001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.layout;
018:
019: import java.io.File;
020: import java.security.PrivilegedAction;
021: import java.util.HashSet;
022: import java.util.List;
023: import java.util.Set;
024:
025: import javax.security.auth.Subject;
026:
027: import junit.framework.TestCase;
028:
029: import org.apache.jetspeed.components.ComponentManager;
030: import org.apache.jetspeed.components.SpringComponentManager;
031: import org.apache.jetspeed.components.factorybeans.ServletConfigFactoryBean;
032: import org.apache.jetspeed.layout.impl.LayoutValve;
033: import org.apache.jetspeed.mocks.ResourceLocatingServletContext;
034: import org.apache.jetspeed.om.common.SecurityConstraint;
035: import org.apache.jetspeed.om.page.PageSecurity;
036: import org.apache.jetspeed.om.page.SecurityConstraintsDef;
037: import org.apache.jetspeed.page.PageManager;
038: import org.apache.jetspeed.pipeline.PipelineException;
039: import org.apache.jetspeed.request.JetspeedRequestContext;
040: import org.apache.jetspeed.request.RequestContext;
041: import org.apache.jetspeed.security.JSSubject;
042: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
043: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
044: import com.mockrunner.mock.web.MockHttpServletRequest;
045: import com.mockrunner.mock.web.MockHttpServletResponse;
046: import com.mockrunner.mock.web.MockHttpSession;
047: import com.mockrunner.mock.web.MockServletConfig;
048: import com.mockrunner.mock.web.MockServletContext;
049:
050: /**
051: * Test Security Constraints Manipulation
052: *
053: * @author <a>David Sean Taylor </a>
054: * @version $Id: $
055: */
056: public class TestConstraintsAction extends TestCase {
057:
058: private ComponentManager cm;
059:
060: private LayoutValve valve;
061:
062: private PageManager pageManager;
063:
064: public static void main(String[] args) {
065: junit.swingui.TestRunner.run(TestLayout.class);
066: }
067:
068: /**
069: * Setup the request context
070: */
071: protected void setUp() throws Exception {
072: super .setUp();
073:
074: String appRoot = "./"; //PortalTestConstants.JETSPEED_APPLICATION_ROOT;
075:
076: MockServletConfig servletConfig = new MockServletConfig();
077: ResourceLocatingServletContext servletContent = new ResourceLocatingServletContext(
078: new File(appRoot));
079: servletConfig.setServletContext(servletContent);
080: ServletConfigFactoryBean.setServletConfig(servletConfig);
081:
082: // Load the Spring configs
083: String[] bootConfigs = null;
084: String[] appConfigs = { //"src/webapp/WEB-INF/assembly/layout-api.xml",
085: "src/test/resources/assembly/test-layout-constraints-api.xml",
086: "src/test/resources/assembly/page-manager.xml" };
087:
088: cm = new SpringComponentManager(bootConfigs, appConfigs,
089: servletContent, ".");
090: cm.start();
091: valve = (LayoutValve) cm.getComponent("layoutValve");
092: pageManager = (PageManager) cm.getComponent("pageManager");
093: }
094:
095: protected void tearDown() throws Exception {
096: cm.stop();
097: }
098:
099: public void testUpdate() throws Exception {
100: String method = "update-def";
101: String defName = "users";
102: String xml = "<security-constraints-def name=\""
103: + defName
104: + "\"><security-constraint><roles>user, manager</roles><permissions>view,edit</permissions></security-constraint></security-constraints-def>";
105: runTest(xml, defName, method);
106: PageSecurity pageSecurity = pageManager.getPageSecurity();
107: SecurityConstraintsDef def = pageSecurity
108: .getSecurityConstraintsDef(defName);
109: assertNotNull("definition " + defName + " not found ", def);
110: SecurityConstraint constraint = (SecurityConstraint) def
111: .getSecurityConstraints().get(0);
112: assertNotNull(
113: "first constraint for " + defName + " not found ", def);
114: assertEquals("update failed for constraints "
115: + constraint.getPermissions().toString(), constraint
116: .getPermissions().toString(), "[view, edit]");
117: }
118:
