Source Code Cross Referenced for AuthorizationManagerTest.java in  » Wiki-Engine » JSPWiki » com » ecyrd » jspwiki » auth » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » Wiki Engine » JSPWiki » com.ecyrd.jspwiki.auth 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


001:        package com.ecyrd.jspwiki.auth;
002:
003:        import java.io.File;
004:        import java.security.Permission;
005:        import java.security.Principal;
006:        import java.util.Properties;
007:
008:        import junit.framework.Test;
009:        import junit.framework.TestCase;
010:        import junit.framework.TestSuite;
011:
012:        import org.apache.commons.lang.ArrayUtils;
013:
014:        import com.ecyrd.jspwiki.TestEngine;
015:        import com.ecyrd.jspwiki.WikiException;
016:        import com.ecyrd.jspwiki.WikiPage;
017:        import com.ecyrd.jspwiki.WikiSession;
018:        import com.ecyrd.jspwiki.WikiSessionTest;
019:        import com.ecyrd.jspwiki.attachment.Attachment;
020:        import com.ecyrd.jspwiki.auth.acl.UnresolvedPrincipal;
021:        import com.ecyrd.jspwiki.auth.authorize.Group;
022:        import com.ecyrd.jspwiki.auth.authorize.GroupManager;
023:        import com.ecyrd.jspwiki.auth.authorize.Role;
024:        import com.ecyrd.jspwiki.auth.permissions.AllPermission;
025:        import com.ecyrd.jspwiki.auth.permissions.PagePermission;
026:        import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
027:        import com.ecyrd.jspwiki.auth.permissions.WikiPermission;
028:        import com.ecyrd.jspwiki.auth.user.DefaultUserProfile;
029:        import com.ecyrd.jspwiki.auth.user.UserProfile;
030:        import com.ecyrd.jspwiki.providers.ProviderException;
031:
032:        /**
033:         * Tests the AuthorizationManager class.
034:         * @author Janne Jalkanen
035:         */
036:        public class AuthorizationManagerTest extends TestCase {
037:            private AuthorizationManager m_auth;
038:
039:            private TestEngine m_engine;
040:
041:            private GroupManager m_groupMgr;
042:
043:            private WikiSession m_session;
044:
045:            private static class TestPrincipal implements  Principal {
046:                private final String m_name;
047:
048:                public TestPrincipal(String name) {
049:                    m_name = name;
050:                }
051:
052:                public String getName() {
053:                    return m_name;
054:                }
055:            }
056:
057:            public AuthorizationManagerTest(String s) {
058:                super (s);
059:            }
060:
061:            public static Test suite() {
062:                TestSuite suite = new TestSuite("Authorization Manager test");
063:                suite.addTestSuite(AuthorizationManagerTest.class);
064:                return suite;
065:            }
066:
067:            public void setUp() throws Exception {
068:                Properties props = new Properties();
069:                props.load(TestEngine.findTestProperties());
070:                m_engine = new TestEngine(props);
071:                m_auth = m_engine.getAuthorizationManager();
072:                m_groupMgr = m_engine.getGroupManager();
073:                m_session = WikiSessionTest.adminSession(m_engine);
074:            }
075:
076:            /**
077:             * Tests the default policy. Anonymous users can read, Authenticated can
078:             * edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
079:             * the JRE at startup.
080:             * @throws Exception
081:             */
082:            public void testDefaultPermissions() throws Exception {
083:                // Save a page without an ACL
084:                m_engine.saveText("TestDefaultPage", "Foo");
085:                Permission view = PermissionFactory.getPagePermission(
086:                        "*:TestDefaultPage", "view");
087:                Permission edit = PermissionFactory.getPagePermission(
088:                        "*:TestDefaultPage", "edit");
089:                WikiSession session;
090:
091:                // Alice is asserted
092:                session = WikiSessionTest
093:                        .assertedSession(m_engine, Users.ALICE);
094:                assertTrue("Alice view", m_auth.checkPermission(session, view));
095:                assertTrue("Alice edit", m_auth.checkPermission(session, edit));
096:
097:                // Bob is logged in
098:                session = WikiSessionTest.authenticatedSession(m_engine,
099:                        Users.BOB, Users.BOB_PASS);
100:                assertTrue("Bob view", m_auth.checkPermission(session, view));
101:                assertTrue("Bob edit", m_auth.checkPermission(session, edit));
102:
103:                // Delete the test page
104:                try {
105:                    m_engine.deletePage("TestDefaultPage");
106:                } catch (ProviderException e) {
107:                    assertTrue(false);
108:                }
109:            }
110:
111:            public void testGetRoles() throws Exception {
112:                WikiSession session;
113:                Principal[] principals;
114:
115:                // Create a new "asserted" session for Bob
116:                session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
117:
118:                // Set up a group without Bob in it
119:                Group test = m_groupMgr.parseGroup("Test", "Alice \n Charlie",
120:                        true);
121:                m_groupMgr.setGroup(m_session, test);
122:
123:                // Bob should have two roles: ASSERTED and ALL
