core/src/test/java/org/apache/ki/mgt/DefaultSecurityManagerTest.java - jsecurity - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.ki.mgt;

 import java.io.Serializable;

 import org.junit.After;
 import static org.junit.Assert.*;
 import org.junit.Before;
 import org.junit.Test;

 import org.apache.ki.SecurityUtils;
 import org.apache.ki.authc.AuthenticationToken;
 import org.apache.ki.authc.UsernamePasswordToken;
 import org.apache.ki.realm.text.PropertiesRealm;
 import org.apache.ki.session.Session;
 import org.apache.ki.session.mgt.AbstractValidatingSessionManager;
 import org.apache.ki.subject.Subject;
 import org.apache.ki.util.ThreadContext;


 /**
  * @author Les Hazlewood
  * @since 0.2
  */
 public class DefaultSecurityManagerTest {

     DefaultSecurityManager sm = null;

     @Before
     public void setup() {
         ThreadContext.clear();
         sm = new DefaultSecurityManager();
         sm.setRealm(new PropertiesRealm());
         SecurityUtils.setSecurityManager(sm);
     }

     @After
     public void tearDown() {
         SecurityUtils.setSecurityManager(null);
         sm.destroy();
         ThreadContext.clear();
     }

     @Test
     public void testDefaultConfig() {
         Subject subject = SecurityUtils.getSubject();

         AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
         subject.login(token);
         assertTrue(subject.isAuthenticated());
         assertTrue("guest".equals(subject.getPrincipal()));
         assertTrue(subject.hasRole("guest"));

         Session session = subject.getSession();
         session.setAttribute("key", "value");
         assertEquals(session.getAttribute("key"), "value");

         subject.logout();

         assertNull(subject.getSession(false));
         assertNull(subject.getPrincipal());
         assertNull(subject.getPrincipals());
     }

     /**
      * Test that validates functionality for issue
      * <a href="https://issues.apache.org/jira/browse/JSEC-46">JSEC-46</a>
      */
     @Test
     public void testAutoCreateSessionAfterInvalidation() {
         Subject subject = SecurityUtils.getSubject();
         Session session = subject.getSession();
         Serializable origSessionId = session.getId();

         String key = "foo";
         String value1 = "bar";
         session.setAttribute(key, value1);
         assertEquals(value1, session.getAttribute(key) );

         //now test auto creation:
         session.setTimeout(100);
         try {
             Thread.sleep(150);
         } catch (InterruptedException e) {
             //ignored
         }
         session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
         Serializable newSessionId = session.getId();
         assertFalse(origSessionId.equals(newSessionId));

         Object aValue = session.getAttribute(key);
         assertNull(aValue);
     }

     /**
      * Test that validates functionality for issue
      * <a href="https://issues.apache.org/jira/browse/JSEC-22">JSEC-22</a>
      */
     @Test
     public void testSubjectReuseAfterLogout() {

         Subject subject = SecurityUtils.getSubject();

         AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
         subject.login(token);
         assertTrue(subject.isAuthenticated());
         assertTrue("guest".equals(subject.getPrincipal()));
         assertTrue(subject.hasRole("guest"));

         Session session = subject.getSession();
         Serializable firstSessionId = session.getId();

         session.setAttribute("key", "value");
         assertEquals(session.getAttribute("key"), "value");

         subject.logout();

         assertNull(subject.getSession(false));
         assertNull(subject.getPrincipal());
         assertNull(subject.getPrincipals());

         subject.login( new UsernamePasswordToken("lonestarr", "vespa") );
         assertTrue(subject.isAuthenticated());
         assertTrue("lonestarr".equals(subject.getPrincipal()));
         assertTrue(subject.hasRole("goodguy") );

         assertNotNull( subject.getSession() );
         assertFalse( firstSessionId.equals(subject.getSession().getId() ) );

         subject.logout();

         assertNull(subject.getSession(false));
         assertNull(subject.getPrincipal());
         assertNull(subject.getPrincipals());