119: public void testAdd() throws Exception {
120: String method = "add-def";
121: String defName = "newone";
122: String xml = "<security-constraints-def name=\""
123: + defName
124: + "\"><security-constraint><roles>user, manager</roles><permissions>view,edit</permissions></security-constraint></security-constraints-def>";
125: runTest(xml, defName, method);
126: PageSecurity pageSecurity = pageManager.getPageSecurity();
127: SecurityConstraintsDef def = pageSecurity
128: .getSecurityConstraintsDef(defName);
129: assertNotNull("definition " + defName + " not found ", def);
130: SecurityConstraint constraint = (SecurityConstraint) def
131: .getSecurityConstraints().get(0);
132: assertNotNull(
133: "first constraint for " + defName + " not found ", def);
134: assertEquals("update failed for constraints "
135: + constraint.getPermissions().toString(), constraint
136: .getPermissions().toString(), "[view, edit]");
137: }
138:
139: public void testAdds() throws Exception {
140: String method = "update-def";
141: String defName = "users";
142: String xml = "<security-constraints-def name=\""
143: + defName
144: + "\"><security-constraint><roles>user, manager,anon</roles><permissions>view,edit,help</permissions></security-constraint>"
145: + "<security-constraint><groups>accounting,finance</groups><permissions>view,edit,help</permissions></security-constraint>"
146: + "<security-constraint><users>tomcat</users><permissions>view</permissions></security-constraint>"
147: + "<security-constraint><users>manager,admin</users><permissions>view,help</permissions></security-constraint>"
148: + "</security-constraints-def>";
149:
150: runTest(xml, defName, method);
151: PageSecurity pageSecurity = pageManager.getPageSecurity();
152: SecurityConstraintsDef def = pageSecurity
153: .getSecurityConstraintsDef(defName);
154: assertNotNull("definition " + defName + " not found ", def);
155: SecurityConstraint constraint = (SecurityConstraint) def
156: .getSecurityConstraints().get(0);
157: assertNotNull(
158: "first constraint for " + defName + " not found ",
159: constraint);
160: assertEquals("update failed for constraints "
161: + constraint.getPermissions().toString(), constraint
162: .getPermissions().toString(), "[view, edit, help]");
163: assertEquals("update failed for constraints "
164: + constraint.getRoles().toString(), constraint
165: .getRoles().toString(), "[user, manager, anon]");
166:
167: SecurityConstraint constraint2 = (SecurityConstraint) def
168: .getSecurityConstraints().get(1);
169: assertNotNull("second constraint for " + defName
170: + " not found ", constraint2);
171: assertEquals("add failed for constraints "
172: + constraint2.getPermissions().toString(), constraint2
173: .getPermissions().toString(), "[view, edit, help]");
174: assertEquals("add failed for constraints "
175: + constraint2.getGroups().toString(), constraint2
176: .getGroups().toString(), "[accounting, finance]");
177:
178: SecurityConstraint constraint3 = (SecurityConstraint) def
179: .getSecurityConstraints().get(2);
180: assertNotNull(
181: "third constraint for " + defName + " not found ",
182: constraint3);
183: assertEquals("add failed for constraints "
184: + constraint3.getPermissions().toString(), constraint3
185: .getPermissions().toString(), "[view]");
186: assertEquals("add failed for constraints "
187: + constraint3.getUsers().toString(), constraint3
188: .getUsers().toString(), "[tomcat]");
189:
190: SecurityConstraint constraint4 = (SecurityConstraint) def
191: .getSecurityConstraints().get(3);
192: assertNotNull("fourth constraint for " + defName
193: + " not found ", constraint4);
194: assertEquals("add failed for constraints "
195: + constraint4.getPermissions().toString(), constraint4
196: .getPermissions().toString(), "[view, help]");
197: assertEquals("add failed for constraints "
198: + constraint4.getUsers().toString(), constraint4
199: .getUsers().toString(), "[manager, admin]");
200:
201: }
202:
