001: /*
002: * Copyright 2005 Joe Walker
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.directwebremoting.impl;
017:
018: import static org.junit.Assert.*;
019:
020: import java.lang.reflect.Method;
021:
022: import org.directwebremoting.WebContextFactory;
023: import org.directwebremoting.WebContextFactory.WebContextBuilder;
024: import org.directwebremoting.create.NewCreator;
025: import org.directwebremoting.extend.Creator;
026: import org.junit.Before;
027: import org.junit.Test;
028: import org.springframework.mock.web.MockHttpServletRequest;
029: import org.springframework.mock.web.MockHttpServletResponse;
030:
031: /**
032: * @author Bram Smeets
033: * @author Joe Walker [joe at getahead dot ltd dot uk]
034: */
035: public class DefaultAccessControlTest {
036: private DefaultAccessControl accessControl = new DefaultAccessControl();
037:
038: private MockHttpServletRequest request;
039:
040: @Before
041: public void setUp() {
042: request = new MockHttpServletRequest();
043: }
044:
045: @Test(expected=SecurityException.class)
046: public void testReasonToNotDisplayDwrObject() throws Exception {
047: NewCreator creator = new NewCreator();
048: creator.setClass("org.directwebremoting.impl.DefaultRemoter");
049: accessControl.assertIsDisplayable(creator, "", getMethod());
050: }
051:
052: @Test
053: public void testReasonToNotDisplay() throws Exception {
054: NewCreator creator = new NewCreator();
055: creator.setClass("java.lang.Object");
056:
057: accessControl.assertIsDisplayable(creator, "", getMethod());
058: }
059:
060: @Test(expected=SecurityException.class)
061: public void testReasonToNotDisplayWithNonPublicMethod()
062: throws Exception {
063: accessControl.assertIsDisplayable(null, null,
064: getPrivateMethod());
065: }
066:
067: @Test(expected=SecurityException.class)
068: public void testReasonToNotDisplayWithNonExecutableMethod()
069: throws Exception {
070: accessControl.addExcludeRule("className", "someMethod");
071: accessControl.assertIsDisplayable(null, "className",
072: getMethod());
073: }
074:
075: @Test(expected=SecurityException.class)
076: public void testReasonToNotDisplayWithMethodWithDwrParameter()
077: throws Exception {
078: NewCreator creator = new NewCreator();
079: creator.setClass("java.lang.Object");
080:
081: accessControl.assertIsDisplayable(creator, "className",
082: getMethodWithDwrParameter());
083: }
084:
085: @Test(expected=SecurityException.class)
086: public void testReasonToNotDisplayWithObjectMethod()
087: throws Exception {
088: NewCreator creator = new NewCreator();
089: creator.setClass("java.lang.Object");
090:
091: accessControl.assertIsDisplayable(creator, "className",
092: getHashCodeMethod());
093: }
094:
095: @Test
096: public void testReasonToNotExecute() throws Exception {
097: WebContextBuilder builder = new DefaultWebContextBuilder();
098: builder.set(new MockHttpServletRequest(),
099: new MockHttpServletResponse(), null, null, null);
100: WebContextFactory.setWebContextBuilder(builder);
101:
102: NewCreator creator = new NewCreator();
103: creator.setClass(DefaultAccessControl.class.getName());
104:
105: try {
106: accessControl.assertExecutionIsPossible(creator,
107: "className", getMethod());
108: fail();
109: } catch (SecurityException ex) {
110: assertNotNull(ex.getMessage());
111: }
112:
113: accessControl.addRoleRestriction("className", "someMethod",
114: "someRole");
115: accessControl.addRoleRestriction("className", "someMethod",
116: "someOtherRole");
117:
118: try {
119: accessControl.assertExecutionIsPossible(creator,
120: "className", getMethod());
121: fail();
122: } catch (SecurityException ex) {
123: assertNotNull(ex.getMessage());
124: }
125:
126: request.addUserRole("someRole");
127:
128: try {
129: accessControl.assertExecutionIsPossible(creator,
130: "className", getMethod());
131: fail();
132: } catch (SecurityException ex) {
133: assertNotNull(ex.getMessage());
134: }
135: }
136:
137: /**
138: *
139: */
140: public void someMethod() {
141: // do nothing
142: }
143:
144: /**
145: * @param someString
146: * @param creator
147: */
148: public void someMethodWithDwrParameter(String someString,
149: Creator creator) {
150: Object ignore = someString;
151: ignore = creator;
152: creator = (Creator) ignore;
153:
154: // do nothing
155: }
156:
157: /**
158: *
159: */
160: private void somePrivateMethod() {
161: // do nothing
162: }
163:
164: private Method getMethod() throws NoSuchMethodException {
165: return getClass().getMethod("someMethod", new Class[0]);
166: }
167:
168: private Method getMethodWithDwrParameter()
169: throws NoSuchMethodException {
170: return getClass().getMethod("someMethodWithDwrParameter",
171: new Class[] { String.class, Creator.class });
172: }
173:
174: private Method getPrivateMethod() throws NoSuchMethodException {
175: return getClass().getDeclaredMethod("somePrivateMethod",
176: new Class[0]);
177: }
178:
179: private Method getHashCodeMethod() throws NoSuchMethodException {
180: return getClass().getMethod("hashCode", new Class[0]);
181: }
182:
183: /**
184: * Shuts lint up
185: */
186: protected void ignore() {
187: somePrivateMethod();
188: }
189: }
|