stack/services/src/test/java/org/apache/usergrid/security/CustomResolverTest.java - usergrid - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.usergrid.security;


 import java.util.UUID;

 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.usergrid.management.UserInfo;
 import org.apache.usergrid.persistence.entities.User;
 import org.apache.usergrid.security.shiro.CustomPermission;
 import org.apache.usergrid.security.shiro.principals.ApplicationUserPrincipal;
 import org.apache.usergrid.utils.UUIDUtils;

 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.UnavailableSecurityManagerException;
 import org.apache.shiro.mgt.DefaultSecurityManager;
 import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.subject.support.SubjectThreadState;
 import org.apache.shiro.util.LifecycleUtils;
 import org.apache.shiro.util.ThreadState;

 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;


 public class CustomResolverTest {

     public static final Logger logger = LoggerFactory.getLogger( CustomResolverTest.class );

     private static ThreadState subjectThreadState;


     @BeforeClass
     public static void setSecurityManager() {
         DefaultSecurityManager manager = new DefaultSecurityManager();
         SecurityUtils.setSecurityManager( manager );
     }


     @AfterClass
     public static void tearDownShiro() {
         doClearSubject();

         try {
             org.apache.shiro.mgt.SecurityManager securityManager = SecurityUtils.getSecurityManager();
             LifecycleUtils.destroy( securityManager );
         }
         catch ( UnavailableSecurityManagerException e ) {
             // we don't care about this when cleaning up the test environment
             // (for example, maybe the subclass is a unit test and it didn't
             // need a SecurityManager instance because it was using only
             // mock Subject instances)
         }
         SecurityUtils.setSecurityManager( null );
     }


     private static void doClearSubject() {
         if ( subjectThreadState != null ) {
             subjectThreadState.clear();
             subjectThreadState = null;
         }
     }


     /**
      * Allows subclasses to set the currently executing {@link Subject} instance.
      *
      * @param subject the Subject instance
      */
     protected void setSubject( Subject subject ) {
         doClearSubject();
         subjectThreadState = new SubjectThreadState( subject );
         subjectThreadState.bind();
     }


     @Test
     public void testResolver() throws Exception {

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo" );

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar" );

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz" );

         testImplies( false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/" );

         testImplies( false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz" );

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/**",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz" );

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*/boz/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz" );

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*/boz/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz/biz" );

         testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/bar/*/boz/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/bar/3b270ee0-a2d7-11e2-b8ac-f14ec968db08/boz"
                         + "/b53761a-a2d7-11e2-abbb-11f6def11e98" );

         testImplies( false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*/boz/*",
                 "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz/biz/box" );
     }


     @Test
     public void userMeSubstitution() {
         User fakeUser = new User();
         fakeUser.setUuid( UUIDUtils.newTimeUUID() );
         fakeUser.setUsername( "testusername" );

         UUID appId = UUIDUtils.newTimeUUID();

         UserInfo info = new UserInfo( appId, fakeUser.getProperties() );


         ApplicationUserPrincipal principal = new ApplicationUserPrincipal( appId, info );
         Subject subject = new Subject.Builder( SecurityUtils.getSecurityManager() )
                 .principals( new SimplePrincipalCollection( principal, "usergrid" ) ).buildSubject();

         setSubject( subject );

         testImplies( true, "/users/mefake@usergrid.org/**", "/users/mefake@usergrid.org/permissions" );

         //test substitution
         testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUsername() ) );

         testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUuid() ) );
     }


     public void testImplies( boolean expected, String s1, String s2 ) {
         CustomPermission p1 = new CustomPermission( s1 );
         CustomPermission p2 = new CustomPermission( s2 );
         if ( expected ) {
             assertTrue( p1.implies( p2 ) );
         }
         else {
             assertFalse( p1.implies( p2 ) );
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.usergrid.security;


	import java.util.UUID;

