001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.test;
023:
024: import java.security.Permissions;
025: import javax.security.jacc.WebResourcePermission;
026:
027: import junit.framework.TestCase;
028:
029: /** Tests of the JAAC WebResourcePermission
030: *
031: * @author Scott.Stark@jboss.org
032: * @version $Revision: 57211 $
033: */
034: public class WebResourcePermissionUnitTestCase extends TestCase {
035:
036: public WebResourcePermissionUnitTestCase(String name) {
037: super (name);
038: }
039:
040: public void testCtor2() throws Exception {
041: String nullActions = null;
042: WebResourcePermission p = new WebResourcePermission("/",
043: nullActions);
044: String actions = p.getActions();
045: assertTrue("actions(" + actions + ") == null", actions == null);
046:
047: p = new WebResourcePermission("", nullActions);
048: actions = p.getActions();
049: assertTrue("actions(" + actions + ") == null", actions == null);
050:
051: String[] emtpy = {};
052: p = new WebResourcePermission("/", emtpy);
053: actions = p.getActions();
054: assertTrue("actions(" + actions + ") == null", actions == null);
055:
056: p = new WebResourcePermission("/", "POST");
057: actions = p.getActions();
058: assertTrue("actions(" + actions + ") == POST", actions
059: .equals("POST"));
060:
061: p = new WebResourcePermission("/",
062: "GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE");
063: actions = p.getActions();
064: assertTrue("actions(" + actions + ") == null", actions == null);
065:
066: p = new WebResourcePermission("/", "TRACE,GET,DELETE");
067: actions = p.getActions();
068: assertTrue("actions(" + actions + ") == DELETE,GET,TRACE",
069: actions.equals("DELETE,GET,TRACE"));
070: }
071:
072: public void testImpliesPermission() throws Exception {
073: String nullActions = null;
074: WebResourcePermission p0 = new WebResourcePermission("/",
075: nullActions);
076: WebResourcePermission p1 = new WebResourcePermission("/", "GET");
077: assertTrue("p0.implies(p1)", p0.implies(p1));
078:
079: p0 = new WebResourcePermission("/", "");
080: assertTrue("p0.implies(p1)", p0.implies(p1));
081:
082: p1 = new WebResourcePermission("", "GET");
083: assertTrue("p0.implies(p1)", p0.implies(p1));
084:
085: String[] emtpy = {};
086: p0 = new WebResourcePermission("/", emtpy);
087: assertTrue("p0.implies(p1)", p0.implies(p1));
088:
089: p0 = new WebResourcePermission("/", "GET");
090: assertTrue("p0.implies(p1)", p0.implies(p1));
091:
092: p0 = new WebResourcePermission("/*", nullActions);
093: p1 = new WebResourcePermission("/any", "GET");
094: assertTrue("p0.implies(p1)", p0.implies(p1));
095:
096: p0 = new WebResourcePermission("/*", "GET");
097: p1 = new WebResourcePermission("/any", "GET");
098: assertTrue("p0.implies(p1)", p0.implies(p1));
099:
100: p0 = new WebResourcePermission("/any/*", "GET");
101: p1 = new WebResourcePermission("/any", "GET");
102: assertTrue("p0.implies(p1)", p0.implies(p1));
103:
104: p1 = new WebResourcePermission("/any/", "GET");
105: assertTrue("p0.implies(p1)", p0.implies(p1));
106:
107: p0 = new WebResourcePermission("/any/more/*", "GET");
108: p1 = new WebResourcePermission("/any/more/andsome", "GET");
109: assertTrue("p0.implies(p1)", p0.implies(p1));
110:
111: p0 = new WebResourcePermission("*.jsp", "POST,GET");
112: p1 = new WebResourcePermission("/snoop.jsp", "GET,POST");
113: assertTrue("p0.implies(p1)", p0.implies(p1));
114:
115: p0 = new WebResourcePermission("*.jsp", "POST,GET,TRACE");
116: assertTrue("p0.implies(p1)", p0.implies(p1));
117:
118: p0 = new WebResourcePermission("/snoop.jsp", "POST,GET,TRACE");
119: assertTrue("p0.implies(p1)", p0.implies(p1));
120:
121: p0 = new WebResourcePermission(
122: "/:/secured.jsp:/unchecked.jsp:/excluded.jsp:/sslprotected.jsp",
123: "POST,GET");
124: p1 = new WebResourcePermission(
125: "/:/secured.jsp:/excluded.jsp:/sslprotected.jsp:/unchecked.jsp",
126: "GET,POST");
127: assertTrue("p0.implies(p1)", p0.implies(p1));
128:
129: p0 = new WebResourcePermission("/restricted/*",
130: "DELETE,GET,HEAD,POST,PUT");
131: p1 = new WebResourcePermission("/restricted/SecureServlet",
132: "GET");
133: assertTrue("p0.implies(p1)", p0.implies(p1));
134: }
135:
136: public void testNotImpliesPermission() throws Exception {
137: String nullActions = null;
138: WebResourcePermission p0 = new WebResourcePermission("/", "GET");
139: WebResourcePermission p1 = new WebResourcePermission("/",
140: nullActions);
141: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
142:
143: p1 = new WebResourcePermission("/", "POST");
144: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
145:
146: p1 = new WebResourcePermission("", "GET");
147: assertTrue("! p1.implies(p0)", p1.implies(p0) == false);
148:
149: p1 = new WebResourcePermission("/", "GET,POST");
150: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
151:
152: p0 = new WebResourcePermission("/any/*", "GET");
153: p1 = new WebResourcePermission("/anymore", "GET");
154: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
155:
156: p1 = new WebResourcePermission("/anyx", "GET");
157: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
158:
159: p1 = new WebResourcePermission("/any/more", "GET,POST");
160: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
161:
162: p0 = new WebResourcePermission("/*", "GET");
