001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security;
018:
019: import java.security.Principal;
020: import java.util.Collection;
021: import java.util.Iterator;
022: import java.util.prefs.Preferences;
023:
024: import junit.framework.Test;
025: import junit.framework.TestSuite;
026:
027: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
028: import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
029:
030: /**
031: * <p>
032: * Unit testing for {@link RoleManager}.
033: * </p>
034: *
035: * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
036: * @version $Id: TestRoleManager.java 517719 2007-03-13 15:05:48Z ate $
037: */
038: public class TestRoleManager extends AbstractSecurityTestcase {
039: /**
040: * @see junit.framework.TestCase#setUp()
041: */
042: protected void setUp() throws Exception {
043: super .setUp();
044: destroyRoles();
045: }
046:
047: /**
048: * @see junit.framework.TestCase#tearDown()
049: */
050: public void tearDown() throws Exception {
051: destroyRoles();
052: super .tearDown();
053: }
054:
055: public static Test suite() {
056: // All methods starting with "test" will be executed in the test suite.
057: return new TestSuite(TestRoleManager.class);
058: }
059:
060: /**
061: * <p>
062: * Test add role.
063: * </p>
064: */
065: public void testAddRole() {
066: try {
067: rms.addRole("testrole");
068: } catch (SecurityException sex) {
069: assertTrue(
070: "role should not already exists. exception caught: "
071: + sex, false);
072: }
073: try {
074: rms.addRole("testrole.newrole0");
075: } catch (SecurityException sex) {
076: assertTrue(
077: "role should not already exists. exception caught: "
078: + sex, false);
079: }
080: // Add existing role.
081: try {
082: rms.addRole("testrole.newrole0");
083: assertTrue(
084: "role should already exists. exception not thrown.",
085: false);
086: } catch (SecurityException sex) {
087: }
088: // Remove role.
089: try {
090: rms.removeRole("testrole");
091: } catch (SecurityException sex) {
092: assertTrue("could not remove role. exception caught: "
093: + sex, false);
094: }
095: }
096:
097: /**
098: * <p>
099: * Test add user to role.
100: * </p>
101: */
102: public void testAddRoleToUser() {
103: // Init test.
104: try {
105: ums.addUser("anonuser1", "password");
106: rms.addRole("testusertorole1");
107: rms.addRole("testusertorole1.role1");
108: rms.addRole("testusertorole1.role2");
109: } catch (SecurityException sex) {
110: assertTrue("failed to init testAddRoleToUser(), " + sex,
111: false);
112: }
113: // Add role with no prior roles.
114: try {
115: rms.addRoleToUser("anonuser1", "testusertorole1.role1");
116:
117: Collection principals = ums.getUser("anonuser1")
118: .getSubject().getPrincipals();
119: assertTrue(
120: "anonuser1 should contain testusertorole1.role1",
121: principals.contains(new RolePrincipalImpl(
122: "testusertorole1.role1")));
123: } catch (SecurityException sex) {
124: assertTrue("should add user to role. exception caught: "
125: + sex, false);
126: }
127: // Add role with existing roles.
128: try {
129: rms.addRoleToUser("anonuser1", "testusertorole1.role2");
130: Collection principals = ums.getUser("anonuser1")
131: .getSubject().getPrincipals();
132: assertTrue(
133: "anonuser1 should contain testusertorole1.role2",
134: principals.contains(new RolePrincipalImpl(
135: "testusertorole1.role2")));
136: } catch (SecurityException sex) {
137: assertTrue("should add user to role. exception caught: "
138: + sex, false);
139: }
140: // Add role when user does not exist.
141: try {
142: rms.addRoleToUser("anonuser123", "testusertorole1.role2");
143: assertTrue("should catch exception: user does not exist.",
144: false);
145: } catch (SecurityException sex) {
146: }
147: // Add role when role does not exist.
148: try {
149: rms.addRoleToUser("anonuser1", "testusertorole1.role123");
150: assertTrue("should catch exception: role does not exist.",
151: false);
152: } catch (SecurityException sex) {
153: }
154:
155: // Cleanup.
156: try {
157: ums.removeUser("anonuser1");
158: rms.removeRole("testusertorole1");
159: } catch (SecurityException sex) {
160: assertTrue(
161: "could not remove user and role. exception caught: "
162: + sex, false);
163: }
164: }
165:
166: /**
167: * <p>
168: * Test remove role.
169: * </p>
170: */
171: public void testRemoveRole() {
172: // Init test.