124:                principals = session.getRoles();
125:                assertTrue("Bob in ALL", ArrayUtils.contains(principals,
126:                        Role.ALL));
127:                assertTrue("Bob in ASSERTED", ArrayUtils.contains(principals,
128:                        Role.ASSERTED));
129:                assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(
130:                        principals, Role.ANONYMOUS));
131:                assertFalse("Bob not in Test", ArrayUtils.contains(principals,
132:                        test.getPrincipal()));
133:
134:                // Re-save group "Test" with Bob as a member
135:                test = m_groupMgr.parseGroup("Test", "Alice \n Bob \nCharlie",
136:                        true);
137:                m_groupMgr.setGroup(m_session, test);
138:
139:                // Bob not authenticated: should still have only two romes
140:                principals = session.getRoles();
141:                assertTrue("Bob in ALL", ArrayUtils.contains(principals,
142:                        Role.ALL));
143:                assertTrue("Bob in ASSERTED", ArrayUtils.contains(principals,
144:                        Role.ASSERTED));
145:                assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(
146:                        principals, Role.ANONYMOUS));
147:                assertFalse("Bob in Test", ArrayUtils.contains(principals, test
148:                        .getPrincipal()));
149:
150:                // Elevate Bob to "authenticated" status
151:                session = WikiSessionTest.authenticatedSession(m_engine,
152:                        Users.BOB, Users.BOB_PASS);
153:
154:                // Re-save the group; Bob should possess the role now
155:                test = m_groupMgr.parseGroup("Test", "Alice \n Bob \n Charlie",
156:                        true);
157:                m_groupMgr.setGroup(m_session, test);
158:                principals = session.getRoles();
159:                assertTrue("Bob in ALL", ArrayUtils.contains(principals,
160:                        Role.ALL));
161:                assertFalse("Bob in ASSERTED", ArrayUtils.contains(principals,
162:                        Role.ASSERTED));
163:                assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(
164:                        principals, Role.ANONYMOUS));
165:                assertTrue("Bob in Test", ArrayUtils.contains(principals, test
166:                        .getPrincipal()));
167:
168:                // Cleanup
169:                m_groupMgr.removeGroup("Test");
170:            }
171:
172:            public void testAssertedSession() throws Exception {
173:                // Create Alice and her roles
174:                Principal alice = new WikiPrincipal(Users.ALICE);
175:                Role it = new Role("IT");
176:                Role engineering = new Role("Engineering");
177:                Role finance = new Role("Finance");
178:                Principal admin = new GroupPrincipal("Admin");
179:                WikiSession session = WikiSessionTest
180:                        .assertedSession(m_engine, Users.ALICE,
181:                                new Principal[] { it, engineering, admin });
182:
183:                // Create two groups: Alice should be part of group Bar, but not Foo
184:                Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
185:                Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
186:                barGroup.add(alice);
187:                m_groupMgr.setGroup(m_session, fooGroup);
188:                m_groupMgr.setGroup(m_session, barGroup);
189:
190:                // Test user principal posession: Alice isn't considered to
191:                // have the "Alice" principal because she's not authenticated
192:                assertFalse("Alice has Alice", m_auth.hasRoleOrPrincipal(
193:                        session, new WikiPrincipal(Users.ALICE)));
194:                assertFalse("Alice has Alice", m_auth.hasRoleOrPrincipal(
195:                        session, new TestPrincipal(Users.ALICE)));
196:                assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(
197:                        session, new WikiPrincipal(Users.BOB)));
198:                assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(
199:                        session, new TestPrincipal(Users.BOB)));
200:
201:                // Built-in role memberships
202:                assertTrue("Alice in ALL", m_auth.hasRoleOrPrincipal(session,
203:                        Role.ALL));
204:                assertFalse("Alice not in ANONYMOUS", m_auth
205:                        .hasRoleOrPrincipal(session, Role.ANONYMOUS));
206:                assertTrue("Alice in ASSERTED", m_auth.hasRoleOrPrincipal(
207:                        session, Role.ASSERTED));
208:                assertFalse("Alice not in AUTHENTICATED", m_auth
209:                        .hasRoleOrPrincipal(session, Role.AUTHENTICATED));
210:
211:                // Custom roles should be FALSE because Alice is asserted
212:                assertFalse("Alice not in IT", m_auth.hasRoleOrPrincipal(
213:                        session, it));
214:                assertFalse("Alice not in Engineering", m_auth
215:                        .hasRoleOrPrincipal(session, engineering));
216:                assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(
217:                        session, finance));
218:
219:                // Group memberships should be FALSE because Alice is asserted
220:                assertFalse("Alice not in Foo", m_auth.hasRoleOrPrincipal(
221:                        session, fooGroup.getPrincipal()));
