Google Git
Sign in
apache / turbine-fulcrum-security / b08a2f50d125df0bdaafd0be394f3ff5f179b1d4 / . / memory / src / test / org / apache / fulcrum / security / acl / TurbineAccessControlListTest.java
blob: f8ba3587652e12210f17ff1a9e44f7d0fd36a092 [file] [log] [blame]
package org.apache.fulcrum.security.acl;
import static org.junit.jupiter.api.Assertions.*;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.SerializationUtils;
import org.apache.fulcrum.security.GroupManager;
import org.apache.fulcrum.security.PermissionManager;
import org.apache.fulcrum.security.RoleManager;
import org.apache.fulcrum.security.SecurityService;
import org.apache.fulcrum.security.UserManager;
import org.apache.fulcrum.security.entity.Group;
import org.apache.fulcrum.security.entity.Permission;
import org.apache.fulcrum.security.entity.Role;
import org.apache.fulcrum.security.entity.User;
import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
import org.apache.fulcrum.security.util.GroupSet;
import org.apache.fulcrum.security.util.PermissionSet;
import org.apache.fulcrum.security.util.RoleSet;
import org.apache.fulcrum.testcontainer.BaseUnit5Test;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
/**
* Test that we can generate AccessControlLists from the Factory
*
* @author <a href="mailto:epugh@upstate.com">Eric Pugh</a>
* @version $Id$
*/
public class TurbineAccessControlListTest extends BaseUnit5Test
{
private UserManager userManager;
private GroupManager groupManager;
private RoleManager roleManager;
private TurbineModelManager modelManager;
private PermissionManager permissionManager;
private TurbineAccessControlList acl;
private static int counter = 1;
private User user;
@BeforeEach
public void setUp() throws Exception
{
this.setRoleFileName("src/test/TurbineMemoryRoleConfig.xml");
this.setConfigurationFileName("src/test/TurbineMemoryComponentConfig.xml");
SecurityService securityService = (SecurityService) lookup(SecurityService.ROLE);
userManager = securityService.getUserManager();
groupManager = securityService.getGroupManager();
roleManager = securityService.getRoleManager();
permissionManager = securityService.getPermissionManager();
modelManager = (TurbineModelManager) securityService.getModelManager();
user = userManager.getUserInstance("User 1");
if (!userManager.checkExists(user)) {
userManager.addUser(user, "secretpassword");
}
}
@Override
@AfterEach
public void tearDown()
{
userManager = null;
groupManager = null;
roleManager = null;
modelManager = null;
permissionManager = null;
user = null;
}
@Test
public void testCreatingDefaultAccessControlListViaFactory() throws Exception
{
Group group = getGroup();
Role role = getRole();
Role globalRole = getRole();
Permission permission = getPermission();
modelManager.grant(user, modelManager.getGlobalGroup(), globalRole);
modelManager.grant(user, group, role);
modelManager.grant(role, permission);
RoleSet roleSet = new RoleSet();
PermissionSet permissionSet = new PermissionSet();
roleSet.add(role);
permissionSet.add(permission);
Map<Group, RoleSet> roleSets = new HashMap<Group, RoleSet>();
Map<Group, PermissionSet> permissionSets = new HashMap<Group, PermissionSet>();
roleSets.put(group, roleSet);
permissionSets.put(group, permissionSet);
AccessControlList acl = userManager.getACL(user);
assertTrue(acl instanceof TurbineAccessControlList);
TurbineAccessControlList dacl = (TurbineAccessControlList) acl;
assertTrue(dacl.hasRole(role,group));
assertTrue(dacl.hasRole(globalRole));
assertTrue(dacl.hasPermission(permission,group));
assertEquals(dacl.getPermissions(group).toString(),permissionSets.get(group).toString());
Serializable serDeSer = SerializationUtils.roundtrip(acl);
assertTrue( ((TurbineAccessControlList)serDeSer).getRoles().toString().equals(dacl.getRoles().toString()),
"Expected RoleSet: [role 4 -> 4]");
}
@Test
public void testGetRolesGroup() throws Exception
{
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
modelManager.grant(user, modelManager.getGlobalGroup(), role);
modelManager.grant(user, modelManager.getGlobalGroup(), role2);
acl = userManager.getACL(user);
RoleSet resultRoleSet = acl.getRoles();
assertTrue(resultRoleSet.contains(role));
assertTrue(resultRoleSet.contains(role2));
assertFalse(resultRoleSet.contains(role3));