203: public void testDeletes() throws Exception {
204: String method = "update-def";
205: String defName = "delete3";
206: String xml = "<security-constraints-def name=\""
207: + defName
208: + "\"><security-constraint><users>*</users><permissions>view</permissions></security-constraint></security-constraints-def>";
209: runTest(xml, defName, method);
210: PageSecurity pageSecurity = pageManager.getPageSecurity();
211: SecurityConstraintsDef def = pageSecurity
212: .getSecurityConstraintsDef(defName);
213: assertNotNull("definition " + defName + " not found ", def);
214: SecurityConstraint constraint = (SecurityConstraint) def
215: .getSecurityConstraints().get(0);
216: assertNotNull(
217: "first constraint for " + defName + " not found ", def);
218: assertEquals("delete merge failed for constraints "
219: + constraint.getPermissions().toString(), constraint
220: .getPermissions().toString(), "[view]");
221: assertEquals("delete merge failed for constraints "
222: + constraint.getUsers().toString(), constraint
223: .getUsers().toString(), "[*]");
224: assertTrue("constrainst size should be 1 ", def
225: .getSecurityConstraints().size() == 1);
226: }
227:
228: public void testDeleteDef() throws Exception {
229: String method = "remove-def";
230: String defName = "deleteme";
231: String xml = "";
232: runTest(xml, defName, method);
233: PageSecurity pageSecurity = pageManager.getPageSecurity();
234: SecurityConstraintsDef def = pageSecurity
235: .getSecurityConstraintsDef(defName);
236: assertNull("definition " + defName + " should be deleted ", def);
237: }
238:
239: public void testAddGlobal() throws Exception {
240: String method = "add-global";
241: String defName = "manager";
242: String xml = "";
243: runTest(xml, defName, method);
244: PageSecurity pageSecurity = pageManager.getPageSecurity();
245: List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
246: assertTrue("should have found new global " + defName, globals
247: .contains(defName));
248: assertTrue("should have found old global " + defName, globals
249: .contains("admin"));
250: }
251:
252: public void testDeleteGlobal() throws Exception {
253: PageSecurity pageSecurity = pageManager.getPageSecurity();
254: String method = "add-global";
255: String defName = "public-edit";
256: String xml = "";
257: runTest(xml, defName, method);
258: List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
259: assertTrue("should have found new global " + defName, globals
260: .contains(defName));
261: method = "remove-global";
262: runTest(xml, defName, method);
263: globals = pageSecurity.getGlobalSecurityConstraintsRefs();
264: assertFalse("should have not found new global " + defName,
265: globals.contains(defName));
266: }
267:
268: public void runTest(String xml, String defName, String method)
269: throws Exception {
270: MockServletConfig config = new MockServletConfig();
271: MockServletContext context = new MockServletContext();
272: MockHttpSession session = new MockHttpSession();
273: session.setupServletContext(context);
274: MockHttpServletRequest request = new MockHttpServletRequest();
275: request.setupAddParameter("action", "constraints");
276: request.setupAddParameter("method", method);
277: request.setupAddParameter("xml", xml);
278: request.setupAddParameter("name", defName);
279: request.setSession(session);
280: MockHttpServletResponse response = new MockHttpServletResponse();
281:
282: final RequestContext rc = new JetspeedRequestContext(request,
283: response, config, null);
284:
285: Set principals = new HashSet();
286: principals.add(new UserPrincipalImpl("admin"));
287: principals.add(new RolePrincipalImpl("admin"));
288: Subject subject = new Subject(true, principals, new HashSet(),
289: new HashSet());
290:
291: JSSubject.doAsPrivileged(subject, new PrivilegedAction() {
292: public Object run() {
293: try {
294: valve.invoke(rc, null);
295: return null;
296: } catch (PipelineException e) {
297: return e;
298: }
299: }
300: }, null);
301:
302: }
303:
304: }
|