001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security;
018:
019: import java.security.Principal;
020: import java.util.Collection;
021: import java.util.Iterator;
022: import java.util.List;
023: import java.util.ArrayList;
024: import java.util.prefs.Preferences;
025: import java.security.Principal;
026:
027: import javax.security.auth.Subject;
028: import javax.security.auth.login.LoginContext;
029: import javax.security.auth.login.LoginException;
030:
031: import junit.framework.Test;
032: import junit.framework.TestSuite;
033:
034: import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
035: import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
036:
037: /**
038: * <p>
039: * Unit testing for {@link UserManager}.
040: * </p>
041: *
042: * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
043: */
044: public class TestUserManager extends AbstractSecurityTestcase {
045:
046: /**
047: * @see junit.framework.TestCase#setUp()
048: */
049: protected void setUp() throws Exception {
050: super .setUp();
051: destroyUserObject();
052: }
053:
054: /**
055: * @see junit.framework.TestCase#tearDown()
056: */
057: public void tearDown() throws Exception {
058: destroyUserObject();
059: super .tearDown();
060: }
061:
062: public static Test suite() {
063: return new TestSuite(TestUserManager.class);
064: }
065:
066: /**
067: * <p>
068: * Test add/remove user.
069: * </p>
070: */
071: public void testAddRemoveUser() {
072: try {
073: ums.addUser("anon", "password");
074: } catch (SecurityException sex) {
075: assertTrue("user already exists. exception caught: " + sex,
076: false);
077: }
078:
079: try {
080: ums.addUser("anon", "password");
081: assertTrue(
082: "user should already exists. exception not thrown.",
083: false);
084: } catch (SecurityException sex) {
085: }
086: try {
087: ums.removeUser("anon");
088: } catch (SecurityException sex) {
089: assertTrue("could not remove user. exception caught: "
090: + sex, false);
091: }
092: if (ums.userExists("anon")) {
093: assertTrue("user should have been removed: ", false);
094: }
095:
096: }
097:
098: /**
099: * <p>
100: * Test get user.
101: * </p>
102: */
103: public void testGetUser() {
104: // Test when the user does not exist.
105: try {
106: ums.getUser("test");
107: assertTrue(
108: "user does not exist. should have thrown an exception.",
109: false);
110: } catch (SecurityException sex) {
111: }
112: // Test when the user exists.
113: User user = null;
114: try {
115: ums.addUser("test", "password");
116: user = ums.getUser("test");
117: } catch (SecurityException sex) {
118: assertTrue(
119: "user exists. should not have thrown an exception.",
120: false);
121: }
122: assertNotNull("user is null", user);
123: // Test the User JSSubject
124: Subject subject = user.getSubject();
125: assertNotNull("subject is null", subject);
126: // Asset user principal.
127: Principal userPrincipal = SecurityHelper.getPrincipal(subject,
128: UserPrincipal.class);
129: assertNotNull("user principal is null", userPrincipal);
130: assertEquals("expected user principal full path == /user/test",
131: "/user/test", SecurityHelper
132: .getPreferencesFullPath(userPrincipal));
133: assertEquals("expected user principal name == test", "test",
134: userPrincipal.getName());
135:
136: // Test the User Preferences.
137: Preferences preferences = user.getPreferences();
138: assertEquals("expected user node == /user/test", "/user/test",
139: preferences.absolutePath());
140:
141: // Test if roles are inheritable to a user via groups
142: try {
143: // If user 'inheritedUser' belongs to group 'inheritingGroup' and group 'group' has role 'assignedRole', then
144: // the role 'assignedRole' can be inherited to the user 'inheritedUser' via group 'inheritingGroup'.
145:
146: ums.addUser("inheritedUser", "password");
147: gms.addGroup("inheritingGroup");
148: gms.addUserToGroup("inheritedUser", "inheritingGroup");
149: rms.addRole("assignedRole");
150: rms.addRoleToGroup("assignedRole", "inheritingGroup");
151: User testUser = ums.getUser("inheritedUser");
152:
153: List principalNames = new ArrayList();
154: for (Iterator it = testUser.getSubject().getPrincipals()
155: .iterator(); it.hasNext();) {
156: Principal p = (Principal) it.next();
157: principalNames.add(p.getName());
158: }
159:
160: assertTrue(
161: "user is expected to have a user principal named inheritedUser.",
162: principalNames.contains("inheritedUser"));
163: assertTrue(
164: "user is expected to have a group principal named inheritingGroup.",
165: principalNames.contains("inheritingGroup"));
166: assertTrue(
167: "user is expected to have a role principal named assignedRole which is inherited via the group.",
168: principalNames.contains("assignedRole"));
169:
170: // However, roles from role manager should not contain the role 'assignedRole'
171: // because the role 'assignedRole' is not directly assigned to user 'inheritedUser'.
172: // For example, the Users Admin portlet uses RoleManager to retrieve roles directly assigned to a user.
173:
174: List userRoleNames = new ArrayList();
175: for (Iterator it = rms.getRolesForUser("inheritedUser")
176: .iterator(); it.hasNext();) {
177: Role role = (Role) it.next();
178: userRoleNames.add(role.getPrincipal().getName());
179: }
180:
181: assertFalse(
182: "role 'assignedRole' is not expected to be retrieved because the role 'assignedRole' is not directly assigned to user 'inheritedUser'.",
183: userRoleNames.contains("assignedRole"));
184: } catch (SecurityException sex) {
185: assertTrue(
186: "failed to test 'rolesInheritableViaGroups' mode in testGetUser(), "
187: + sex, false);
188: } finally {
189: // Cleanup test.
