001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi;
018:
019: import java.util.ArrayList;
020: import java.util.Arrays;
021: import java.util.List;
022:
023: import junit.framework.Test;
024: import junit.framework.TestSuite;
025:
026: import org.apache.jetspeed.security.SecurityException;
027: import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
028:
029: /**
030: * <p>
031: * TestInternalPasswordCredentialHistoryHandlingInterceptor
032: * </p>
033: *
034: * @author <a href="mailto:ate@apache.org">Ate Douma</a>
035: * @version $Id: TestPasswordHistoryInterceptor.java 516448 2007-03-09 16:25:47Z ate $
036: */
037: public class TestPasswordHistoryInterceptor extends
038: AbstractSecurityTestcase {
039: protected void setUp() throws Exception {
040: super .setUp();
041: // cleanup for previously failed test
042: destroyUser();
043: initUser();
044: }
045:
046: public void tearDown() throws Exception {
047: destroyUser();
048: super .tearDown();
049: }
050:
051: public static Test suite() {
052: return new TestSuite(TestPasswordHistoryInterceptor.class);
053: }
054:
055: public void testPasswordHistory() throws Exception {
056: // note that the automated test here must wait between
057: // create user and set password operations to ensure that
058: // passwords get unique timestamps
059: assertTrue("should be allowed to authenticate", ums
060: .authenticate("testcred", "password"));
061: Thread.sleep(1000);
062: ums.setPassword("testcred", "password", "password1");
063: Thread.sleep(1000);
064: ums.setPassword("testcred", "password1", "password2");
065: assertTrue("should be allowed to authenticate", ums
066: .authenticate("testcred", "password2"));
067: try {
068: Thread.sleep(1000);
069: ums.setPassword("testcred", "password2", "password");
070: fail("Should not be allowed to reuse a password from password history");
071: } catch (SecurityException sex) {
072: assertTrue(SecurityException.PASSWORD_ALREADY_USED
073: .equals(sex.getKeyedMessage()));
074: }
075: Thread.sleep(1000);
076: ums.setPassword("testcred", "password2", "password3");
077: Thread.sleep(1000);
078: ums.setPassword("testcred", "password3", "password4");
079: Thread.sleep(1000);
080: ums.setPassword("testcred", "password4", "password");
081:
082: assertTrue("should be allowed to authenticate", ums
083: .authenticate("testcred", "password"));
084: }
085:
086: protected void initUser() throws Exception {
087: ums.addUser("testcred", "password");
088: }
089:
090: protected void destroyUser() throws Exception {
091: ums.removeUser("testcred");
092: }
093:
094: protected String[] getConfigurations() {
095: String[] confs = super .getConfigurations();
096: List confList = new ArrayList(Arrays.asList(confs));
097: confList
098: .add("JETSPEED-INF/spring/TestPasswordHistoryInterceptor.xml");
099: return (String[]) confList.toArray(new String[1]);
100: }
101: }
|