222:                assertFalse("Alice not in Bar", m_auth.hasRoleOrPrincipal(
223:                        session, barGroup.getPrincipal()));
224:
225:                // Clean up
226:                m_groupMgr.removeGroup("Foo");
227:                m_groupMgr.removeGroup("Bar");
228:            }
229:
230:            public void testAuthenticatedSession() throws Exception {
231:                // Create Alice and her roles
232:                Principal alice = new WikiPrincipal(Users.ALICE);
233:                Role it = new Role("IT");
234:                Role engineering = new Role("Engineering");
235:                Role finance = new Role("Finance");
236:                Principal admin = new GroupPrincipal("Admin");
237:                WikiSession session = WikiSessionTest
238:                        .containerAuthenticatedSession(m_engine, Users.ALICE,
239:                                new Principal[] { it, engineering, admin });
240:
241:                // Create two groups: Alice should be part of group Bar, but not Foo
242:                Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
243:                Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
244:                barGroup.add(alice);
245:                m_groupMgr.setGroup(m_session, fooGroup);
246:                m_groupMgr.setGroup(m_session, barGroup);
247:
248:                // Test user principal posession: user principals of different
249:                // types should still be "the same" if their names are equal
250:                assertTrue("Alice has Alice", m_auth.hasRoleOrPrincipal(
251:                        session, new WikiPrincipal(Users.ALICE)));
252:                assertTrue("Alice has Alice", m_auth.hasRoleOrPrincipal(
253:                        session, new TestPrincipal(Users.ALICE)));
254:                assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(
255:                        session, new WikiPrincipal(Users.BOB)));
256:                assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(
257:                        session, new TestPrincipal(Users.BOB)));
258:
259:                // Built-in role membership
260:                assertTrue("Alice in ALL", m_auth.hasRoleOrPrincipal(session,
261:                        Role.ALL));
262:                assertFalse("Alice not in ANONYMOUS", m_auth
263:                        .hasRoleOrPrincipal(session, Role.ANONYMOUS));
264:                assertFalse("Alice not in ASSERTED", m_auth.hasRoleOrPrincipal(
265:                        session, Role.ASSERTED));
266:                assertTrue("Alice in AUTHENTICATED", m_auth.hasRoleOrPrincipal(
267:                        session, Role.AUTHENTICATED));
268:
269:                // Custom roles
270:                assertTrue("Alice in IT", m_auth
271:                        .hasRoleOrPrincipal(session, it));
272:                assertTrue("Alice in Engineering", m_auth.hasRoleOrPrincipal(
273:                        session, engineering));
274:                assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(
275:                        session, finance));
276:
277:                // Group memberships
278:                assertFalse("Alice not in Foo", m_auth.hasRoleOrPrincipal(
279:                        session, fooGroup.getPrincipal()));
280:                assertTrue("Alice in Bar", m_auth.hasRoleOrPrincipal(session,
281:                        barGroup.getPrincipal()));
282:
283:                // Cleanup
284:                m_groupMgr.removeGroup("Foo");
285:                m_groupMgr.removeGroup("Bar");
286:            }
287:
288:            public void testInheritedPermissions() throws Exception {
289:                // Create test page & attachment
290:                String src = "[{ALLOW edit Alice}] ";
291:                m_engine.saveText("Test", src);
292:
293:                File f = m_engine.makeAttachmentFile();
294:                Attachment att = new Attachment(m_engine, "Test", "test1.txt");
295:                att.setAuthor("FirstPost");
296:                m_engine.getAttachmentManager().storeAttachment(att, f);
297:
298:                Attachment p = (Attachment) m_engine.getPage("Test/test1.txt");
299:                Permission view = PermissionFactory
300:                        .getPagePermission(p, "view");
301:                Permission edit = PermissionFactory
302:                        .getPagePermission(p, "edit");
303:
304:                // Create authenticated session with user 'Alice', who can read & edit (in ACL)
305:                WikiSession session;
306:                session = WikiSessionTest.authenticatedSession(m_engine,
307:                        Users.ALICE, Users.ALICE_PASS);
308:                assertTrue("Alice view Test/test1.txt", m_auth.checkPermission(
309:                        session, view));
310:                assertTrue("Alice edit Test/test1.txt", m_auth.checkPermission(
311:                        session, edit));
312:
313:                // Create authenticated session with user 'Bob', who can't read or edit (not in ACL)
314:                session = WikiSessionTest.authenticatedSession(m_engine,
315:                        Users.BOB, Users.BOB_PASS);
316:                assertFalse("Bob !view Test/test1.txt", m_auth.checkPermission(
317:                        session, view));
318:                assertFalse("Bob !edit Test/test1.txt", m_auth.checkPermission(
319:                        session, edit));
320:
321:                // Delete test page & attachment
322:                m_engine.getAttachmentManager().deleteAttachment(att);
323:                m_engine.deletePage("Test");