173: try {
174: ums.addUser("anonuser2", "password");
175: rms.addRole("testrole1");
176: rms.addRole("testrole1.role1");
177: rms.addRole("testrole1.role2");
178: rms.addRole("testrole2");
179: rms.addRole("testrole2.role1");
180: rms.addRole("testrole2.role2");
181: rms.addRoleToUser("anonuser2", "testrole1.role1");
182: rms.addRoleToUser("anonuser2", "testrole1.role2");
183: rms.addRoleToUser("anonuser2", "testrole2.role1");
184: } catch (SecurityException sex) {
185: assertTrue("failed to init testRemoveRole(), " + sex, false);
186: }
187:
188: try {
189: rms.removeRole("testrole1.role1");
190: Collection principals = ums.getUser("anonuser2")
191: .getSubject().getPrincipals();
192: // because of hierarchical roles with generalization strategy.
193: assertEquals(
194: "principal size should be == 5 after removing testrole1.role1, for principals: "
195: + principals.toString(), 5, principals
196: .size());
197: assertFalse("anonuser2 should not contain testrole1.role1",
198: principals.contains(new RolePrincipalImpl(
199: "testrole1.role1")));
200: // Make sure that the children are removed as well.
201: rms.removeRole("testrole2");
202: boolean roleExists = rms.roleExists("testrole2.role1");
203: assertFalse(roleExists);
204: roleExists = rms.roleExists("testrole2.role2");
205: assertFalse(roleExists);
206: } catch (SecurityException sex) {
207: assertTrue("should remove role. exception caught: " + sex,
208: false);
209: }
210:
211: // Cleanup test.
212: try {
213: ums.removeUser("anonuser2");
214: rms.removeRole("testrole1");
215: } catch (SecurityException sex) {
216: assertTrue(
217: "could not remove user and role. exception caught: "
218: + sex, false);
219: }
220: }
221:
222: /**
223: * <p>
224: * Test get role.
225: * </p>
226: */
227: public void testGetRole() {
228: // Test when the role does not exist.
229: try {
230: rms.getRole("testroledoesnotexist");
231: assertTrue(
232: "role does not exist. should have thrown an exception.",
233: false);
234: } catch (SecurityException sex) {
235: }
236: // Test when the role exists.
237: Role role = null;
238: try {
239: rms.addRole("testgetrole");
240: role = rms.getRole("testgetrole");
241: } catch (SecurityException sex) {
242: assertTrue(
243: "role exists. should not have thrown an exception.",
244: false);
245: }
246: assertNotNull("role is null", role);
247: // Test the Principal.
248: Principal rolePrincipal = role.getPrincipal();
249: assertNotNull("role principal is null", rolePrincipal);
250: assertEquals(
251: "expected role principal full path name == testgetrole",
252: "testgetrole", rolePrincipal.getName());
253:
254: // Test the Role Preferences.
255: Preferences preferences = role.getPreferences();
256: assertEquals("expected role node == /role/testgetrole",
257: SecurityHelper.getPreferencesFullPath(rolePrincipal),
258: preferences.absolutePath());
259:
260: // Cleanup test.
261: try {
262: rms.removeRole("testgetrole");
263: } catch (SecurityException sex) {
264: assertTrue("could not remove role. exception caught: "
265: + sex, false);
266: }
267: }
268:
269: /**
270: * <p>
271: * Test get roles for user.
272: * </p>
273: */
274: public void testGetRolesForUser() {
275: // Init test.
276: try {
277: ums.addUser("anonuser3", "password");
278: rms.addRole("testuserrolemapping");
279: rms.addRole("testuserrolemapping.role1");
280: rms.addRole("testuserrolemapping2.role2");
281: rms.addRoleToUser("anonuser3", "testuserrolemapping");
282: rms.addRoleToUser("anonuser3", "testuserrolemapping.role1");
283: rms
284: .addRoleToUser("anonuser3",
285: "testuserrolemapping2.role2");
286: } catch (SecurityException sex) {
287: assertTrue("failed to init testGetRolesForUser(), " + sex,
288: false);
289: }
290:
291: try {
292: Collection roles = rms.getRolesForUser("anonuser3");
293: assertEquals("roles size should be == 4", 4, roles.size());
294: } catch (SecurityException sex) {
295: assertTrue(
296: "user exists. should not have thrown an exception: "
297: + sex, false);
298: }
299:
300: // Cleanup test.
