| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.struts2.interceptor; |
| |
| import java.util.Arrays; |
| import java.util.List; |
| |
| import org.apache.struts2.StrutsInternalTestCase; |
| |
| import com.mockobjects.servlet.MockHttpServletRequest; |
| import com.mockobjects.servlet.MockHttpServletResponse; |
| |
| public class RolesInterceptorTest extends StrutsInternalTestCase { |
| |
| private RolesInterceptor interceptor = new RolesInterceptor(); |
| |
| public void setUp() throws Exception { |
| super.setUp(); |
| interceptor = new RolesInterceptor(); |
| } |
| |
| public void testStringToList() { |
| List list = interceptor.stringToList("foo"); |
| assertNotNull(list); |
| assertEquals(1, list.size()); |
| |
| list = interceptor.stringToList("foo,bar"); |
| assertEquals(2, list.size()); |
| assertEquals("foo", (String)list.get(0)); |
| |
| list = interceptor.stringToList("foo, bar"); |
| assertEquals(2, list.size()); |
| assertEquals("bar", (String)list.get(1)); |
| |
| list = interceptor.stringToList("foo , bar"); |
| assertEquals(2, list.size()); |
| assertEquals("bar", (String)list.get(1)); |
| } |
| |
| public void testIsAllowed() throws Exception { |
| MockHttpServletRequest request = new MockHttpServletRequest() { |
| public boolean isUserInRole(String role) { |
| return "admin".equals(role); |
| } |
| }; |
| interceptor.setAllowedRoles("admin"); |
| assertTrue(interceptor.isAllowed(request, null)); |
| |
| interceptor.setAllowedRoles("bar, admin"); |
| assertTrue(interceptor.isAllowed(request, null)); |
| |
| interceptor.setAllowedRoles(null); |
| assertTrue(interceptor.isAllowed(request, null)); |
| |
| interceptor.setDisallowedRoles("bar"); |
| assertTrue(interceptor.isAllowed(request, null)); |
| |
| interceptor.setDisallowedRoles("bar, admin"); |
| assertTrue(!interceptor.isAllowed(request, null)); |
| |
| } |
| |
| public void testIsAllowed_userAllowedAndGuestDisallowed() throws Exception { |
| MockHttpServletRequest request = new MockHttpServletRequest() { |
| public boolean isUserInRole(String role) { |
| return "user".equals(role) || "guest".equals(role); |
| } |
| }; |
| |
| interceptor.setAllowedRoles("user"); //has to be a user |
| interceptor.setDisallowedRoles("guest"); //and not a guest |
| assertFalse(interceptor.isAllowed(request, null)); |
| } |
| |
| public void testIsAllowed_adminAllowedExceptManager() throws Exception { |
| MockHttpServletRequest request = new MockHttpServletRequest() { |
| public boolean isUserInRole(String role) { |
| return "admin".equals(role); |
| } |
| }; |
| |
| interceptor.setAllowedRoles("admin");//allow all |
| interceptor.setDisallowedRoles("manager"); |
| assertTrue(interceptor.isAllowed(request, null)); |
| } |
| |
| public void testIsAllowed_sameRoleAllowedAndDisallowed() throws Exception { |
| MockHttpServletRequest request = new MockHttpServletRequest() { |
| public boolean isUserInRole(String role) { |
| return "admin".equals(role); |
| } |
| }; |
| |
| interceptor.setAllowedRoles("admin"); |
| interceptor.setDisallowedRoles("admin"); |
| assertFalse(interceptor.isAllowed(request, null)); |
| } |
| |
| |
| public void testIsAllowed_emptyAllowedAndDisallowed() throws Exception { |
| MockHttpServletRequest request = new MockHttpServletRequest() { |
| public boolean isUserInRole(String role) { |
| return "admin".equals(role); |
| } |
| }; |
| |
| interceptor.setAllowedRoles("");//allow all |
| interceptor.setDisallowedRoles("admin"); |
| assertFalse(interceptor.isAllowed(request, null)); |
| } |
| |
| public void testHandleRejection() throws Exception { |
| MockHttpServletResponse response = new MockHttpServletResponse(); |
| response.setExpectedError(response.SC_FORBIDDEN); |
| interceptor.handleRejection(null, response); |
| response.verify(); |
| } |
| |
| public void testAreRolesValid() throws Exception { |
| RolesInterceptor roleCheckInterceptor = new RolesInterceptor(){ |
| List<String> validRoles = Arrays.asList(new String[]{"admin","user"}); |
| @Override |
| public boolean areRolesValid(List<String> roles){ |
| return validRoles.containsAll(roles); |
| } |
| }; |
| try { |
| roleCheckInterceptor.setAllowedRoles("admin, user"); |
| roleCheckInterceptor.setDisallowedRoles("admin, user"); |
| } catch (Exception e){ |
| fail("Valid roles should not throw an exception"); |
| } |
| try { |
| roleCheckInterceptor.setAllowedRoles("hacker, abuser"); |
| fail("Invalid roles should throw an exception"); |
| } catch (Exception e){ |
| //expected |
| } |
| try { |
| roleCheckInterceptor.setAllowedRoles("nonadmin, nonuser"); |
| fail("Invalid roles should throw an exception"); |
| } catch (Exception e){ |
| //expected |
| } |
| try { |
| roleCheckInterceptor.intercept(null); |
| fail("A misconfigured should always throw an exception"); |
| } catch (Exception e){ |
| //expected; |
| } |
| } |
| } |