324:            }
325:
326:            public void testInheritedAclPermissions() throws Exception {
327:                // Create test page & attachment
328:                String src = "[{ALLOW view Alice}] ";
329:                m_engine.saveText("Test", src);
330:
331:                File f = m_engine.makeAttachmentFile();
332:                Attachment att = new Attachment(m_engine, "Test", "test1.txt");
333:                att.setAuthor("FirstPost");
334:                m_engine.getAttachmentManager().storeAttachment(att, f);
335:
336:                Attachment p = (Attachment) m_engine.getPage("Test/test1.txt");
337:                Permission view = PermissionFactory
338:                        .getPagePermission(p, "view");
339:                Permission edit = PermissionFactory
340:                        .getPagePermission(p, "edit");
341:
342:                // Create session with user 'Alice', who can read (in ACL)
343:                WikiSession session;
344:                session = WikiSessionTest.authenticatedSession(m_engine,
345:                        Users.ALICE, Users.ALICE_PASS);
346:                assertTrue("Foo view Test", m_auth.checkPermission(session,
347:                        view));
348:                assertFalse("Foo !edit Test", m_auth.checkPermission(session,
349:                        edit));
350:
351:                // Create session with user 'Bob', who can't read or edit (not in ACL)
352:                session = WikiSessionTest.authenticatedSession(m_engine,
353:                        Users.BOB, Users.BOB_PASS);
354:                assertFalse("Bar !view Test", m_auth.checkPermission(session,
355:                        view));
356:                assertFalse("Bar !edit Test", m_auth.checkPermission(session,
357:                        view));
358:
359:                // Delete test page & attachment
360:                m_engine.getAttachmentManager().deleteAttachment(att);
361:                m_engine.deletePage("Test");
362:            }
363:
364:            public void testHasRoleOrPrincipal() throws Exception {
365:                // Create new user Alice and 2 sample roles
366:                Principal alice = new WikiPrincipal(Users.ALICE);
367:                Role it = new Role("IT");
368:                Role finance = new Role("Finance");
369:
370:                // Create Group1 with Alice in it, Group2 without
371:                WikiSession session = WikiSessionTest.adminSession(m_engine);
372:                Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
373:                m_groupMgr.setGroup(session, g1);
374:                Principal group1 = g1.getPrincipal();
375:                Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
376:                m_groupMgr.setGroup(session, g2);
377:                Principal group2 = g2.getPrincipal();
378:
379:                // Create anonymous session; not in ANY custom roles or groups
380:                session = WikiSessionTest.anonymousSession(m_engine);
381:                assertTrue("Anon anonymous", m_auth.hasRoleOrPrincipal(session,
382:                        Role.ANONYMOUS));
383:                assertFalse("Anon not asserted", m_auth.hasRoleOrPrincipal(
384:                        session, Role.ASSERTED));
385:                assertFalse("Anon not authenticated", m_auth
386:                        .hasRoleOrPrincipal(session, Role.AUTHENTICATED));
387:                assertFalse("Alice not in Anon", m_auth.hasRoleOrPrincipal(
388:                        session, alice));
389:                assertFalse("Anon not in IT", m_auth.hasRoleOrPrincipal(
390:                        session, it));
391:                assertFalse("Anon not in Finance", m_auth.hasRoleOrPrincipal(
392:                        session, finance));
393:                assertFalse("Anon not in Group1", m_auth.hasRoleOrPrincipal(
394:                        session, group1));
395:                assertFalse("Anon not in Group2", m_auth.hasRoleOrPrincipal(
396:                        session, group2));
397:
398:                // Create asserted session with 1 GroupPrincipal & 1 custom Role
399:                // Alice is asserted, and thus not in ANY custom roles or groups
400:                session = WikiSessionTest.assertedSession(m_engine,
401:                        Users.ALICE, new Principal[] { it });
402:                assertFalse("Alice not anonymous", m_auth.hasRoleOrPrincipal(
403:                        session, Role.ANONYMOUS));
404:                assertTrue("Alice asserted", m_auth.hasRoleOrPrincipal(session,
405:                        Role.ASSERTED));
406:                assertFalse("Alice not authenticated", m_auth
407:                        .hasRoleOrPrincipal(session, Role.AUTHENTICATED));
408:                assertFalse("Alice not in Alice", m_auth.hasRoleOrPrincipal(
409:                        session, alice));
410:                assertFalse("Alice not in IT", m_auth.hasRoleOrPrincipal(
411:                        session, it));
412:                assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(
413:                        session, finance));
414:                assertFalse("Alice not in Group1", m_auth.hasRoleOrPrincipal(
415:                        session, group1));
416:                assertFalse("Alice not in Group2", m_auth.hasRoleOrPrincipal(
417:                        session, group2));
418:
419:                // Create authenticated session with 1 GroupPrincipal & 1 custom Role
420:                // Alice is authenticated, and thus part of custom roles and groups
421:                session = WikiSessionTest.containerAuthenticatedSession(