301: try {
302: ums.removeUser("anonuser3");
303: rms.removeRole("testuserrolemapping");
304: rms.removeRole("testuserrolemapping2");
305: } catch (SecurityException sex) {
306: assertTrue(
307: "could not remove user and role. exception caught: "
308: + sex, false);
309: }
310: }
311:
312: /**
313: * <p>
314: * Test get roles in group.
315: * </p>
316: */
317: public void testGetRolesInGroup() {
318: // Init test.
319: try {
320: rms.addRole("testuserrolemapping");
321: rms.addRole("testuserrolemapping.role1");
322: rms.addRole("testuserrolemapping.role3");
323: gms.addGroup("testrolegroupmapping");
324: rms.addRoleToGroup("testuserrolemapping",
325: "testrolegroupmapping");
326: rms.addRoleToGroup("testuserrolemapping.role1",
327: "testrolegroupmapping");
328: rms.addRoleToGroup("testuserrolemapping.role3",
329: "testrolegroupmapping");
330: } catch (SecurityException sex) {
331: assertTrue("failed to init testGetRolesForGroup(), " + sex,
332: false);
333: }
334:
335: try {
336: Collection roles = rms
337: .getRolesInGroup("testrolegroupmapping");
338: assertEquals("roles size should be == 3", 3, roles.size());
339: } catch (SecurityException sex) {
340: assertTrue(
341: "group exists. should not have thrown an exception: "
342: + sex, false);
343: }
344:
345: // Cleanup test.
346: try {
347: rms.removeRole("testuserrolemapping");
348: gms.removeGroup("testrolegroupmapping");
349: } catch (SecurityException sex) {
350: assertTrue(
351: "could not remove role and group. exception caught: "
352: + sex, false);
353: }
354: }
355:
356: /**
357: * <p>
358: * Test remove role from user.
359: * </p>
360: */
361: public void testRemoveRoleFromUser() {
362: // Init test.
363: try {
364: ums.addUser("anonuser5", "password");
365: rms.addRole("testrole3");
366: rms.addRoleToUser("anonuser5", "testrole3");
367: } catch (SecurityException sex) {
368: assertTrue("failed to init testRemoveRoleFromUser(), "
369: + sex, false);
370: }
371:
372: try {
373: rms.removeRoleFromUser("anonuser5", "testrole3");
374: Collection roles = rms.getRolesForUser("anonuser5");
375: assertEquals("roles size should be == 0", 0, roles.size());
376: } catch (SecurityException sex) {
377: assertTrue(
378: "user exists. should not have thrown an exception: "
379: + sex, false);
380: }
381:
382: // Cleanup test.
383: try {
384: ums.removeUser("anonuser5");
385: rms.removeRole("testrole3");
386: } catch (SecurityException sex) {
387: assertTrue(
388: "could not remove user and role. exception caught: "
389: + sex, false);
390: }
391: }
392:
393: /**
394: * <p>
395: * Test is user in role.
396: * </p>
397: */
398: public void testIsUserInRole() {
399: // Init test.
400: try {
401: ums.addUser("anonuser4", "password");
402: rms.addRole("testuserrolemapping");
403: rms.addRoleToUser("anonuser4", "testuserrolemapping");
404: } catch (SecurityException sex) {
405: assertTrue("failed to init testIsUserInRole(), " + sex,
406: false);
407: }
408:
409: try {
410: boolean isUserInRole = rms.isUserInRole("anonuser4",
411: "testuserrolemapping");
412: assertTrue(
413: "anonuser4 should be in role testuserrolemapping",
414: isUserInRole);
415: } catch (SecurityException sex) {
416: assertTrue(
417: "user and role exist. should not have thrown an exception: "
418: + sex, false);
419: }
420:
421: // Cleanup test.
422: try {
423: ums.removeUser("anonuser4");
424: rms.removeRole("testuserrolemapping");
425: } catch (SecurityException sex) {
426: assertTrue(
427: "could not remove user and role. exception caught: "
428: + sex, false);
429: }
430: }
431:
432: /**
433: * <p>
434: * Test remove role from group.
435: * </p>
436: */
437: public void testRemoveRoleFromGroup() {
438: // Init test.
