core/src/test/java/org/apache/shiro/realm/AuthorizingRealmTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shiro.realm;

import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.junit.After;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Test;

import java.security.Principal;
import java.util.*;


/**
 * Simple test case for AuthorizingRealm.
 * <p/>
 * TODO - this could/should be expaned to be more robust end to end test for the AuthorizingRealm
 */
public class AuthorizingRealmTest {

    AuthorizingRealm realm;

    private static final String USERNAME = "testuser";
    private static final String PASSWORD = "password";
    private static final int USER_ID = 12345;
    private static final String ROLE = "admin";
    private String localhost = "localhost";

    @Before
    public void setup() {
        realm = new AllowAllRealm();

    }

    @After
    public void tearDown() {
        realm = null;
    }

    @Test
    public void testDefaultConfig() {
        AuthenticationInfo info = realm.getAuthenticationInfo(new UsernamePasswordToken(USERNAME, PASSWORD, localhost));

        assertNotNull(info);
        assertTrue(realm.hasRole(info.getPrincipals(), ROLE));

        Object principal = info.getPrincipals().getPrimaryPrincipal();
        assertTrue(principal instanceof UserIdPrincipal);

        UsernamePrincipal usernamePrincipal = info.getPrincipals().oneByType(UsernamePrincipal.class);
        assertTrue(usernamePrincipal.getUsername().equals(USERNAME));

        UserIdPrincipal userIdPrincipal = info.getPrincipals().oneByType(UserIdPrincipal.class);
        assertTrue(userIdPrincipal.getUserId() == USER_ID);

        String stringPrincipal = info.getPrincipals().oneByType(String.class);
        assertTrue(stringPrincipal.equals(USER_ID + USERNAME));
    }

    @Test
    public void testCreateAccountOverride() {

        AuthorizingRealm realm = new AllowAllRealm() {
            @Override
            protected AuthenticationInfo buildAuthenticationInfo(Object principal, Object credentials) {
                String username = (String) principal;
                UsernamePrincipal customPrincipal = new UsernamePrincipal(username);
                return new SimpleAccount(customPrincipal, credentials, getName());
            }
        };

        AuthenticationInfo info = realm.getAuthenticationInfo(new UsernamePasswordToken(USERNAME, PASSWORD, localhost));
        assertNotNull(info);
        assertTrue(realm.hasRole(info.getPrincipals(), ROLE));
        Object principal = info.getPrincipals().getPrimaryPrincipal();
        assertTrue(principal instanceof UsernamePrincipal);
        assertEquals(USERNAME, ((UsernamePrincipal) principal).getUsername());


    }

    @Test
    public void testNullAuthzInfo() {
	AuthorizingRealm realm = new AuthorizingRealm() {
            protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
                return null;
            }

            protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
                return null;
            }
        };

        Principal principal = new UsernamePrincipal("blah");
        PrincipalCollection pCollection = new SimplePrincipalCollection(principal, "nullAuthzRealm");
        List<Permission> permList = new ArrayList<Permission>();
        permList.add(new WildcardPermission("stringPerm1"));
        permList.add(new WildcardPermission("stringPerm2"));
        List<String> roleList = new ArrayList<String>();
        roleList.add("role1");
        roleList.add("role2");

        boolean thrown = false;
        try {
            realm.checkPermission(pCollection, "stringPermission");
        } catch (UnauthorizedException e) {
            thrown = true;
        }
        assertTrue(thrown);
        thrown = false;

        try {
            realm.checkPermission(pCollection, new WildcardPermission("stringPermission"));
        } catch (UnauthorizedException e) {
            thrown = true;
        }
        assertTrue(thrown);
        thrown = false;

        try {
            realm.checkPermissions(pCollection, "stringPerm1", "stringPerm2");
        } catch (UnauthorizedException e) {
            thrown = true;
        }
        assertTrue(thrown);
        thrown = false;