422:                        m_engine, Users.ALICE, new Principal[] { it });
423:                assertFalse("Alice not anonymous", m_auth.hasRoleOrPrincipal(
424:                        session, Role.ANONYMOUS));
425:                assertFalse("Alice not asserted", m_auth.hasRoleOrPrincipal(
426:                        session, Role.ASSERTED));
427:                assertTrue("Alice authenticated", m_auth.hasRoleOrPrincipal(
428:                        session, Role.AUTHENTICATED));
429:                assertTrue("Alice in Ernie", m_auth.hasRoleOrPrincipal(session,
430:                        alice));
431:                assertTrue("Alice in IT", m_auth
432:                        .hasRoleOrPrincipal(session, it));
433:                assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(
434:                        session, finance));
435:                assertTrue("Alice in Group1", m_auth.hasRoleOrPrincipal(
436:                        session, group1));
437:                assertFalse("Alice not in Group2", m_auth.hasRoleOrPrincipal(
438:                        session, group2));
439:
440:                // Clean up
441:                m_groupMgr.removeGroup("Group1");
442:                m_groupMgr.removeGroup("Group2");
443:            }
444:
445:            public void testIsUserInRole() throws Exception {
446:                // Create new user Alice and 2 sample roles
447:                Principal alice = new WikiPrincipal(Users.ALICE);
448:                Role it = new Role("IT");
449:                Role finance = new Role("Finance");
450:
451:                // Create Group1 with Alice in it, Group2 without
452:                WikiSession session = WikiSessionTest.adminSession(m_engine);
453:                Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
454:                m_groupMgr.setGroup(session, g1);
455:                Principal group1 = g1.getPrincipal();
456:                Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
457:                m_groupMgr.setGroup(session, g2);
458:                Principal group2 = g2.getPrincipal();
459:
460:                // Create anonymous session; not in ANY custom roles or groups
461:                session = WikiSessionTest.anonymousSession(m_engine);
462:                assertTrue("Anon anonymous", m_auth.isUserInRole(session,
463:                        Role.ANONYMOUS));
464:                assertFalse("Anon not asserted", m_auth.isUserInRole(session,
465:                        Role.ASSERTED));
466:                assertFalse("Anon not authenticated", m_auth.isUserInRole(
467:                        session, Role.AUTHENTICATED));
468:                assertFalse("Anon not in Ernie", m_auth.isUserInRole(session,
469:                        alice));
470:                assertFalse("Anon not in IT", m_auth.isUserInRole(session, it));
471:                assertFalse("Anon not in Finance", m_auth.isUserInRole(session,
472:                        finance));
473:                assertFalse("Anon not in Group1", m_auth.isUserInRole(session,
474:                        group1));
475:                assertFalse("Anon not in Group2", m_auth.isUserInRole(session,
476:                        group2));
477:
478:                // Create asserted session with 1 GroupPrincipal & 1 custom Role
479:                // Alice is asserted, and thus not in ANY custom roles or groups
480:                session = WikiSessionTest.assertedSession(m_engine,
481:                        Users.ALICE, new Principal[] { it });
482:                assertFalse("Alice not anonymous", m_auth.isUserInRole(session,
483:                        Role.ANONYMOUS));
484:                assertTrue("Alice asserted", m_auth.isUserInRole(session,
485:                        Role.ASSERTED));
486:                assertFalse("Alice not authenticated", m_auth.isUserInRole(
487:                        session, Role.AUTHENTICATED));
488:                assertFalse("Alice not in Alice", m_auth.isUserInRole(session,
489:                        alice));
490:                assertFalse("Alice not in IT", m_auth.isUserInRole(session, it));
491:                assertFalse("Alice not in Finance", m_auth.isUserInRole(
492:                        session, finance));
493:                assertFalse("Alice not in Group1", m_auth.isUserInRole(session,
494:                        group1));
495:                assertFalse("Alice not in Group2", m_auth.isUserInRole(session,
496:                        group2));
497:
498:                // Create authenticated session with 1 GroupPrincipal & 1 custom Role
499:                // Ernie is authenticated, and thus part of custom roles and groups
500:                session = WikiSessionTest.containerAuthenticatedSession(
501:                        m_engine, Users.ALICE, new Principal[] { it });
502:                assertFalse("Alice not anonymous", m_auth.isUserInRole(session,
503:                        Role.ANONYMOUS));
504:                assertFalse("Alice not asserted", m_auth.isUserInRole(session,
505:                        Role.ASSERTED));
506:                assertTrue("Alice not authenticated", m_auth.isUserInRole(
507:                        session, Role.AUTHENTICATED));
508:                assertFalse("Alice not in Alice", m_auth.isUserInRole(session,
509:                        alice));
510:                assertTrue("Alice in IT", m_auth.isUserInRole(session, it));
511:                assertFalse("Alice not in Finance", m_auth.isUserInRole(
512:                        session, finance));
513:                assertTrue("Alice in Group1", m_auth.isUserInRole(session,