}
/*
* Class to test for RoleSet getRoles()
*/
@Test
public void testGetRoles() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
modelManager.grant(user,group, role);
modelManager.grant(user,group, role2);
modelManager.grant(user,group2, role2);
modelManager.grant(user,group2, role3);
acl = userManager.getACL(user);
RoleSet resultRoleSet = acl.getRoles(group);
assertTrue(resultRoleSet.contains(role));
assertTrue(resultRoleSet.contains(role2));
assertTrue(!resultRoleSet.contains(role3));
assertEquals(2, resultRoleSet.size());
}
/*
* Class to test for PermissionSet getPermissions(Group)
*/
@Test
public void testGetPermissionsGroup() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
Permission permission = getPermission();
Permission permission2 = getPermission();
Permission permission3 = getPermission();
modelManager.grant(user,group, role);
modelManager.grant(user,group, role2);
modelManager.grant(user,group2, role3);
modelManager.grant(role, permission);
modelManager.grant(role, permission2);
modelManager.grant(role, permission3);
modelManager.grant(role2, permission2);
modelManager.grant(role2, permission3);
acl = userManager.getACL(user);
PermissionSet resultPermissionSet = acl.getPermissions(group);
assertEquals(3, resultPermissionSet.size());
assertTrue(resultPermissionSet.contains(permission));
assertTrue(resultPermissionSet.contains(permission2));
assertTrue(resultPermissionSet.contains(permission3));
resultPermissionSet = acl.getPermissions(group2);
assertEquals(0, resultPermissionSet.size());
}
/*
* Class to test for PermissionSet getPermissions()
*/
@Test
public void testGetPermissions() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
Permission permission = getPermission();
Permission permission2 = getPermission();
Permission permission3 = getPermission();
modelManager.grant(user,group, role);
modelManager.grant(user,group, role2);
modelManager.grant(user,group2, role3);
modelManager.grant(role, permission);
modelManager.grant(role, permission2);
modelManager.grant(role, permission3);
modelManager.grant(role2, permission2);
modelManager.grant(role2, permission3);
acl = userManager.getACL(user);
PermissionSet resultPermissionSet = acl.getPermissions(group);
assertEquals(3, resultPermissionSet.size());
}
/*
* Class to test for boolean hasRole(Role, Group)
*/
@Test
public void testHasRoleRoleGroup() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
modelManager.grant(user,group, role);
modelManager.grant(user,group, role2);
modelManager.grant(user,group2, role);
modelManager.grant(user,group2, role3);
acl = userManager.getACL(user);
assertTrue(acl.hasRole(role, group));
assertTrue(acl.hasRole(role, group2));
assertTrue(acl.hasRole(role2, group));
assertFalse(acl.hasRole(role2, group2));
assertTrue(acl.hasRole(role, group2));
assertFalse(acl.hasRole(role2, group2));
assertTrue(acl.hasRole(role3, group2));
}
/*
* Class to test for boolean hasRole(Role, GroupSet)
*/
@Test
public void testHasRoleRoleGroupSet() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
modelManager.grant(user,group, role);
modelManager.grant(user,group, role2);
modelManager.grant(user,group2, role);
modelManager.grant(user,group2, role3);
acl = userManager.getACL(user);
GroupSet groupSet = new GroupSet();
groupSet.add(group);
assertTrue(acl.hasRole(role, groupSet));
assertTrue(acl.hasRole(role2, groupSet));
assertFalse(acl.hasRole(role3, groupSet));
groupSet.add(group2);
assertTrue(acl.hasRole(role, groupSet));
assertTrue(acl.hasRole(role2, groupSet));
assertTrue(acl.hasRole(role3, groupSet));
groupSet.add(group2);
}
/*
* Class to test for boolean hasRole(String, String)
*/
@Test
public void testHasRoleStringString() throws Exception
{
try {
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
modelManager.grant(user, group, role);
modelManager.grant(user, group, role2);
modelManager.grant(user, group2, role);
modelManager.grant(user, group2, role3);
acl = userManager.getACL(user);
assertTrue(acl.hasRole(role.getName(), group.getName()));
assertTrue(acl.hasRole(role.getName(), group2.getName()));
assertTrue(acl.hasRole(role2.getName(), group.getName()));
assertFalse(acl.hasRole(role2.getName(), group2.getName()));
assertTrue(acl.hasRole(role.getName(), group2.getName()));
