examples/testing-security-meta/src/test/java/org/superbiz/injection/secure/MovieTest.java - tomee - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.superbiz.injection.secure;

 import junit.framework.TestCase;
 import org.superbiz.injection.secure.api.RunAsEmployee;
 import org.superbiz.injection.secure.api.RunAsManager;

 import javax.ejb.EJB;
 import javax.ejb.EJBAccessException;
 import javax.ejb.Stateless;
 import javax.ejb.embeddable.EJBContainer;
 import java.util.List;
 import java.util.Properties;
 import java.util.concurrent.Callable;

 //START SNIPPET: code

 public class MovieTest extends TestCase {

     @EJB
     private Movies movies;

     @EJB(beanName = "ManagerBean")
     private Caller manager;

     @EJB(beanName = "EmployeeBean")
     private Caller employee;

     protected void setUp() throws Exception {
         Properties p = new Properties();
         p.put("movieDatabase", "new://Resource?type=DataSource");
         p.put("movieDatabase.JdbcDriver", "org.hsqldb.jdbcDriver");
         p.put("movieDatabase.JdbcUrl", "jdbc:hsqldb:mem:moviedb");

         EJBContainer.createEJBContainer(p).getContext().bind("inject", this);
     }

     public void testAsManager() throws Exception {
         manager.call(new Callable() {
             public Object call() throws Exception {

                 movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
                 movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
                 movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

                 List<Movie> list = movies.getMovies();
                 assertEquals("List.size()", 3, list.size());

                 for (Movie movie : list) {
                     movies.deleteMovie(movie);
                 }

                 assertEquals("Movies.getMovies()", 0, movies.getMovies().size());
                 return null;
             }
         });
     }

     public void testAsEmployee() throws Exception {
         employee.call(new Callable() {
             public Object call() throws Exception {

                 movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
                 movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
                 movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

                 List<Movie> list = movies.getMovies();
                 assertEquals("List.size()", 3, list.size());

                 for (Movie movie : list) {
                     try {
                         movies.deleteMovie(movie);
                         fail("Employees should not be allowed to delete");
                     } catch (EJBAccessException e) {
                         // Good, Employees cannot delete things
                     }
                 }

                 // The list should still be three movies long
                 assertEquals("Movies.getMovies()", 3, movies.getMovies().size());
                 return null;
             }
         });
     }

     public void testUnauthenticated() throws Exception {
         try {
             movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
             fail("Unauthenticated users should not be able to add movies");
         } catch (EJBAccessException e) {
             // Good, guests cannot add things
         }

         try {
             movies.deleteMovie(null);
             fail("Unauthenticated users should not be allowed to delete");
         } catch (EJBAccessException e) {
             // Good, Unauthenticated users cannot delete things
         }

         try {
             // Read access should be allowed

             List<Movie> list = movies.getMovies();

         } catch (EJBAccessException e) {
             fail("Read access should be allowed");
         }

     }

     public interface Caller {

         public <V> V call(Callable<V> callable) throws Exception;
     }

     /**
      * This little bit of magic allows our test code to execute in
      * the desired security scope.
      */

     @Stateless
     @RunAsManager
     public static class ManagerBean implements Caller {

         public <V> V call(Callable<V> callable) throws Exception {
             return callable.call();
         }

     }

     @Stateless
     @RunAsEmployee
     public static class EmployeeBean implements Caller {

         public <V> V call(Callable<V> callable) throws Exception {
             return callable.call();
         }

     }

 }
 //END SNIPPET: code
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.superbiz.injection.secure;

	import junit.framework.TestCase;
	import org.superbiz.injection.secure.api.RunAsEmployee;
	import org.superbiz.injection.secure.api.RunAsManager;

	import javax.ejb.EJB;
	import javax.ejb.EJBAccessException;
	import javax.ejb.Stateless;
	import javax.ejb.embeddable.EJBContainer;
	import java.util.List;
	import java.util.Properties;
	import java.util.concurrent.Callable;

	//START SNIPPET: code

	public class MovieTest extends TestCase {

	@EJB
	private Movies movies;

	@EJB(beanName = "ManagerBean")
	private Caller manager;

	@EJB(beanName = "EmployeeBean")
	private Caller employee;

	protected void setUp() throws Exception {
	Properties p = new Properties();
	p.put("movieDatabase", "new://Resource?type=DataSource");
	p.put("movieDatabase.JdbcDriver", "org.hsqldb.jdbcDriver");
	p.put("movieDatabase.JdbcUrl", "jdbc:hsqldb:mem:moviedb");

	EJBContainer.createEJBContainer(p).getContext().bind("inject", this);
	}

	public void testAsManager() throws Exception {
	manager.call(new Callable() {
	public Object call() throws Exception {

	movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
	movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
	movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

	List<Movie> list = movies.getMovies();
	assertEquals("List.size()", 3, list.size());

	for (Movie movie : list) {
	movies.deleteMovie(movie);
	}

	assertEquals("Movies.getMovies()", 0, movies.getMovies().size());
	return null;
	}
	});
	}

	public void testAsEmployee() throws Exception {
	employee.call(new Callable() {
	public Object call() throws Exception {

	movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
	movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
	movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

	List<Movie> list = movies.getMovies();
	assertEquals("List.size()", 3, list.size());

	for (Movie movie : list) {
	try {
	movies.deleteMovie(movie);
	fail("Employees should not be allowed to delete");
	} catch (EJBAccessException e) {
	// Good, Employees cannot delete things
	}
	}

	// The list should still be three movies long
	assertEquals("Movies.getMovies()", 3, movies.getMovies().size());
	return null;
	}
	});
	}

	public void testUnauthenticated() throws Exception {
	try {
	movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
	fail("Unauthenticated users should not be able to add movies");
	} catch (EJBAccessException e) {
	// Good, guests cannot add things
	}

	try {
	movies.deleteMovie(null);
	fail("Unauthenticated users should not be allowed to delete");
	} catch (EJBAccessException e) {
	// Good, Unauthenticated users cannot delete things
	}

	try {
	// Read access should be allowed

	List<Movie> list = movies.getMovies();

	} catch (EJBAccessException e) {
	fail("Read access should be allowed");
	}

	}

	public interface Caller {

	public <V> V call(Callable<V> callable) throws Exception;
	}

	/**
	* This little bit of magic allows our test code to execute in
	* the desired security scope.
	*/

	@Stateless
	@RunAsManager
	public static class ManagerBean implements Caller {

	public <V> V call(Callable<V> callable) throws Exception {
	return callable.call();
	}

	}

	@Stateless
	@RunAsEmployee
	public static class EmployeeBean implements Caller {

	public <V> V call(Callable<V> callable) throws Exception {
	return callable.call();
	}

	}

	}
	//END SNIPPET: code