514:                        group1));
515:                assertFalse("Alice not in Group2", m_auth.isUserInRole(session,
516:                        group2));
517:
518:                // Clean up
519:                m_groupMgr.removeGroup("Group1");
520:                m_groupMgr.removeGroup("Group2");
521:            }
522:
523:            public void testPrincipalAcl() throws Exception {
524:                // Create test page & attachment
525:                String src = "[{ALLOW edit Alice}] ";
526:                m_engine.saveText("Test", src);
527:
528:                WikiPage p = m_engine.getPage("Test");
529:                Permission view = PermissionFactory
530:                        .getPagePermission(p, "view");
531:                Permission edit = PermissionFactory
532:                        .getPagePermission(p, "edit");
533:
534:                // Create session with authenticated user 'Alice', who can read & edit (in ACL)
535:                WikiSession session;
536:                session = WikiSessionTest.authenticatedSession(m_engine,
537:                        Users.ALICE, Users.ALICE_PASS);
538:                assertTrue("Alice view Test", m_auth.checkPermission(session,
539:                        view));
540:                assertTrue("Alice edit Test", m_auth.checkPermission(session,
541:                        edit));
542:
543:                // Create session with authenticated user 'Bob', who can't read or edit (not in ACL)
544:                session = WikiSessionTest.authenticatedSession(m_engine,
545:                        Users.BOB, Users.BOB_PASS);
546:                assertFalse("Bob !view Test", m_auth.checkPermission(session,
547:                        view));
548:                assertFalse("Bob !edit Test", m_auth.checkPermission(session,
549:                        edit));
550:
551:                // Cleanup
552:                try {
553:                    m_engine.deletePage("Test");
554:                } catch (ProviderException e) {
555:                    fail("Could not delete page");
556:                }
557:            }
558:
559:            /**
560:             * Any principal strings that have same names as built-in roles should
561:             * resolve as built-in roles!
562:             */
563:            public void testResolveBuiltInRoles() {
564:                Principal principal = Role.AUTHENTICATED;
565:                assertEquals(principal, m_auth
566:                        .resolvePrincipal("Authenticated"));
567:                principal = Role.ASSERTED;
568:                assertEquals(principal, m_auth.resolvePrincipal("Asserted"));
569:                principal = Role.ALL;
570:                assertEquals(principal, m_auth.resolvePrincipal("All"));
571:                principal = Role.ANONYMOUS;
572:                assertEquals(principal, m_auth.resolvePrincipal("Anonymous"));
573:
574:                // This should not resolve because there's no built-in role Admin
575:                principal = new WikiPrincipal("Admin");
576:                assertFalse(principal.equals(m_auth.resolvePrincipal("Admin")));
577:            }
578:
579:            public void testResolveGroups() throws WikiException {
580:                Group group1 = m_groupMgr.parseGroup("SampleGroup", "", true);
581:                m_groupMgr.setGroup(m_session, group1);
582:
583:                assertEquals(group1.getPrincipal(), m_auth
584:                        .resolvePrincipal("SampleGroup"));
585:                m_groupMgr.removeGroup("SampleGroup");
586:
587:                // We shouldn't be able to spoof a built-in role
588:                try {
589:                    Group group2 = m_groupMgr.parseGroup("Authenticated", "",
590:                            true);
591:                    assertNotSame(group2.getPrincipal(), m_auth
592:                            .resolvePrincipal("Authenticated"));
593:                } catch (WikiSecurityException e) {
594:                    assertTrue("Authenticated not allowed as group name.", true);
595:                }
596:                assertEquals(Role.AUTHENTICATED, m_auth
597:                        .resolvePrincipal("Authenticated"));
598:            }
599:
600:            public void testResolveUsers() throws WikiException {
601:                // We should be able to resolve a user by login, user, or wiki name
602:                UserProfile profile = new DefaultUserProfile();
603:                profile.setEmail("authmanagertest@tester.net");
604:                profile.setFullname("AuthorizationManagerTest User");
605:                profile.setLoginName("authmanagertest");
606:                try {
607:                    m_engine.getUserManager().getUserDatabase().save(profile);
608:                } catch (WikiSecurityException e) {
609:                    fail("Failed save: " + e.getLocalizedMessage());
610:                }
611:                assertEquals(new WikiPrincipal("authmanagertest",
612:                        WikiPrincipal.LOGIN_NAME), m_auth
613:                        .resolvePrincipal("authmanagertest"));
614:                assertEquals(new WikiPrincipal("AuthorizationManagerTest User",
615:                        WikiPrincipal.FULL_NAME), m_auth
616:                        .resolvePrincipal("AuthorizationManagerTest User"));
617:                assertEquals(new WikiPrincipal("AuthorizationManagerTestUser",
618:                        WikiPrincipal.WIKI_NAME), m_auth
619:                        .resolvePrincipal("AuthorizationManagerTestUser"));
620:                try {
621:                    m_engine.getUserManager().getUserDatabase()
