001: package org.apache.turbine.services.security;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import junit.framework.Test;
023: import junit.framework.TestSuite;
024:
025: import org.apache.turbine.om.security.Group;
026: import org.apache.turbine.om.security.Role;
027: import org.apache.turbine.om.security.User;
028: import org.apache.turbine.test.BaseTurbineHsqlTest;
029: import org.apache.turbine.util.security.AccessControlList;
030: import org.apache.turbine.util.security.DataBackendException;
031: import org.apache.turbine.util.security.EntityExistsException;
032: import org.apache.turbine.util.security.PermissionSet;
033: import org.apache.turbine.util.security.RoleSet;
034: import org.apache.turbine.util.security.UnknownEntityException;
035:
036: public class TestSecurityRole extends BaseTurbineHsqlTest {
037: public TestSecurityRole(String name) throws Exception {
038: super (name, "conf/test/TurbineResources.properties");
039: }
040:
041: public static Test suite() {
042: return new TestSuite(TestSecurityRole.class);
043: }
044:
045: public void testInit() {
046: SecurityService ss = TurbineSecurity.getService();
047: assertTrue("Service failed to initialize", ss.getInit());
048: }
049:
050: public void testRoleByName() throws Exception {
051: SecurityService ss = TurbineSecurity.getService();
052:
053: Role role = ss.getRoleByName("User");
054: assertNotNull(role);
055: assertEquals(role.getName(), "User");
056: }
057:
058: public void testRoleById() throws Exception {
059: SecurityService ss = TurbineSecurity.getService();
060:
061: Role role = ss.getRoleById(2);
062: assertNotNull(role);
063: assertEquals(role.getName(), "Admin");
064: }
065:
066: public void testRolePermissions() throws Exception {
067: SecurityService ss = TurbineSecurity.getService();
068:
069: Role role = ss.getRoleByName("User");
070: assertNotNull(role);
071:
072: PermissionSet ps = ss.getPermissions(role);
073:
074: assertEquals(2, ps.size());
075: }
076:
077: public void testAllRoles() throws Exception {
078: SecurityService ss = TurbineSecurity.getService();
079:
080: RoleSet gs = ss.getAllRoles();
081:
082: assertEquals(2, gs.size());
083: }
084:
085: public void testAddRole() throws Exception {
086: SecurityService ss = TurbineSecurity.getService();
087:
088: Role newbie = ss.getRoleInstance();
089: newbie.setName("newbie");
090:
091: ss.addRole(newbie);
092:
093: assertEquals("Role was not added", 3, ss.getAllRoles().size());
094:
095: try {
096: Role user = ss.getRoleByName("User");
097:
098: ss.addRole(user);
099: fail("Existing Role could be added!");
100: } catch (Exception e) {
101: assertEquals("Wrong Exception thrown: "
102: + e.getClass().getName(),
103: EntityExistsException.class, e.getClass());
104: }
105:
106: try {
107: Role empty = ss.getRoleInstance();
108:
109: ss.addRole(empty);
110: fail("Role with empty Rolename could be added!");
111: } catch (Exception e) {
112: assertEquals("Wrong Exception thrown: "
113: + e.getClass().getName(),
114: DataBackendException.class, e.getClass());
115: }
116:
117: assertEquals("Role was not added", 3, ss.getAllRoles().size());
118: }
119:
120: public void testRemoveRole() throws Exception {
121: SecurityService ss = TurbineSecurity.getService();
122:
123: assertEquals("Role was not added", 3, ss.getAllRoles().size());
124:
125: Role newbie = ss.getRoleByName("newbie");
126: assertNotNull(newbie);
127:
128: ss.removeRole(newbie);
129:
130: try {
131: Role foo = ss.getRoleInstance();
132: foo.setName("foo");
133:
134: ss.removeRole(foo);
135: fail("Non Existing Role could be deleted!");
136: } catch (Exception e) {
137: assertEquals("Wrong Exception thrown: "
138: + e.getClass().getName(), e.getClass(),
139: UnknownEntityException.class);
140: }
141:
142: assertEquals("Role was not removed", 2, ss.getAllRoles().size());
143: }
144:
145: public void testGrantRole() throws Exception {
146: SecurityService ss = TurbineSecurity.getService();
147:
148: User admin = ss.getUser("admin");
149: assertNotNull(admin);
150:
151: Group global = ss.getGroupByName("global");
152: assertNotNull(global);
153:
154: Role app = ss.getRoleByName("User");
155: assertNotNull(app);
156:
157: AccessControlList acl = ss.getACL(admin);
158: assertFalse(acl.hasRole(app, global));
159:
160: ss.grant(admin, global, app);
161:
162: AccessControlList acl2 = ss.getACL(admin);
163: assertTrue(acl2.hasRole(app, global));
164:
165: // Get existing ACL modified?
