001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.afterinvocation;
017:
018: import junit.framework.TestCase;
019:
020: import org.acegisecurity.AccessDeniedException;
021: import org.acegisecurity.ConfigAttributeDefinition;
022: import org.acegisecurity.MockAclManager;
023: import org.acegisecurity.SecurityConfig;
024:
025: import org.acegisecurity.acl.AclEntry;
026: import org.acegisecurity.acl.AclManager;
027: import org.acegisecurity.acl.basic.MockAclObjectIdentity;
028: import org.acegisecurity.acl.basic.SimpleAclEntry;
029:
030: import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
031:
032: import org.acegisecurity.util.SimpleMethodInvocation;
033:
034: /**
035: * Tests {@link BasicAclEntryAfterInvocationProvider}.
036: *
037: * @author Ben Alex
038: * @version $Id: BasicAclEntryAfterInvocationProviderTests.java 1496 2006-05-23 13:38:33Z benalex $
039: */
040: public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
041: //~ Constructors ===================================================================================================
042:
043: public BasicAclEntryAfterInvocationProviderTests() {
044: super ();
045: }
046:
047: public BasicAclEntryAfterInvocationProviderTests(String arg0) {
048: super (arg0);
049: }
050:
051: //~ Methods ========================================================================================================
052:
053: public static void main(String[] args) {
054: junit.textui.TestRunner
055: .run(BasicAclEntryAfterInvocationProviderTests.class);
056: }
057:
058: public final void setUp() throws Exception {
059: super .setUp();
060: }
061:
062: public void testCorrectOperationWhenPrincipalHasIncorrectPermissionToDomainObject()
063: throws Exception {
064: // Create an AclManager, granting scott only ADMINISTRATION rights
065: AclManager aclManager = new MockAclManager("belmont", "scott",
066: new AclEntry[] { new SimpleAclEntry("scott",
067: new MockAclObjectIdentity(), null,
068: SimpleAclEntry.ADMINISTRATION) });
069:
070: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
071: provider.setAclManager(aclManager);
072: provider.afterPropertiesSet();
073:
074: // Create the Authentication and Config Attribs we'll be presenting
075: UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
076: "scott", "NOT_USED");
077: ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
078: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
079:
080: try {
081: provider.decide(auth, new SimpleMethodInvocation(), attr,
082: "belmont");
083: fail("Should have thrown AccessDeniedException");
084: } catch (AccessDeniedException expected) {
085: assertTrue(true);
086: }
087: }
088:
089: public void testCorrectOperationWhenPrincipalHasNoPermissionToDomainObject()
090: throws Exception {
091: // Create an AclManager
092: AclManager aclManager = new MockAclManager("belmont",
093: "marissa", new AclEntry[] {
094: new MockAclEntry(),
095: new SimpleAclEntry("marissa",
096: new MockAclObjectIdentity(), null,
097: SimpleAclEntry.ADMINISTRATION),
098: new SimpleAclEntry("marissa",
099: new MockAclObjectIdentity(), null,
100: SimpleAclEntry.READ),
101: new SimpleAclEntry("marissa",
102: new MockAclObjectIdentity(), null,
103: SimpleAclEntry.DELETE) });
104:
105: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
106: provider.setAclManager(aclManager);
107: provider.afterPropertiesSet();
108:
109: // Create the Authentication and Config Attribs we'll be presenting
110: UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
111: "scott", "NOT_USED");
112: ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
113: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
114:
115: try {
116: provider.decide(auth, new SimpleMethodInvocation(), attr,
117: "belmont");
118: fail("Should have thrown AccessDeniedException");
119: } catch (AccessDeniedException expected) {
120: assertTrue(true);
121: }
122: }
123:
124: public void testCorrectOperationWhenPrincipalIsAuthorised()
125: throws Exception {
126: // Create an AclManager
127: AclManager aclManager = new MockAclManager("belmont",
128: "marissa", new AclEntry[] {
129: new MockAclEntry(),
130: new SimpleAclEntry("marissa",
131: new MockAclObjectIdentity(), null,
132: SimpleAclEntry.ADMINISTRATION),
133: new SimpleAclEntry("marissa",
134: new MockAclObjectIdentity(), null,
135: SimpleAclEntry.READ),
136: new SimpleAclEntry("marissa",
137: new MockAclObjectIdentity(), null,
138: SimpleAclEntry.DELETE) });
139:
140: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
141: provider.setAclManager(aclManager);
142: assertEquals(aclManager, provider.getAclManager());
143: provider.afterPropertiesSet();
144:
145: // Create the Authentication and Config Attribs we'll be presenting
146: UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
147: "marissa", "NOT_USED");
148: ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
149: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
150:
151: // Filter
152: assertEquals("belmont", provider.decide(auth,
153: new SimpleMethodInvocation(), attr, "belmont"));
154: }
155:
156: public void testGrantsAccessIfReturnedObjectIsNull()
157: throws Exception {
158: // Create an AclManager
159: AclManager aclManager = new MockAclManager("belmont",
160: "marissa", new AclEntry[] {
161: new SimpleAclEntry("marissa",
162: new MockAclObjectIdentity(), null,
163: SimpleAclEntry.ADMINISTRATION),
164: new SimpleAclEntry("marissa",
165: new MockAclObjectIdentity(), null,
166: SimpleAclEntry.READ),
167: new SimpleAclEntry("marissa",