     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.ki.mgt;

	import java.io.Serializable;

	import org.junit.After;
	import static org.junit.Assert.*;
	import org.junit.Before;
	import org.junit.Test;

	import org.apache.ki.SecurityUtils;
	import org.apache.ki.authc.AuthenticationToken;
	import org.apache.ki.authc.UsernamePasswordToken;
	import org.apache.ki.realm.text.PropertiesRealm;
	import org.apache.ki.session.Session;
	import org.apache.ki.session.mgt.AbstractValidatingSessionManager;
	import org.apache.ki.subject.Subject;
	import org.apache.ki.util.ThreadContext;


	/**
	* @author Les Hazlewood
	* @since 0.2
	*/
	public class DefaultSecurityManagerTest {

	DefaultSecurityManager sm = null;

	@Before
	public void setup() {
	ThreadContext.clear();
	sm = new DefaultSecurityManager();
	sm.setRealm(new PropertiesRealm());
	SecurityUtils.setSecurityManager(sm);
	}

	@After
	public void tearDown() {
	SecurityUtils.setSecurityManager(null);
	sm.destroy();
	ThreadContext.clear();
	}

	@Test
	public void testDefaultConfig() {
	Subject subject = SecurityUtils.getSubject();

	AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
	subject.login(token);
	assertTrue(subject.isAuthenticated());
	assertTrue("guest".equals(subject.getPrincipal()));
	assertTrue(subject.hasRole("guest"));

	Session session = subject.getSession();
	session.setAttribute("key", "value");
	assertEquals(session.getAttribute("key"), "value");

	subject.logout();

	assertNull(subject.getSession(false));
	assertNull(subject.getPrincipal());
	assertNull(subject.getPrincipals());
	}

	/**
	* Test that validates functionality for issue
	* <a href="https://issues.apache.org/jira/browse/JSEC-46">JSEC-46</a>
	*/
	@Test
	public void testAutoCreateSessionAfterInvalidation() {
	Subject subject = SecurityUtils.getSubject();
	Session session = subject.getSession();
	Serializable origSessionId = session.getId();

	String key = "foo";
	String value1 = "bar";
	session.setAttribute(key, value1);
	assertEquals(value1, session.getAttribute(key) );

	//now test auto creation:
	session.setTimeout(100);
	try {
	Thread.sleep(150);
	} catch (InterruptedException e) {
	//ignored
	}
	session.setTimeout(AbstractValidatingSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT);
	Serializable newSessionId = session.getId();
	assertFalse(origSessionId.equals(newSessionId));

	Object aValue = session.getAttribute(key);
	assertNull(aValue);
	}

	/**
	* Test that validates functionality for issue
	* <a href="https://issues.apache.org/jira/browse/JSEC-22">JSEC-22</a>
	*/
	@Test
	public void testSubjectReuseAfterLogout() {

	Subject subject = SecurityUtils.getSubject();

	AuthenticationToken token = new UsernamePasswordToken("guest", "guest");
	subject.login(token);
	assertTrue(subject.isAuthenticated());
	assertTrue("guest".equals(subject.getPrincipal()));
	assertTrue(subject.hasRole("guest"));

	Session session = subject.getSession();
	Serializable firstSessionId = session.getId();

	session.setAttribute("key", "value");
	assertEquals(session.getAttribute("key"), "value");

	subject.logout();

	assertNull(subject.getSession(false));
	assertNull(subject.getPrincipal());
	assertNull(subject.getPrincipals());

	subject.login( new UsernamePasswordToken("lonestarr", "vespa") );
	assertTrue(subject.isAuthenticated());
	assertTrue("lonestarr".equals(subject.getPrincipal()));
	assertTrue(subject.hasRole("goodguy") );

	assertNotNull( subject.getSession() );
	assertFalse( firstSessionId.equals(subject.getSession().getId() ) );

	subject.logout();

	assertNull(subject.getSession(false));
	assertNull(subject.getPrincipal());
	assertNull(subject.getPrincipals());

	}
	}