166: assertFalse(acl.hasRole(app, global));
167:
168: try {
169: ss.grant(admin, global, app);
170: fail("Role could be granted twice!");
171: } catch (Exception e) {
172: //
173: // Ugh. DataBackendError? This means that our query actually hit the database and only the "unique key"
174: // prevented us from a double entry. This seems to be a bug
175: //
176: assertEquals("Wrong Exception thrown: "
177: + e.getClass().getName(),
178: DataBackendException.class, e.getClass());
179: }
180:
181: try {
182: Role unknown = ss.getRoleInstance("unknown");
183:
184: ss.grant(admin, global, unknown);
185: fail("Nonexisting Role could be granted!");
186: } catch (Exception e) {
187: assertEquals("Wrong Exception thrown: "
188: + e.getClass().getName(),
189: UnknownEntityException.class, e.getClass());
190: }
191:
192: try {
193: Group unknown = ss.getGroupInstance("unknown");
194:
195: ss.grant(admin, unknown, app);
196: fail("Role in non existing group could be granted!");
197: } catch (Exception e) {
198: assertEquals("Wrong Exception thrown: "
199: + e.getClass().getName(),
200: UnknownEntityException.class, e.getClass());
201: }
202: }
203:
204: public void testRevokeRole() throws Exception {
205: SecurityService ss = TurbineSecurity.getService();
206:
207: User admin = ss.getUser("admin");
208: assertNotNull(admin);
209:
210: Group global = ss.getGroupByName("global");
211: assertNotNull(global);
212:
213: Role app = ss.getRoleByName("User");
214: assertNotNull(app);
215:
216: AccessControlList acl = ss.getACL(admin);
217: assertTrue(acl.hasRole(app, global));
218:
219: ss.revoke(admin, global, app);
220:
221: AccessControlList acl2 = ss.getACL(admin);
222: assertFalse(acl2.hasRole(app, global));
223:
224: // Get existing ACL modified?
225: assertTrue(acl.hasRole(app, global));
226:
227: try {
228: Role unknown = ss.getRoleInstance("unknown");
229: ss.revoke(admin, global, unknown);
230: fail("Nonexisting Role could be revoked!");
231: } catch (Exception e) {
232: assertEquals("Wrong Exception thrown: "
233: + e.getClass().getName(),
234: UnknownEntityException.class, e.getClass());
235: }
236:
237: try {
238: Group unknown = ss.getGroupInstance("unknown");
239: ss.revoke(admin, unknown, app);
240: fail("Role in non existing group could be revoked!");
241: } catch (Exception e) {
242: assertEquals("Wrong Exception thrown: "
243: + e.getClass().getName(),
244: UnknownEntityException.class, e.getClass());
245:
246: }
247:
248: //
249: // One can revoke an existing role in an existing group, even if this role was
250: // never granted to an user. While this is not really a bug, this might be
251: // something that should be checked in the long run.
252: //
253: // try
254: // {
255: // ss.revoke(admin, global, app);
256: // fail("Role could be revoked twice!");
257: // }
258: // catch (Exception e)
259: // {
260: // assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
261: // }
262: //
263: // try
264: // {
265: // Role adm = ss.getRole("Admin");
266: // ss.revoke(admin, global, adm);
267: // fail("Role could be revoked from wrong group!");
268: // }
269: // catch (Exception e)
270: // {
271: // assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
272: // }
273: //
274: // try
275: // {
276: // Group turbine = ss.getGroup("Turbine");
277: // ss.revoke(admin, turbine, app);
278: // fail("Non existing Role could be revoked!");
279: // }
280: // catch (Exception e)
281: // {
282: // assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
283: // }
284: }
285:
286: public void testRevokeAll() throws Exception {
287: SecurityService ss = TurbineSecurity.getService();
288:
289: User admin = ss.getUser("admin");
290: assertNotNull(admin);
291:
292: Group turbine = ss.getGroupByName("Turbine");
293: assertNotNull(turbine);
294:
295: AccessControlList acl = ss.getACL(admin);
296: assertEquals(1, acl.getRoles(turbine).size());
297:
298: ss.revokeAll(admin);
299:
300: AccessControlList acl2 = ss.getACL(admin);
301: assertEquals(0, acl2.getRoles(turbine).size());
302: }
303:
304: public void testSaveRole() throws Exception {
305: SecurityService ss = TurbineSecurity.getService();
306:
307: Role admin = ss.getRoleByName("Admin");
308:
309: ss.saveRole(admin);
310:
311: try {
312: Role fake = ss.getRoleInstance("fake");
313:
314: ss.saveRole(fake);
315: fail("Non Existing Role could be saved!");
316: } catch (Exception e) {
317: assertEquals("Wrong Exception thrown: "
318: + e.getClass().getName(), e.getClass(),
319: UnknownEntityException.class);
320: }
321: }
322:
323: public void testRenameRole() throws Exception {
324: SecurityService ss = TurbineSecurity.getService();
325:
326: Role newbie = ss.getRoleInstance("newbie");
327: ss.addRole(newbie);
328:
329: Role test = ss.getRoleByName("newbie");
330: assertNotNull(test);
331:
332: ss.renameRole(test, "fake");
333:
334: Role fake = ss.getRoleByName("fake");
335: assertNotNull(fake);
336:
337: //
338: // Now this is a Turbine Bug...
339: //
340: // try
341: // {
342: // RoleSet gs = ss.getRoles(new org.apache.torque.util.Criteria());
343: // assertEquals(3, gs.size());
344:
345: // ss.renameRole(fake, "Admin");
346:
347: // RoleSet gs2 = ss.getRoles(new org.apache.torque.util.Criteria());
348: // assertEquals("Two roles with the same name exist!", 2, gs2.size());
349:
350: // fail("Role could be renamed to existing Role and got lost from the database!");
351: // }
352: // catch (Exception e)
353: // {
354: // assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
355: // }
356: }
357: }
|