622:                            .deleteByLoginName("authmanagertest");
623:                } catch (WikiSecurityException e) {
624:                    fail("Failed delete: " + e.getLocalizedMessage());
625:                }
626:
627:                // A wiki group should resolve to itself
628:                Group group1 = m_groupMgr.parseGroup("SampleGroup", "", true);
629:                m_groupMgr.setGroup(m_session, group1);
630:                assertEquals(group1.getPrincipal(), m_auth
631:                        .resolvePrincipal("SampleGroup"));
632:                m_groupMgr.removeGroup("SampleGroup");
633:
634:                // A built-in role should resolve to itself
635:                assertEquals(Role.AUTHENTICATED, m_auth
636:                        .resolvePrincipal("Authenticated"));
637:
638:                // We shouldn't be able to spoof a built-in role
639:                assertNotSame(new WikiPrincipal("Authenticated"), m_auth
640:                        .resolvePrincipal("Authenticated"));
641:
642:                // An unknown user should resolve to a generic UnresolvedPrincipal
643:                Principal principal = new UnresolvedPrincipal("Bart Simpson");
644:                assertEquals(principal, m_auth.resolvePrincipal("Bart Simpson"));
645:            }
646:
647:            public void testRoleAcl() throws Exception {
648:                // Create test page & attachment
649:                String src = "[{ALLOW edit Authenticated}] ";
650:                m_engine.saveText("Test", src);
651:
652:                WikiPage p = m_engine.getPage("Test");
653:                Permission view = PermissionFactory
654:                        .getPagePermission(p, "view");
655:                Permission edit = PermissionFactory
656:                        .getPagePermission(p, "edit");
657:
658:                // Create session with authenticated user 'Alice', who can read & edit
659:                WikiSession session;
660:                session = WikiSessionTest.authenticatedSession(m_engine,
661:                        Users.ALICE, Users.ALICE_PASS);
662:                assertTrue("Alice view Test", m_auth.checkPermission(session,
663:                        view));
664:                assertTrue("Alice edit Test", m_auth.checkPermission(session,
665:                        edit));
666:
667:                // Create session with asserted user 'Bob', who can't read or edit (not in ACL)
668:                session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
669:                assertFalse("Bob !view Test", m_auth.checkPermission(session,
670:                        view));
671:                assertFalse("Bob !edit Test", m_auth.checkPermission(session,
672:                        edit));
673:
674:                // Cleanup
675:                try {
676:                    m_engine.deletePage("Test");
677:                } catch (ProviderException e) {
678:                    assertTrue(false);
679:                }
680:            }
681:
682:            public void testStaticPermission() throws Exception {
683:                WikiSession s = WikiSessionTest.anonymousSession(m_engine);
684:                assertTrue("Anonymous view", m_auth.checkStaticPermission(s,
685:                        PagePermission.VIEW));
686:                assertTrue("Anonymous edit", m_auth.checkStaticPermission(s,
687:                        PagePermission.EDIT));
688:                assertTrue("Anonymous comment", m_auth.checkStaticPermission(s,
689:                        PagePermission.COMMENT));
690:                assertFalse("Anonymous modify", m_auth.checkStaticPermission(s,
691:                        PagePermission.MODIFY));
692:                assertFalse("Anonymous upload", m_auth.checkStaticPermission(s,
693:                        PagePermission.UPLOAD));
694:                assertFalse("Anonymous rename", m_auth.checkStaticPermission(s,
695:                        PagePermission.RENAME));
696:                assertFalse("Anonymous delete", m_auth.checkStaticPermission(s,
697:                        PagePermission.DELETE));
698:                assertTrue("Anonymous prefs", m_auth.checkStaticPermission(s,
699:                        WikiPermission.EDIT_PREFERENCES));
700:                assertTrue("Anonymous profile", m_auth.checkStaticPermission(s,
701:                        WikiPermission.EDIT_PROFILE));
702:                assertTrue("Anonymous pages", m_auth.checkStaticPermission(s,
703:                        WikiPermission.CREATE_PAGES));
704:                assertFalse("Anonymous groups", m_auth.checkStaticPermission(s,
705:                        WikiPermission.CREATE_GROUPS));
706:
707:                s = WikiSessionTest.assertedSession(m_engine, "Jack Sparrow");
708:                assertTrue("Asserted view", m_auth.checkStaticPermission(s,
709:                        PagePermission.VIEW));
710:                assertTrue("Asserted edit", m_auth.checkStaticPermission(s,
711:                        PagePermission.EDIT));
712:                assertTrue("Asserted comment", m_auth.checkStaticPermission(s,
713:                        PagePermission.COMMENT));
714:                assertFalse("Asserted modify", m_auth.checkStaticPermission(s,
715:                        PagePermission.MODIFY));
716:                assertFalse("Asserted upload", m_auth.checkStaticPermission(s,
717:                        PagePermission.UPLOAD));
718:                assertFalse("Asserted rename", m_auth.checkStaticPermission(s,
719:                        PagePermission.RENAME));
720:                assertFalse("Asserted delete", m_auth.checkStaticPermission(s,