assertFalse(acl.hasRole(role2.getName(), group2.getName()));
assertTrue(acl.hasRole(role3.getName(), group2.getName()));
} catch (Exception e) {
fail("failed with " + e.getMessage());
}
}
/*
* Class to test for boolean hasPermission(Permission, Group)
*/
@Test
public void testHasPermissionPermissionGroup() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
Permission permission = getPermission();
Permission permission2 = getPermission();
Permission permission3 = getPermission();
Permission permission4 = getPermission();
modelManager.grant(user, group, role);
modelManager.grant(user, group, role2);
modelManager.grant(user, group2, role3);
modelManager.grant(role, permission);
modelManager.grant(role, permission2);
modelManager.grant(role, permission3);
modelManager.grant(role2, permission2);
modelManager.grant(role2, permission3);
modelManager.grant(role3, permission4);
acl = userManager.getACL(user);
assertTrue(acl.hasPermission(permission, group));
assertTrue(acl.hasPermission(permission2, group));
assertTrue(acl.hasPermission(permission3, group));
assertFalse(acl.hasPermission(permission4, group));
assertTrue(acl.hasPermission(permission4, group2));
assertFalse(acl.hasPermission(permission, group2));
}
/*
* Class to test for boolean hasPermission(Permission, GroupSet)
*/
@Test
public void testHasPermissionPermissionGroupSet() throws Exception
{
Group group = getGroup();
Group group2 = getGroup();
Group group3 = getGroup();
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
Role role4 = getRole();
Permission permission = getPermission();
Permission permission2 = getPermission();
Permission permission3 = getPermission();
Permission permission4 = getPermission();
Permission permission5 = getPermission();
modelManager.grant(user,group, role);
modelManager.grant(user,group, role2);
modelManager.grant(user,group2, role3);
modelManager.grant(user,group3, role4);
modelManager.grant(role, permission);
modelManager.grant(role, permission2);
modelManager.grant(role, permission3);
modelManager.grant(role2, permission2);
modelManager.grant(role2, permission3);
modelManager.grant(role3, permission4);
modelManager.grant(role4, permission5);
acl = userManager.getACL(user);
GroupSet groupSet = new GroupSet();
groupSet.add(group);
groupSet.add(group2);
assertTrue(acl.hasPermission(permission, groupSet));
assertFalse(acl.hasPermission(permission5, groupSet));
groupSet.add(group3);
assertTrue(acl.hasPermission(permission5, groupSet));
}
/*
* Class to test for boolean hasPermission(Permission)
*/
@Test
public void testHasPermissionPermission() throws Exception
{
Role role = getRole();
Role role2 = getRole();
Role role3 = getRole();
Role role4 = getRole();
Permission permission = getPermission();
Permission permission2 = getPermission();
Permission permission3 = getPermission();
Permission permission4 = getPermission();
Permission permission5 = getPermission();
modelManager.grant(user,modelManager.getGlobalGroup(), role);
modelManager.grant(user,modelManager.getGlobalGroup(), role2);
modelManager.grant(user,modelManager.getGlobalGroup(), role3);
modelManager.grant(user,modelManager.getGlobalGroup(), role4);
modelManager.grant(role, permission);
modelManager.grant(role, permission2);
modelManager.grant(role, permission3);
modelManager.grant(role2, permission2);
modelManager.grant(role2, permission3);
modelManager.grant(role3, permission4);
modelManager.grant(role4, permission5);
acl = userManager.getACL(user);
assertTrue(acl.hasPermission(permission));
assertTrue(acl.hasPermission(permission2));
assertTrue(acl.hasPermission(permission3));
assertTrue(acl.hasPermission(permission4));
assertTrue(acl.hasPermission(permission5));
}
private int getId()
{
return ++counter;
}
private Role getRole() throws Exception
{
Role role = roleManager.getRoleInstance("Role " + getId());
roleManager.addRole(role);
return role;
}
private Group getGroup() throws Exception
{
Group group = groupManager.getGroupInstance("Group " + getId());
groupManager.addGroup(group);
return group;
}
private Permission getPermission() throws Exception
{
Permission permission = permissionManager.getPermissionInstance("Permission " + getId());
permissionManager.addPermission(permission);
return permission;
}
}