	import org.junit.AfterClass;
	import org.junit.BeforeClass;
	import org.junit.Test;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.apache.usergrid.management.UserInfo;
	import org.apache.usergrid.persistence.entities.User;
	import org.apache.usergrid.security.shiro.CustomPermission;
	import org.apache.usergrid.security.shiro.principals.ApplicationUserPrincipal;
	import org.apache.usergrid.utils.UUIDUtils;

	import org.apache.shiro.SecurityUtils;
	import org.apache.shiro.UnavailableSecurityManagerException;
	import org.apache.shiro.mgt.DefaultSecurityManager;
	import org.apache.shiro.subject.SimplePrincipalCollection;
	import org.apache.shiro.subject.Subject;
	import org.apache.shiro.subject.support.SubjectThreadState;
	import org.apache.shiro.util.LifecycleUtils;
	import org.apache.shiro.util.ThreadState;

	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertTrue;


	public class CustomResolverTest {

	public static final Logger logger = LoggerFactory.getLogger( CustomResolverTest.class );

	private static ThreadState subjectThreadState;


	@BeforeClass
	public static void setSecurityManager() {
	DefaultSecurityManager manager = new DefaultSecurityManager();
	SecurityUtils.setSecurityManager( manager );
	}


	@AfterClass
	public static void tearDownShiro() {
	doClearSubject();

	try {
	org.apache.shiro.mgt.SecurityManager securityManager = SecurityUtils.getSecurityManager();
	LifecycleUtils.destroy( securityManager );
	}
	catch ( UnavailableSecurityManagerException e ) {
	// we don't care about this when cleaning up the test environment
	// (for example, maybe the subclass is a unit test and it didn't
	// need a SecurityManager instance because it was using only
	// mock Subject instances)
	}
	SecurityUtils.setSecurityManager( null );
	}


	private static void doClearSubject() {
	if ( subjectThreadState != null ) {
	subjectThreadState.clear();
	subjectThreadState = null;
	}
	}


	/**
	* Allows subclasses to set the currently executing {@link Subject} instance.
	*
	* @param subject the Subject instance
	*/
	protected void setSubject( Subject subject ) {
	doClearSubject();
	subjectThreadState = new SubjectThreadState( subject );
	subjectThreadState.bind();
	}


	@Test
	public void testResolver() throws Exception {

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo" );

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar" );

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz" );

	testImplies( false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/" );

	testImplies( false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz" );

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/**",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz" );

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar//boz/",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz" );

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar//boz/",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz/biz" );

	testImplies( true, "applications:get:00000000-0000-0000-0000-000000000001:/bar//boz/",
	"applications:get:00000000-0000-0000-0000-000000000001:/bar/3b270ee0-a2d7-11e2-b8ac-f14ec968db08/boz"
	+ "/b53761a-a2d7-11e2-abbb-11f6def11e98" );

	testImplies( false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar//boz/",
	"applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz/biz/box" );
	}


	@Test
	public void userMeSubstitution() {
	User fakeUser = new User();
	fakeUser.setUuid( UUIDUtils.newTimeUUID() );
	fakeUser.setUsername( "testusername" );

	UUID appId = UUIDUtils.newTimeUUID();

	UserInfo info = new UserInfo( appId, fakeUser.getProperties() );


	ApplicationUserPrincipal principal = new ApplicationUserPrincipal( appId, info );
	Subject subject = new Subject.Builder( SecurityUtils.getSecurityManager() )
	.principals( new SimplePrincipalCollection( principal, "usergrid" ) ).buildSubject();

	setSubject( subject );

	testImplies( true, "/users/mefake@usergrid.org/**", "/users/mefake@usergrid.org/permissions" );

	//test substitution
	testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUsername() ) );

	testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUuid() ) );
	}


	public void testImplies( boolean expected, String s1, String s2 ) {
	CustomPermission p1 = new CustomPermission( s1 );
	CustomPermission p2 = new CustomPermission( s2 );
	if ( expected ) {
	assertTrue( p1.implies( p2 ) );
	}
	else {
	assertFalse( p1.implies( p2 ) );
	}
	}
	}