721:                        PagePermission.DELETE));
722:                assertTrue("Asserted prefs", m_auth.checkStaticPermission(s,
723:                        WikiPermission.EDIT_PREFERENCES));
724:                assertTrue("Asserted profile", m_auth.checkStaticPermission(s,
725:                        WikiPermission.EDIT_PROFILE));
726:                assertTrue("Asserted pages", m_auth.checkStaticPermission(s,
727:                        WikiPermission.CREATE_PAGES));
728:                assertFalse("Asserted groups", m_auth.checkStaticPermission(s,
729:                        WikiPermission.CREATE_GROUPS));
730:
731:                s = WikiSessionTest.authenticatedSession(m_engine, Users.JANNE,
732:                        Users.JANNE_PASS);
733:                assertTrue("Authenticated view", m_auth.checkStaticPermission(
734:                        s, PagePermission.VIEW));
735:                assertTrue("Authenticated edit", m_auth.checkStaticPermission(
736:                        s, PagePermission.EDIT));
737:                assertTrue("Authenticated comment", m_auth
738:                        .checkStaticPermission(s, PagePermission.COMMENT));
739:                assertTrue("Authenticated modify", m_auth
740:                        .checkStaticPermission(s, PagePermission.MODIFY));
741:                assertTrue("Authenticated upload", m_auth
742:                        .checkStaticPermission(s, PagePermission.UPLOAD));
743:                assertTrue("Authenticated rename", m_auth
744:                        .checkStaticPermission(s, PagePermission.RENAME));
745:                assertFalse("Authenticated delete", m_auth
746:                        .checkStaticPermission(s, PagePermission.DELETE));
747:                assertTrue("Authenticated prefs", m_auth.checkStaticPermission(
748:                        s, WikiPermission.EDIT_PREFERENCES));
749:                assertTrue("Authenticated profile", m_auth
750:                        .checkStaticPermission(s, WikiPermission.EDIT_PROFILE));
751:                assertTrue("Authenticated pages", m_auth.checkStaticPermission(
752:                        s, WikiPermission.CREATE_PAGES));
753:                assertTrue("Authenticated groups", m_auth
754:                        .checkStaticPermission(s, WikiPermission.CREATE_GROUPS));
755:
756:                s = WikiSessionTest.adminSession(m_engine);
757:                assertTrue("Admin view", m_auth.checkStaticPermission(s,
758:                        PagePermission.VIEW));
759:                assertTrue("Admin edit", m_auth.checkStaticPermission(s,
760:                        PagePermission.EDIT));
761:                assertTrue("Admin comment", m_auth.checkStaticPermission(s,
762:                        PagePermission.COMMENT));
763:                assertTrue("Admin modify", m_auth.checkStaticPermission(s,
764:                        PagePermission.MODIFY));
765:                assertTrue("Admin upload", m_auth.checkStaticPermission(s,
766:                        PagePermission.UPLOAD));
767:                assertTrue("Admin rename", m_auth.checkStaticPermission(s,
768:                        PagePermission.RENAME));
769:                // Even though we grant AllPermission in the policy, 'delete' isn't explicit so the check
770:                // for delete privileges will fail (but it will succeed if requested via the checkPermission())
771:                assertFalse("Admin delete", m_auth.checkStaticPermission(s,
772:                        PagePermission.DELETE));
773:                assertTrue("Admin prefs", m_auth.checkStaticPermission(s,
774:                        WikiPermission.EDIT_PREFERENCES));
775:                assertTrue("Admin profile", m_auth.checkStaticPermission(s,
776:                        WikiPermission.EDIT_PROFILE));
777:                assertTrue("Admin pages", m_auth.checkStaticPermission(s,
778:                        WikiPermission.CREATE_PAGES));
779:                assertTrue("Admin groups", m_auth.checkStaticPermission(s,
780:                        WikiPermission.CREATE_GROUPS));
781:            }
782:
783:            public void testAdminView() throws Exception {
784:                m_engine.saveText("TestDefaultPage",
785:                        "Foo [{ALLOW view FooBar}]");
786:
787:                Principal admin = new GroupPrincipal("Admin");
788:                WikiSession session = WikiSessionTest
789:                        .containerAuthenticatedSession(m_engine, Users.ALICE,
790:                                new Principal[] { admin });
791:
792:                assertTrue("Alice has AllPermission", m_auth.checkPermission(
793:                        session, new AllPermission(m_engine
794:                                .getApplicationName())));
795:                assertTrue("Alice cannot read", m_auth.checkPermission(session,
796:                        new PagePermission("TestDefaultPage", "view")));
797:            }
798:
799:            public void testAdminView2() throws Exception {
800:                m_engine.saveText("TestDefaultPage",
801:                        "Foo [{ALLOW view FooBar}]");
802:
803:                WikiSession session = WikiSessionTest.adminSession(m_engine);
804:
805:                assertTrue("Alice has AllPermission", m_auth.checkPermission(
806:                        session, new AllPermission(m_engine
807:                                .getApplicationName())));
808:                assertTrue("Alice cannot read", m_auth.checkPermission(session,
809:                        new PagePermission("TestDefaultPage", "view")));
810:            }
811:
812:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.