001: /*
002: * JOnAS: Java(TM) Open Application Server
003: * Copyright (C) 1999 Bull S.A.
004: * Contact: jonas-team@objectweb.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * --------------------------------------------------------------------------
022: * $Id: A_AccessControl.java 5650 2004-10-20 14:42:29Z durieuxp $
023: * --------------------------------------------------------------------------
024: */
025:
026: package org.objectweb.jonas.jtests.clients.security;
027:
028: import java.rmi.RemoteException;
029: import java.util.Hashtable;
030: import java.util.Vector;
031:
032: import org.objectweb.jonas.jtests.beans.secured.BaseS;
033: import org.objectweb.jonas.jtests.util.JTestCase;
034: import org.objectweb.security.context.SecurityContext;
035: import org.objectweb.security.context.SecurityCurrent;
036:
037: /**
038: * Security Management common tests for all type of beans (Entity/Session)
039: *
040: * @author Ph.Coq, Ph.Durieux
041: *
042: */
043:
044: public abstract class A_AccessControl extends JTestCase {
045:
046: protected static String PRINCIPAL1_NAME = "principal1";
047: protected static String PRINCIPAL3_NAME = "principal3";
048: protected static String ROLE1_NAME = "baserole1";
049: protected static String ROLE2_NAME = "baserole2";
050:
051: protected static SecurityCurrent current = null;
052: protected static SecurityContext principal1 = null;
053: protected static SecurityContext principal2 = null;
054: protected static SecurityContext principal3 = null;
055: protected static SecurityContext principal4 = null;
056:
057: public A_AccessControl(String name) {
058: super (name);
059: }
060:
061: /**
062: * init environment:
063: * - load beans
064: */
065: protected void setUp() {
066: super .setUp();
067: if (current == null) {
068: current = SecurityCurrent.getCurrent();
069: principal1 = new SecurityContext("principal1",
070: new String[] { "role1" });
071: principal2 = new SecurityContext("principal2",
072: new String[] { "role2" });
073: String[] roles3 = new String[] { "role1", "role3" };
074: principal3 = new SecurityContext(PRINCIPAL3_NAME, roles3);
075: String[] roles4 = new String[] { "role2" };
076: principal4 = new SecurityContext("principal4", roles4);
077: }
078: }
079:
080: public abstract BaseS getBaseS(String name) throws Exception;
081:
082: public abstract void removeBaseS(String name) throws Exception;
083:
084: /**
085: * test getCallerPrincipal.
086: * The Principal must be propagated.
087: */
088: public void testGetCallerPrincipal() throws Exception {
089: current.setSecurityContext(principal1);
090: BaseS sl = getBaseS("un");
091: assertEquals(PRINCIPAL1_NAME, sl.getPrincipalName());
092: sl.remove();
093: }
094:
095: /**
096: * test isCallerInRole.
097: * principal1 = role1
098: * principal2 = role2
099: */
100: public void testIsCallerInRole() throws Exception {
101: current.setSecurityContext(principal1);
102: BaseS sl = getBaseS("deux");
103: assertTrue(sl.isCallerInRole(ROLE1_NAME) == true);
104: assertTrue(sl.isCallerInRole(ROLE2_NAME) == false);
105: sl.remove();
106: }
107:
108: /**
109: * test testIsCallerInRoleRolesInContext.