439: try {
440: rms.addRole("testuserrolemapping");
441: rms.addRole("testuserrolemapping.role1");
442: rms.addRole("testuserrolemapping.role3");
443: gms.addGroup("testrolegroupmapping");
444: rms.addRoleToGroup("testuserrolemapping",
445: "testrolegroupmapping");
446: rms.addRoleToGroup("testuserrolemapping.role1",
447: "testrolegroupmapping");
448: rms.addRoleToGroup("testuserrolemapping.role3",
449: "testrolegroupmapping");
450: } catch (SecurityException sex) {
451: assertTrue("failed to init testRemoveRoleFromGroup(), "
452: + sex, false);
453: }
454:
455: try {
456: rms.removeRoleFromGroup("testuserrolemapping.role3",
457: "testrolegroupmapping");
458: Collection roles = rms
459: .getRolesInGroup("testrolegroupmapping");
460: assertEquals("roles size should be == 2", 2, roles.size());
461: } catch (SecurityException sex) {
462: assertTrue(
463: "group exists. should not have thrown an exception: "
464: + sex, false);
465: }
466:
467: // Cleanup test.
468: try {
469: rms.removeRole("testuserrolemapping");
470: gms.removeGroup("testrolegroupmapping");
471: } catch (SecurityException sex) {
472: assertTrue(
473: "could not remove group and role. exception caught: "
474: + sex, false);
475: }
476: }
477:
478: /**
479: * <p>
480: * Test is user in role.
481: * </p>
482: */
483: public void testIsGroupInRole() {
484: // Init test.
485: try {
486: rms.addRole("testuserrolemapping");
487: gms.addGroup("testrolegroupmapping");
488: rms.addRoleToGroup("testuserrolemapping",
489: "testrolegroupmapping");
490: } catch (SecurityException sex) {
491: assertTrue("failed to init testIsGroupInRole(), " + sex,
492: false);
493: }
494: try {
495: boolean isGroupInRole = rms.isGroupInRole(
496: "testrolegroupmapping", "testuserrolemapping");
497: assertTrue(
498: "testrolegroupmapping should be in role testuserrolemapping",
499: isGroupInRole);
500: } catch (SecurityException sex) {
501: assertTrue(
502: "group and role exist. should not have thrown an exception: "
503: + sex, false);
504: }
505:
506: // Cleanup test.
507: try {
508: rms.removeRole("testuserrolemapping");
509: gms.removeGroup("testrolegroupmapping");
510: } catch (SecurityException sex) {
511: assertTrue(
512: "could not remove role and group. exception caught: "
513: + sex, false);
514: }
515: }
516:
517: /**
518: * <p>
519: * Destroy role test objects.
520: * </p>
521: */
522: protected void destroyRoles() {
523: final String[] users = new String[] { "anonuser1", "anonuser2",
524: "anonuser3", "anonuser4", "anonuser5", };
525: final String[] roles = new String[] { "testrole", "testrole1",
526: "testrole2", "testrole3", "testgetrole",
527: "testusertorole1", "testuserrolemapping.role1",
528: "testuserrolemapping2.role2", "testuserrolemapping",
529: "testuserrolemapping2" };
530: final String[] groups = new String[] { "testusertorole1" };
531:
532: for (int i = 0; i < users.length; i++) {
533: try {
534: ums.removeUser(users[i]);
535: } catch (SecurityException e) {
536: System.err.println(e.toString());
537: }
538: }
539:
540: for (int i = 0; i < roles.length; i++) {
541: try {
542: rms.removeRole(roles[i]);
543: } catch (SecurityException e) {
544: System.err.println(e.toString());
545: }
546: }
547:
548: for (int i = 0; i < groups.length; i++) {
549: try {
550: gms.removeGroup(groups[i]);
551: } catch (SecurityException e) {
552: System.err.println(e.toString());
553: }
554: }
555: }
556:
557: /**
558: * <p>
559: * Test get roles.
560: * </p>
561: *
562: * @throws Exception Throws an exception.
563: */
564: public void testGetRoles() throws Exception {
565: int roleCount = 0;
566: int rolesAdded = 0;
567: Iterator it = rms.getRoles("");
568: while (it.hasNext()) {
569: it.next();
570: roleCount++;
571: }
572: ums.addUser("notme", "one-pw");
573: gms.addGroup("g1");
574: rms.addRole("r1");
575: rms.addRole("r2");
576: rms.addRole("r3");
577: rolesAdded = 3;
578:
579: int count = 0;
580:
581: it = rms.getRoles("");
582: while (it.hasNext()) {
583: it.next();
584: count++;
585: }
586: ums.removeUser("notme");
587: gms.removeGroup("g1");
588: rms.removeRole("r1");
589: rms.removeRole("r2");
590: rms.removeRole("r3");
591: assertTrue("role count should be " + (rolesAdded + roleCount),
592: count == (rolesAdded + roleCount));
593:
594: }
595:
596: }
|