163: p1 = new WebResourcePermission("/anyx", "GET,POST");
164: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
165:
166: p0 = new WebResourcePermission("*.jsp", "GET");
167: p1 = new WebResourcePermission("/", "GET");
168: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
169:
170: p0 = new WebResourcePermission("*.jsp", "GET");
171: p1 = new WebResourcePermission("/*", "GET");
172: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
173:
174: p0 = new WebResourcePermission("*.jsp", "GET");
175: p1 = new WebResourcePermission("/jsp", "GET");
176: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
177:
178: p0 = new WebResourcePermission("*.jsp", "GET");
179: p1 = new WebResourcePermission("/snoop,jsp", "GET");
180: assertTrue("! p0.implies(p1)", p0.implies(p1) == false);
181: }
182:
183: public void testBestMatch() throws Exception {
184: WebResourcePermission cp = new WebResourcePermission(
185: "/restricted/not", "GET");
186: WebResourcePermission excluded = new WebResourcePermission(
187: "/restricted/*", "");
188: WebResourcePermission unchecked = new WebResourcePermission(
189: "/restricted/not/*", "");
190: assertTrue("cp is excluded", excluded.implies(cp));
191: assertTrue("cp is unchecked", unchecked.implies(cp));
192:
193: assertTrue("unchecked is excluded", excluded.implies(unchecked));
194: assertTrue("excluded is NOT unchecked", unchecked
195: .implies(excluded) == false);
196:
197: Permissions excludedPC = new Permissions();
198: excludedPC.add(new WebResourcePermission("/restricted/*", ""));
199: excludedPC.add(new WebResourcePermission(
200: "/restricted/get-only/*",
201: "DELETE,HEAD,OPTIONS,POST,PUT,TRACE"));
202: excludedPC.add(new WebResourcePermission(
203: "/restricted/post-only/*",
204: "DELETE,HEAD,OPTIONS,POST,PUT,TRACE"));
205: excludedPC.add(new WebResourcePermission(
206: "/restricted/put-only/excluded/*", ""));
207: excludedPC.add(new WebResourcePermission(
208: "/restricted/get-only/excluded/*", ""));
209: excludedPC.add(new WebResourcePermission("/excluded/*", ""));
210:
211: Permissions uncheckedPC = new Permissions();
212: uncheckedPC.add(new WebResourcePermission("/unchecked/*", ""));
213: uncheckedPC.add(new WebResourcePermission(
214: "/restricted/post-only/*", "GET"));
215: uncheckedPC.add(new WebResourcePermission("/restricted/not/*",
216: ""));
217: uncheckedPC
218: .add(new WebResourcePermission(
219: "/unchecked/*:/restricted/not/*:/restricted/*:/restricted/put-only/excluded/*:/restricted/get-only/excluded/*:/restricted/any/*:/restricted/post-only/*:/restricted/get-only/*:/excluded/*",
220: ""));
221:
222: assertTrue("unchecked is in excludedPC", excludedPC
223: .implies(unchecked));
224: assertTrue("excluded is NOT in uncheckedPC", uncheckedPC
225: .implies(excluded) == false);
226:
227: }
228:
229: public void testQualifiedMatch() {
230: WebResourcePermission p0 = new WebResourcePermission(
231: "/restricted/*:/restricted/any/excluded/*:/restricted/not/*",
232: "");
233: WebResourcePermission p1 = new WebResourcePermission(
234: "/restricted/not", "GET");
235: assertFalse("/restricted/not GET is NOT implied", p0
236: .implies(p1));
237: }
238:
239: public void testQualifiedPatterns() {
240: try {
241: /* No pattern may exist in the URLPatternList that matches
242: the first pattern.
243: */
244: WebResourcePermission p = new WebResourcePermission("/:/*",
245: "");
246: fail("Should not have been able to use a pattern with matching qualifiying pattern");
247: } catch (IllegalArgumentException e) {
248: // Failed as expected
249: }
250:
251: try {
252: /* If the first pattern is a path-prefix pattern, only exact
253: patterns matched by the first pattern and path-prefix patterns
254: matched by, but different from, the first pattern may occur
255: in the URLPatternList.
256: */
257: WebResourcePermission p = new WebResourcePermission(
258: "/*:*.ext", "");
259: fail("Should not have been able to use a pattern with extension qualifiying pattern");
260: } catch (IllegalArgumentException e) {
261: // Failed as expected
262: }
263:
264: try {
265: /* If the first pattern is an extension pattern, only exact
266: patterns that are matched by the first pattern and path-prefix
267: patterns may occur in the URLPatternList.
268: */
269: WebResourcePermission p = new WebResourcePermission(
270: "*.ext:*.ext2", "");
271: fail("Should not have been able to use an extension in qualifiying pattern");
272: } catch (IllegalArgumentException e) {
273: // Failed as expected
274: }
275:
276: try {
277: /* If the first pattern is the default pattern, "/", any
278: pattern except the default pattern may occur in the
279: URLPatternList.
280: */
281: WebResourcePermission p0 = new WebResourcePermission("/:/",
282: "");
283: fail("Should not have been able to use the default pattern in qualifiying pattern");
284: } catch (IllegalArgumentException e) {
285: // Failed as expected
286: }
287:
288: try {
289: /* If the first pattern is an exact pattern a URLPatternList
290: must not be present in the URLPatternSpec.
291: */
292: WebResourcePermission p0 = new WebResourcePermission(
293: "/exact:/*", "");
294: fail("Should not have been able to use a qualifiying pattern");
295: } catch (IllegalArgumentException e) {
296: // Failed as expected
297: }
298: }
299: }
|