juddi-core/src/test/java/org/apache/juddi/api/impl/API_180_RbacSecurityTest.java

/*
 * Copyright 2019 The Apache Software Foundation.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.juddi.api.impl;

import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.Registry;
import org.apache.juddi.api.impl.mock.WebServiceContextMock;
import org.apache.juddi.api_v3.AccessLevel;
import org.apache.juddi.api_v3.Action;
import org.apache.juddi.api_v3.GetPermissionsMessageRequest;
import org.apache.juddi.api_v3.GetPermissionsMessageResponse;
import org.apache.juddi.api_v3.*;
import org.apache.juddi.api_v3.SetPermissionsMessageRequest;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.security.AccessControlFactory;
import org.apache.juddi.security.rbac.RbacRulesModel;
import org.apache.juddi.security.rbac.RoleBasedAccessControlImpl;
import org.apache.juddi.v3.tck.TckBusiness;
import org.apache.juddi.v3.tck.TckFindEntity;
import org.apache.juddi.v3.tck.TckPublisher;
import org.apache.juddi.v3.tck.TckTModel;

import org.junit.Assert;

import org.apache.juddi.v3.tck.TckSecurity;

import org.apache.juddi.v3.tck.TckSubscription;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.uddi.api_v3.TModel;
import org.uddi.v3_service.UDDISecurityPortType;

/**
 *
 * @author Alex O'Ree
 */
public class API_180_RbacSecurityTest {

    private static final Log logger = LogFactory.getLog(API_010_PublisherTest.class);

    private static void grant(AccessLevel accessLevel, List<String> keys, String user) throws Exception {
        JUDDIApiImpl publisher = new JUDDIApiImpl();
        SetPermissionsMessageRequest req = new SetPermissionsMessageRequest();
        req.setAuthInfo(authInfoUDDI);
        for (String key : keys) {

            Permission level = new Permission();
            level.setAction(Action.ADD);
            level.setEntityId(key);
            level.setLevel(accessLevel);
            level.setTarget(user);
            level.setType(null);
            req.getLevel().add(level);
        }
        SetPermissionsMessageResponse response = publisher.setPermissions(req);
    }

    private JUDDIApiImpl publisher = new JUDDIApiImpl();
    private UDDISecurityPortType security = new UDDISecurityImpl();
    private static TckSubscription tckSubscription = new TckSubscription(new UDDISubscriptionImpl(), new UDDISecurityImpl(), new UDDIInquiryImpl());

    private static API_010_PublisherTest api010 = new API_010_PublisherTest();
    private static TckTModel tckTModel = new TckTModel(new UDDIPublicationImpl(), new UDDIInquiryImpl());
    private static TckBusiness tckBusiness = new TckBusiness(new UDDIPublicationImpl(), new UDDIInquiryImpl());
    private static TckFindEntity tckFindEntity = new TckFindEntity(new UDDIInquiryImpl());
    private static String authInfoJoe = null;
    private static String authInfoSam = null;
    private static final String TEST_ROLE = "TESTROLE1";
    private static String authInfoUDDI = null;

    @BeforeClass
    public static void startRegistry() throws ConfigurationException {
        System.setProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY, "src/test/resources/juddiv3rbac.xml");
        Registry.start();
        AccessControlFactory.reset();
        Assert.assertTrue(AccessControlFactory.getAccessControlInstance() instanceof RoleBasedAccessControlImpl);
        logger.info("API_180_RbacSecurityTest");
        logger.debug("Getting auth token..");
        try {
            api010.saveJoePublisher();
            api010.saveSamSyndicator();
            UDDISecurityPortType security = new UDDISecurityImpl();
            authInfoJoe = TckSecurity.getAuthToken(security, TckPublisher.getJoePublisherId(), TckPublisher.getJoePassword());
            authInfoSam = TckSecurity.getAuthToken(security, TckPublisher.getSamPublisherId(), TckPublisher.getSamPassword());
            authInfoUDDI = TckSecurity.getAuthToken(security, TckPublisher.getUDDIPublisherId(), TckPublisher.getUDDIPassword());
            TModel m = tckTModel.saveUDDIPublisherTmodel(authInfoUDDI);
            List<String> keys = new ArrayList<>();
            keys.add(m.getTModelKey());
            // keys.clear();
            grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
            keys = tckTModel.saveTModels(authInfoUDDI, TckTModel.TMODELS_XML);
            keys.clear();
            grant(AccessLevel.READ, keys, RoleBasedAccessControlImpl.EVERYONE);
            tckTModel.saveJoePublisherTmodel(authInfoJoe);
            tckBusiness.saveJoePublisherBusiness(authInfoJoe);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            Assert.fail("Could not obtain authInfo token.");
        }
    }

    @AfterClass
    public static void stopRegistry() throws ConfigurationException {
        tckTModel.deleteCreatedTModels(authInfoJoe);
        Registry.stop();
        System.clearProperty(AppConfig.JUDDI_CONFIGURATION_FILE_SYSTEM_PROPERTY);
       
        AppConfig.triggerReload();
          AccessControlFactory.reset();
    }

    @Test
    public void getSetDeletePerm() throws Exception {
        publisher.ctx = new WebServiceContextMock(TckPublisher.getUDDIPublisherId(), TEST_ROLE);

        GetPermissionsMessageRequest request = new GetPermissionsMessageRequest();
        request.setAuthInfo(authInfoUDDI);

        GetPermissionsMessageResponse permissions = publisher.getPermissions(request);
        //Assert.assertTrue(permissions.getLevel().isEmpty());

        SetPermissionsMessageRequest req = new SetPermissionsMessageRequest();
        req.setAuthInfo(authInfoUDDI);
        Permission level = new Permission();
        level.setAction(Action.ADD);
        level.setEntityId(TckBusiness.JOE_BUSINESS_KEY);
        level.setLevel(AccessLevel.READ);
        level.setTarget(TckPublisher.getSamPublisherId());
        level.setType(null);
        req.getLevel().add(level);

        SetPermissionsMessageResponse response = publisher.setPermissions(req);
        Assert.assertNotNull(response);
        permissions = publisher.getPermissions(request);
        //Assert.assertEquals(permissions.getLevel().size(), 1);
        boolean ok = false;
        Permission p1 = null;
        for (Permission p : permissions.getLevel()) {
            if (p.getTarget().equals(TckPublisher.getSamPublisherId())
                    && p.getEntityId().equals(TckBusiness.JOE_BUSINESS_KEY)
                    && p.getLevel() == AccessLevel.READ) {
                ok = true;
                p1 = p;
            }

        }
        Assert.assertTrue(ok);

        p1.setAction(Action.REMOVE);
        req.getLevel().clear();
        req.getLevel().add(p1);
        response = publisher.setPermissions(req);
        Assert.assertNotNull(response);
        permissions = publisher.getPermissions(request);
        //Assert.assertEquals(permissions.getLevel().size(), 0);

    }
}