001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.superbiz.injection.secure;
017:
018: import junit.framework.TestCase;
019:
020: import javax.annotation.security.RunAs;
021: import javax.ejb.EJBAccessException;
022: import javax.ejb.Stateless;
023: import javax.naming.Context;
024: import javax.naming.InitialContext;
025: import java.util.List;
026: import java.util.Properties;
027: import java.util.concurrent.Callable;
028:
029: /**
030: * @version $Revision: 607077 $ $Date: 2007-12-27 06:55:23 -0800 (Thu, 27 Dec 2007) $
031: */
032: public class MovieTest extends TestCase {
033: private Context context;
034:
035: protected void setUp() throws Exception {
036: Properties p = new Properties();
037: p.put(Context.INITIAL_CONTEXT_FACTORY,
038: "org.apache.openejb.client.LocalInitialContextFactory");
039: p.put("movieDatabase", "new://Resource?type=DataSource");
040: p.put("movieDatabase.JdbcDriver", "org.hsqldb.jdbcDriver");
041: p.put("movieDatabase.JdbcUrl", "jdbc:hsqldb:mem:moviedb");
042:
043: p.put("movieDatabaseUnmanaged",
044: "new://Resource?type=DataSource");
045: p.put("movieDatabaseUnmanaged.JdbcDriver",
046: "org.hsqldb.jdbcDriver");
047: p.put("movieDatabaseUnmanaged.JdbcUrl",
048: "jdbc:hsqldb:mem:moviedb");
049: p.put("movieDatabaseUnmanaged.JtaManaged", "false");
050:
051: context = new InitialContext(p);
052: }
053:
054: public void testAsManager() throws Exception {
055: Caller managerBean = (Caller) context
056: .lookup("ManagerBeanLocal");
057: managerBean.call(new Callable() {
058: public Object call() throws Exception {
059:
060: Movies movies = (Movies) context.lookup("MoviesLocal");
061:
062: movies.addMovie(new Movie("Quentin Tarantino",
063: "Reservoir Dogs", 1992));
064: movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
065: movies.addMovie(new Movie("Joel Coen",
066: "The Big Lebowski", 1998));
067:
068: List<Movie> list = movies.getMovies();
069: assertEquals("List.size()", 3, list.size());
070:
071: for (Movie movie : list) {
072: movies.deleteMovie(movie);
073: }
074:
075: assertEquals("Movies.getMovies()", 0, movies
076: .getMovies().size());
077: return null;
078: }
079: });
080: }
081:
082: public void testAsEmployee() throws Exception {
083: Caller employeeBean = (Caller) context
084: .lookup("EmployeeBeanLocal");
085: employeeBean.call(new Callable() {
086: public Object call() throws Exception {
087: Movies movies = (Movies) context.lookup("MoviesLocal");
088:
089: movies.addMovie(new Movie("Quentin Tarantino",
090: "Reservoir Dogs", 1992));
091: movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
092: movies.addMovie(new Movie("Joel Coen",
093: "The Big Lebowski", 1998));
094:
095: List<Movie> list = movies.getMovies();
096: assertEquals("List.size()", 3, list.size());
097:
098: for (Movie movie : list) {
099: try {
100: movies.deleteMovie(movie);
101: fail("Employees should not be allowed to delete");
102: } catch (EJBAccessException e) {
103: // Good, Employees cannot delete things
104: }
105: }
106:
107: // The list should still be three movies long
108: assertEquals("Movies.getMovies()", 3, movies
109: .getMovies().size());
110: return null;
111: }
112: });
113: }
114:
115: public void testUnauthenticated() throws Exception {
116: Movies movies = (Movies) context.lookup("MoviesLocal");
117:
118: try {
119: movies.addMovie(new Movie("Quentin Tarantino",
120: "Reservoir Dogs", 1992));
121: fail("Unauthenticated users should not be able to add movies");
122: } catch (EJBAccessException e) {
123: // Good, guests cannot add things
124: }
125:
126: try {
127: movies.deleteMovie(null);
128: fail("Unauthenticated users should not be allowed to delete");
129: } catch (EJBAccessException e) {
130: // Good, Unauthenticated users cannot delete things
131: }
132:
133: try {
134: // Read access should be allowed
135:
136: List<Movie> list = movies.getMovies();
137:
138: } catch (EJBAccessException e) {
139: fail("Read access should be allowed");
140: }
141:
142: }
143:
144: public static interface Caller {
145: public <V> V call(Callable<V> callable) throws Exception;
146: }
147:
148: /**
149: * This little bit of magic allows our test code to execute in
150: * the scope.
151: * <p/>
152: * The src/test/resource/META-INF/ejb-jar.xml will cause this
153: * EJB to be automatically discovered and deployed when
154: * OpenEJB boots up.
155: */
156:
157: @Stateless
158: @RunAs("Manager")
159: public static class ManagerBean implements Caller {
160:
161: public <V> V call(Callable<V> callable) throws Exception {
162: return callable.call();
163: }
164:
165: }
166:
167: @Stateless
168: @RunAs("Employee")
169: public static class EmployeeBean implements Caller {
170:
171: public <V> V call(Callable<V> callable) throws Exception {
172: return callable.call();
173: }
174:
175: }
176:
177: }
|