168: new MockAclObjectIdentity(), null,
169: SimpleAclEntry.DELETE),
170: new MockAclEntry() });
171:
172: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
173: provider.setAclManager(aclManager);
174: provider.afterPropertiesSet();
175:
176: // Create the Authentication and Config Attribs we'll be presenting
177: UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
178: "marissa", "NOT_USED");
179: ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
180: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
181:
182: // Filter
183: assertNull(provider.decide(auth, new SimpleMethodInvocation(),
184: attr, null));
185: }
186:
187: public void testRespectsModificationsToProcessConfigAttribute()
188: throws Exception {
189: // Create an AclManager
190: AclManager aclManager = new MockAclManager("sydney", "marissa",
191: new AclEntry[] {
192: new SimpleAclEntry("marissa",
193: new MockAclObjectIdentity(), null,
194: SimpleAclEntry.READ),
195: new MockAclEntry() });
196:
197: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
198: provider.setAclManager(aclManager);
199: assertEquals("AFTER_ACL_READ", provider
200: .getProcessConfigAttribute());
201: provider.setProcessConfigAttribute("AFTER_ACL_ADMIN");
202: assertEquals("AFTER_ACL_ADMIN", provider
203: .getProcessConfigAttribute());
204: provider.afterPropertiesSet();
205:
206: // Create the Authentication and Config Attribs we'll be presenting
207: UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
208: "marissa", "NOT_USED");
209: ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
210: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
211:
212: // As no matching config attrib, ensure provider returns original obj
213: assertEquals("sydney", provider.decide(auth,
214: new SimpleMethodInvocation(), attr, "sydney"));
215:
216: // Filter, this time with the conf attrib provider setup to answer
217: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_ADMIN"));
218: assertEquals("sydney", provider.decide(auth,
219: new SimpleMethodInvocation(), attr, "sydney"));
220: }
221:
222: public void testRespectsModificationsToRequirePermissions()
223: throws Exception {
224: // Create an AclManager
225: AclManager aclManager = new MockAclManager("sydney", "marissa",
226: new AclEntry[] {
227: new SimpleAclEntry("marissa",
228: new MockAclObjectIdentity(), null,
229: SimpleAclEntry.ADMINISTRATION),
230: new MockAclEntry() });
231:
232: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
233: provider.setAclManager(aclManager);
234: assertEquals(SimpleAclEntry.READ, provider
235: .getRequirePermission()[0]);
236: provider
237: .setRequirePermission(new int[] { SimpleAclEntry.ADMINISTRATION });
238: assertEquals(SimpleAclEntry.ADMINISTRATION, provider
239: .getRequirePermission()[0]);
240: provider.afterPropertiesSet();
241:
242: // Create the Authentication and Config Attribs we'll be presenting
243: UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
244: "marissa", "NOT_USED");
245: ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
246: attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
247:
248: // Filter
249: assertEquals("sydney", provider.decide(auth,
250: new SimpleMethodInvocation(), attr, "sydney"));
251: }
252:
253: public void testStartupDetectsMissingAclManager() throws Exception {
254: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
255:
256: try {
257: provider.afterPropertiesSet();
258: fail("Should have thrown IllegalArgumentException");
259: } catch (IllegalArgumentException expected) {
260: assertEquals("An aclManager is mandatory", expected
261: .getMessage());
262: }
263: }
264:
265: public void testStartupDetectsMissingProcessConfigAttribute()
266: throws Exception {
267: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
268: AclManager aclManager = new MockAclManager("sydney", "marissa",
269: new AclEntry[] {
270: new SimpleAclEntry("marissa",
271: new MockAclObjectIdentity(), null,
272: SimpleAclEntry.ADMINISTRATION),
273: new MockAclEntry() });
274: provider.setAclManager(aclManager);
275:
276: provider.setProcessConfigAttribute(null);
277:
278: try {
279: provider.afterPropertiesSet();
280: fail("Should have thrown IllegalArgumentException");
281: } catch (IllegalArgumentException expected) {
282: assertEquals("A processConfigAttribute is mandatory",
283: expected.getMessage());
284: }
285: }
286:
287: public void testStartupDetectsMissingRequirePermission()
288: throws Exception {
289: BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
290: AclManager aclManager = new MockAclManager("sydney", "marissa",
291: new AclEntry[] {
292: new SimpleAclEntry("marissa",
293: new MockAclObjectIdentity(), null,
294: SimpleAclEntry.ADMINISTRATION),
295: new MockAclEntry() });
296: provider.setAclManager(aclManager);
297:
298: provider.setRequirePermission(null);
299:
300: try {
301: provider.afterPropertiesSet();
302: fail("Should have thrown IllegalArgumentException");
303: } catch (IllegalArgumentException expected) {
304: assertEquals(
305: "One or more requirePermission entries is mandatory",
306: expected.getMessage());
307: }
308: }
309:
310: public void testSupportsAnything() {
311: assertTrue(new BasicAclEntryAfterInvocationProvider()
312: .supports(String.class));
313: }
314:
315: //~ Inner Classes ==================================================================================================
316:
317: private class MockAclEntry implements AclEntry {
318: // just so AclTag iterates some different types of AclEntrys
319: }
320: }
|