        try {
            realm.checkPermissions(pCollection, permList);
        } catch (UnauthorizedException e) {
            thrown = true;
        }
        assertTrue(thrown);
        thrown = false;

        try {
            realm.checkRole(pCollection, "role1");
        } catch (UnauthorizedException e) {
            thrown = true;
        }
        assertTrue(thrown);
        thrown = false;

        try {
            realm.checkRoles(pCollection, roleList);
        } catch (UnauthorizedException e) {
            thrown = true;
        }
        assertTrue(thrown);

        assertFalse(realm.hasAllRoles(pCollection, roleList));
        assertFalse(realm.hasRole(pCollection, "role1"));
        assertArrayEquals(new boolean[]{false, false}, realm.hasRoles(pCollection, roleList));
        assertFalse(realm.isPermitted(pCollection, "perm1"));
        assertFalse(realm.isPermitted(pCollection, new WildcardPermission("perm1")));
        assertArrayEquals(new boolean[]{false, false}, realm.isPermitted(pCollection, "perm1", "perm2"));
        assertArrayEquals(new boolean[]{false, false}, realm.isPermitted(pCollection, permList));
        assertFalse(realm.isPermittedAll(pCollection, "perm1", "perm2"));
        assertFalse(realm.isPermittedAll(pCollection, permList));
    }
    
    @Test
    public void testRealmWithRolePermissionResolver()
    {   
        Principal principal = new UsernamePrincipal("rolePermResolver");
        PrincipalCollection pCollection = new SimplePrincipalCollection(principal, "testRealmWithRolePermissionResolver");
        
        AuthorizingRealm realm = new AllowAllRealm();
        realm.setRolePermissionResolver( new RolePermissionResolver()
        { 
            public Collection<Permission> resolvePermissionsInRole( String roleString )
            {
                Collection<Permission> permissions = new HashSet<Permission>();
                if( roleString.equals( ROLE ))
                {
                    permissions.add( new WildcardPermission( ROLE + ":perm1" ) );
                    permissions.add( new WildcardPermission( ROLE + ":perm2" ) );
                    permissions.add( new WildcardPermission( "other:*:foo" ) );
                }
                return permissions;
            }
        });
        
        assertTrue( realm.hasRole( pCollection, ROLE ) );
        assertTrue( realm.isPermitted( pCollection, ROLE + ":perm1" ) );
        assertTrue( realm.isPermitted( pCollection, ROLE + ":perm2" ) );
        assertFalse( realm.isPermitted( pCollection, ROLE + ":perm3" ) );
        assertTrue( realm.isPermitted( pCollection, "other:bar:foo" ) );
    }

    private void assertArrayEquals(boolean[] expected, boolean[] actual) {
        if (expected.length != actual.length) {
            fail("Expected array of length [" + expected.length + "] but received array of length [" + actual.length + "]");
        }
        for (int i = 0; i < expected.length; i++) {
            if (expected[i] != actual[i]) {
                fail("Expected index [" + i + "] to be [" + expected[i] + "] but was [" + actual[i] + "]");
            }
        }
    }

    public class AllowAllRealm extends AuthorizingRealm {

        public AllowAllRealm() {
            super();
            setCredentialsMatcher(new AllowAllCredentialsMatcher());
        }

        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            return buildAuthenticationInfo(token.getPrincipal(), token.getCredentials());
        }

        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
            Set<String> roles = new HashSet<String>();
            roles.add(ROLE);
            return new SimpleAuthorizationInfo(roles);
        }

        protected AuthenticationInfo buildAuthenticationInfo(Object principal, Object credentials) {
            Collection<Object> principals = new ArrayList<Object>(3);
            principals.add(new UserIdPrincipal(USER_ID));
            principals.add(new UsernamePrincipal(USERNAME));
            principals.add(USER_ID + USERNAME);
            return new SimpleAuthenticationInfo(principals, PASSWORD, getName());
        }

    }

}