110: * principal1 = role1 (jonas-users.properties)
111: * principal2 = role2 (jonas-users.properties)
112: * principal3 = role1, role3 (role with security context)
113: * principal4 = role2 (role with security context)
114: */
115: public void testIsCallerInRoleRolesInContext() throws Exception {
116: current.setSecurityContext(principal3);
117: BaseS sl = getBaseS("deuxbis");
118: assertTrue(sl.isCallerInRole(ROLE1_NAME) == true);
119: assertTrue(sl.isCallerInRole(ROLE2_NAME) == false);
120: sl.remove();
121: }
122:
123: /**
124: * test basic method reject
125: */
126: public void testBasicMethodReject() throws Exception {
127: current.setSecurityContext(principal1);
128: BaseS sl = getBaseS("trois");
129: try {
130: sl.simpleMethod();
131: fail("should be rejected: not in the role");
132: } catch (RemoteException e) {
133: }
134: sl.remove();
135: }
136:
137: /**
138: * test basic method reject
139: */
140: public void testBasicMethodRejectRolesInContext() throws Exception {
141: current.setSecurityContext(principal3);
142: BaseS sl = getBaseS("troisbis");
143: try {
144: sl.simpleMethod();
145: fail("should be rejected: not in the role");
146: } catch (RemoteException e) {
147: }
148: sl.remove();
149: }
150:
151: /**
152: * test basic method accept
153: */
154: public void testBasicMethodAccept() throws Exception {
155: current.setSecurityContext(principal2);
156: BaseS sl = getBaseS("quatre");
157: sl.simpleMethod();
158: sl.remove();
159: }
160:
161: /**
162: * test basic method accept
163: */
164: public void testBasicMethodAcceptRolesInContext() throws Exception {
165: current.setSecurityContext(principal4);
166: BaseS sl = getBaseS("quatrebis");
167: sl.simpleMethod();
168: sl.remove();
169: }
170:
171: /**
172: * test complex method reject
173: */
174: public void testComplexMethodReject() throws Exception {
175: current.setSecurityContext(principal1);
176: BaseS sl = getBaseS("cinq");
177: try {
178: Hashtable ht = new Hashtable();
179: ht.put("foo", new Vector(10));
180: ht.put("bar", new Hashtable());
181: Object[] o = { "bar", new Hashtable(), new Vector() };
182: sl.complexMethod(ht, o);
183: fail("should be rejected: not in the role");
184: } catch (RemoteException e) {
185: }
186: sl.remove();
187: }
188:
189: /**
190: * test complex method reject
191: */
192: public void testComplexMethodRejectRolesInContext()
193: throws Exception {
194: current.setSecurityContext(principal3);
195: BaseS sl = getBaseS("cinqbis");
196: try {
197: Hashtable ht = new Hashtable();
198: ht.put("foo", new Vector(10));
199: ht.put("bar", new Hashtable());
200: Object[] o = { "bar", new Hashtable(), new Vector() };
201: sl.complexMethod(ht, o);
202: fail("should be rejected: not in the role");
203: } catch (RemoteException e) {
204: }
205: sl.remove();
206: }
207:
208: /**
209: * test complex method accept
210: */
211: public void testComplexMethodAccept() throws Exception {
212: current.setSecurityContext(principal2);
213: BaseS sl = getBaseS("six");
214: Hashtable ht = new Hashtable();
215: ht.put("foo", new Vector(10));
216: ht.put("bar", new Hashtable());
217: Object[] o = { "bar", new Hashtable(), new Vector() };
218: sl.complexMethod(ht, o);
219: sl.remove();
220: }
221:
222: /**
223: * test complex method accept
224: */
225: public void testComplexMethodAcceptRolesInContext()
226: throws Exception {
227: current.setSecurityContext(principal4);
228: BaseS sl = getBaseS("sixbis");
229: Hashtable ht = new Hashtable();
230: ht.put("foo", new Vector(10));
231: ht.put("bar", new Hashtable());
232: Object[] o = { "bar", new Hashtable(), new Vector() };
233: sl.complexMethod(ht, o);
234: sl.remove();
235: }
236:
237: /**
238: * test security-role-ref in DD
239: * baserole -> role1
240: */
241: public void testSecurityRoleRef() throws Exception {
242: current.setSecurityContext(principal1);
243: BaseS sl = getBaseS("sept");
244: assertTrue(sl.isCallerInRole(ROLE1_NAME) == true);
245: sl.remove();
246: }
247:
248: /**
249: * test security-role-ref in DD
250: * baserole -> role1
251: */
252: public void testSecurityRoleRefRolesInContext() throws Exception {
253: current.setSecurityContext(principal3);
254: BaseS sl = getBaseS("septbis");
255: assertTrue(sl.isCallerInRole(ROLE1_NAME) == true);
256: sl.remove();
257: }
258:
259: /**
260: * test principal propagation from bean to bean
261: */
262: public void testBeanToBeanPropagation() throws Exception {
263: current.setSecurityContext(principal1);
264: BaseS sl = getBaseS("sept");
265: assertEquals(PRINCIPAL1_NAME, sl
266: .getPrincipalNameOfAnotherBean());
267: sl.remove();
268: }
269:
270: /**
271: * test principal propagation from bean to bean
272: */
273: public void testBeanToBeanPropagationRolesInContext()
274: throws Exception {
275: current.setSecurityContext(principal3);
276: BaseS sl = getBaseS("sept");
277: assertEquals(PRINCIPAL3_NAME, sl
278: .getPrincipalNameOfAnotherBean());
279: sl.remove();
280: }
281:
282: /**
283: * test principal propagation from bean to bean and access is denied
284: */
285: public void testRejectBeanToBeanAccess() throws Exception {
286: current.setSecurityContext(principal2);
287: BaseS sl = getBaseS("huit");
288: try {
289: sl.getPrincipalNameOfAnotherBean();
290: fail("should be rejected: not in the role");
291: } catch (RemoteException e) {
292: } finally {
293: // sl should have been discarded.
