticsProvider;
	import org.apache.jackrabbit.util.Text;
	import org.apache.sling.testing.mock.osgi.ReferenceViolationException;
	import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
	import org.junit.Rule;
	import org.junit.Test;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertTrue;

	public class PrincipalBasedAuthorizationConfigurationOsgiTest extends AbstractPrincipalBasedTest {

	@Rule
	public final OsgiContext context = new OsgiContext();

	private final PrincipalBasedAuthorizationConfiguration pbac = new PrincipalBasedAuthorizationConfiguration();

	@Test(expected = ReferenceViolationException.class)
	public void testMissingMandatoryReferences() {
	context.registerInjectActivateService(pbac, ImmutableMap.of());
	}

	@Test(expected = ReferenceViolationException.class)
	public void testMissingMountInfoProviderReference() {
	context.registerInjectActivateService(new FilterProviderImpl(), ImmutableMap.of("path", SUPPORTED_PATH));
	context.registerInjectActivateService(pbac);
	}

	@Test(expected = ReferenceViolationException.class)
	public void testMissingFilterProviderReference() {
	context.registerInjectActivateService(new MountInfoProviderService());
	context.registerInjectActivateService(pbac, ImmutableMap.of());
	}

	@Test
	public void testMountCollidingWithFilterRoot() {
	FilterProviderImpl fp = new FilterProviderImpl();
	context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

	MountInfoProviderService mipService = new MountInfoProviderService();
	context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {SUPPORTED_PATH + "/some/subtree", "/etc"}));

	try {
	context.registerInjectActivateService(pbac, ImmutableMap.of());
	} catch (RuntimeException e) {
	assertTrue(e.getCause() instanceof IllegalStateException);
	}
	}

	@Test
	public void testMountMatchingFilterRoot() {
	FilterProviderImpl fp = new FilterProviderImpl();
	context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

	MountInfoProviderService mipService = new MountInfoProviderService();
	context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {SUPPORTED_PATH}));

	context.registerInjectActivateService(pbac, ImmutableMap.of());
	}

	@Test
	public void testMountAboveFilterRoot() {
	FilterProviderImpl fp = new FilterProviderImpl();
	context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

	MountInfoProviderService mipService = new MountInfoProviderService();
	context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {Text.getRelativeParent(SUPPORTED_PATH, 1)}));

	context.registerInjectActivateService(pbac, ImmutableMap.of());
	}

	@Test
	public void testMountsElsewhere() {
	FilterProviderImpl fp = new FilterProviderImpl();
	context.registerInjectActivateService(fp, ImmutableMap.of("path", SUPPORTED_PATH));

	MountInfoProviderService mipService = new MountInfoProviderService();
	context.registerInjectActivateService(mipService, ImmutableMap.of("mountedPaths", new String[] {"/etc", "/var/some/mount", UserConstants.DEFAULT_GROUP_PATH}));

	context.registerInjectActivateService(pbac, ImmutableMap.of());
	}

	@Test
	public void testEnableAggregationFilter() throws Exception {
	context.registerInjectActivateService(new FilterProviderImpl(), ImmutableMap.of("path", SUPPORTED_PATH));
	context.registerInjectActivateService(new MountInfoProviderService(), ImmutableMap.of("mountedPaths", new String[] {"/etc", "/var/some/mount", UserConstants.DEFAULT_GROUP_PATH}));

	context.registerInjectActivateService(pbac, ImmutableMap.of(Constants.PARAM_ENABLE_AGGREGATION_FILTER, true));
	assertNotNull(context.getService(AggregationFilter.class));

	context.registerInjectActivateService(new AuthorizationConfigurationImpl());
	context.registerInjectActivateService(new AuthenticationConfigurationImpl());
	context.registerInjectActivateService(new UserConfigurationImpl());
	context.registerInjectActivateService(new PrivilegeConfigurationImpl());
	context.registerInjectActivateService(new PrincipalConfigurationImpl());
	context.registerInjectActivateService(new RootProviderService());
	context.registerInjectActivateService(new TreeProviderService());
	context.registerService(StatisticsProvider.class, StatisticsProvider.NOOP);

	context.registerInjectActivateService(new SecurityProviderRegistration(), ImmutableMap.of("requiredServicePids", new String[0]));
	SecurityProvider securityProvider = context.getService(SecurityProvider.class);
	assertNotNull(securityProvider);

	AuthorizationConfiguration ac = securityProvider.getConfiguration(AuthorizationConfiguration.class);
	assertTrue(ac instanceof CompositeAuthorizationConfiguration);
	assertEquals(2, ((CompositeAuthorizationConfiguration) ac).getConfigurations().size());

	PermissionProvider pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(getTestSystemUser().getPrincipal()));
	assertTrue(pp instanceof PrincipalBasedPermissionProvider);

	pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(getTestUser().getPrincipal()));
	assertTrue(pp instanceof PermissionProviderImpl);
	}
	}