190: try {
191: rms.removeRole("assignedRole");
192: } catch (SecurityException sex) {
193: }
194:
195: try {
196: gms.removeGroup("inheritingGroup");
197: } catch (SecurityException sex) {
198: }
199:
200: try {
201: ums.removeUser("inheritedUser");
202: } catch (SecurityException sex) {
203: }
204: }
205:
206: }
207:
208: /**
209: * <p>
210: * Test get users in role.
211: * </p>
212: */
213: public void testGetUsersInRole() {
214: // Init test.
215: try {
216: ums.addUser("anonuser3", "password");
217: ums.addUser("anonuser4", "password");
218: rms.addRole("testuserrolemapping");
219: rms.addRole("testuserrolemapping.role1");
220: rms.addRole("testuserrolemapping.role2");
221: rms.addRoleToUser("anonuser3", "testuserrolemapping");
222: rms.addRoleToUser("anonuser3", "testuserrolemapping.role1");
223: rms.addRoleToUser("anonuser3", "testuserrolemapping.role2");
224: rms.addRoleToUser("anonuser4", "testuserrolemapping");
225: } catch (SecurityException sex) {
226: assertTrue("failed to init testGetUsersInRole(), " + sex,
227: false);
228: }
229:
230: try {
231: Collection users = ums
232: .getUsersInRole("testuserrolemapping");
233: assertEquals("users size should be == 2", 2, users.size());
234: } catch (SecurityException sex) {
235: assertTrue(
236: "role exists. should not have thrown an exception: "
237: + sex, false);
238: }
239:
240: // Cleanup test.
241: try {
242: ums.removeUser("anonuser3");
243: ums.removeUser("anonuser4");
244: rms.removeRole("testuserrolemapping");
245: } catch (SecurityException sex) {
246: assertTrue(
247: "could not remove user and role. exception caught: "
248: + sex, false);
249: }
250: }
251:
252: /**
253: * <p>
254: * Test get users in group.
255: * </p>
256: */
257: public void testGetUsersInGroup() {
258: // Init test.
259: try {
260: ums.addUser("anonuser2", "password");
261: ums.addUser("anonuser3", "password");
262: ums.addUser("anonuser4", "password");
263: gms.addGroup("testgroup1");
264: gms.addGroup("testgroup1.group1");
265: gms.addUserToGroup("anonuser2", "testgroup1.group1");
266: gms.addUserToGroup("anonuser3", "testgroup1.group1");
267: gms.addUserToGroup("anonuser4", "testgroup1.group1");
268: } catch (SecurityException sex) {
269: assertTrue("failed to init testGetUsersInGroup(), " + sex,
270: false);
271: }
272:
273: try {
274: Collection users = ums.getUsersInGroup("testgroup1.group1");
275: assertEquals("users size should be == 3", 3, users.size());
276: } catch (SecurityException sex) {
277: assertTrue(
278: "group exists. should not have thrown an exception: "
279: + sex, false);
280: }
281:
282: // Cleanup test.
283: try {
284: ums.removeUser("anonuser2");
285: ums.removeUser("anonuser3");
286: ums.removeUser("anonuser4");
287: gms.removeGroup("testgroup1");
288: } catch (SecurityException sex) {
289: assertTrue(
290: "could not remove user and group. exception caught: "
291: + sex, false);
292: }
293: }
294:
295: /**
296: * <p>
297: * Test set password.
298: * </p>
299: */
300: public void testSetPassword() {
301: try {
302: ums.addUser("anon", "password");
303: ums.setPassword("anon", "password", "newpassword");
304:
305: LoginContext loginContext = null;
306: // Test that the user can log in with the new password.
307: try {
308: PassiveCallbackHandler pch = new PassiveCallbackHandler(
309: "anon", "newpassword");
310: loginContext = new LoginContext("Jetspeed", pch);
311: loginContext.login();
312: loginContext.logout();
313: } catch (LoginException le) {
314: le.printStackTrace();
315: assertTrue("failed to login user with new password.",
316: false);
317: }
318: } catch (SecurityException sex) {
319: }
320: }
321:
322: /**
323: * <p>
324: * Test get users.
325: * </p>
326: *
327: * @throws Exception Throws an exception.
328: */
329: public void testGetUsers() throws Exception {
330: ums.addUser("one", "one-pw");
331: ums.addUser("two", "two-pw");
332: ums.addUser("three", "three-pw");
333: int count = 0;
334: Iterator it = ums.getUsers("");
335: while (it.hasNext()) {
336: User user = (User) it.next();
337: Iterator principals = user.getSubject().getPrincipals()
338: .iterator();
339: while (principals.hasNext()) {
340: Principal principal = (Principal) principals.next();
341: System.out
342: .println("principal = " + principal.getName());
343: if (principal.getName().equals("one")) {
344: count++;
345: } else if (principal.getName().equals("two")) {
346: count++;
347: } else if (principal.getName().equals("three")) {
348: count++;
349: }
350: }
351: }
352: assertTrue("user count should be 3", count == 3);
353: ums.removeUser("one");
354: ums.removeUser("two");
355: ums.removeUser("three");
356: }
357:
358: /**
359: * <p>
360: * Destroy user test object.
361: * </p>
362: */
363: protected void destroyUserObject() {
364: try {
365: if (ums.userExists("anon"))
366: ums.removeUser("anon");
367: if (ums.userExists("test"))
368: ums.removeUser("test");
369: } catch (SecurityException sex) {
370: System.out
371: .println("could not remove test users. exception caught: "
372: + sex);
373: }
374: }
375:
376: }
|