294: removeBaseS("huit");
295: }
296: }
297:
298: /**
299: * test principal propagation from bean to bean and access is denied
300: */
301: public void testRejectBeanToBeanAccessRolesInContext()
302: throws Exception {
303: current.setSecurityContext(principal4);
304: BaseS sl = getBaseS("huitbis");
305: try {
306: sl.getPrincipalNameOfAnotherBean();
307: fail("should be rejected: not in the role");
308: } catch (RemoteException e) {
309: } finally {
310: // sl should have been discarded.
311: removeBaseS("huitbis");
312: }
313: }
314:
315: /**
316: * test accept access to a local method
317: * callAnotherMethod is called with role1 and call DerivedSF.anotheMethod with this role
318: * return false if access to anotheMethod was denied
319: * expected return is true
320: */
321: public void testLocalMethodAccept() throws Exception {
322: current.setSecurityContext(principal1);
323: BaseS sl = getBaseS("neuf");
324: assertTrue(sl.callAnotherMethod() == true);
325: sl.remove();
326: }
327:
328: /**
329: * test accept access to a local method
330: * callAnotherMethod is called with role1 and call DerivedSF.anotheMethod with this role
331: * return false if access to anotheMethod was denied
332: * expected return is true
333: */
334: public void testLocalMethodAcceptRolesInContext() throws Exception {
335: current.setSecurityContext(principal3);
336: BaseS sl = getBaseS("neufbis");
337: assertTrue(sl.callAnotherMethod() == true);
338: sl.remove();
339: }
340:
341: /**
342: * test reject access to a local method
343: * callAnotherMethod is called with role1 and call DerivedSF.anotheMethod with this role
344: * return false if access to anotheMethod was denied
345: * expected return is true
346: */
347: public void testLocalMethodReject() throws Exception {
348: current.setSecurityContext(principal2);
349: BaseS sl = getBaseS("dix");
350: assertTrue(sl.callAnotherMethod() == false);
351: sl.remove();
352: }
353:
354: /**
355: * test reject access to a local method
356: * callAnotherMethod is called with role1 and call DerivedSF.anotheMethod with this role
357: * return false if access to anotheMethod was denied
358: * expected return is true
359: */
360: public void testLocalMethodRejectRolesInContext() throws Exception {
361: current.setSecurityContext(principal4);
362: BaseS sl = getBaseS("dixbis");
363: assertTrue(sl.callAnotherMethod() == false);
364: sl.remove();
365: }
366:
367: /**
368: * test on an exluded method (excluded list)
369: */
370: public void testExcludedMethod() throws Exception {
371: current.setSecurityContext(principal2);
372: BaseS sl = getBaseS("excluded");
373: try {
374: sl.excludedMethod();
375: fail("should be excluded");
376: } catch (RemoteException e) {
377: }
378: sl.remove();
379: }
380:
381: /**
382: * test timeout
383: */
384: public void testTimeout() throws Exception {
385: current.setSecurityContext(principal2);
386: int duration = 5;
387: BaseS sl = getBaseS("timed");
388: try {
389: int oldval = sl.getTimerCount();
390: sl.setTimer(duration, 0, 0);
391: sleep(2000);
392: assertEquals("timer expired too quickly", oldval, sl
393: .getTimerCount());
394: sleep(4000);
395: assertEquals("timer did not expired", oldval + 1, sl
396: .getTimerCount());
397: } finally {
398: sl.remove();
399: }
400: }
401: }
|