001: package com.ecyrd.jspwiki.auth.permissions;
002:
003: import java.security.AccessControlException;
004: import java.security.Permission;
005: import java.security.PrivilegedAction;
006:
007: import javax.security.auth.Subject;
008:
009: import com.ecyrd.jspwiki.auth.GroupPrincipal;
010: import com.ecyrd.jspwiki.auth.WikiPrincipal;
011:
012: import junit.framework.TestCase;
013:
014: /**
015: * @author Andrew R. Jaquith
016: */
017: public class GroupPermissionTest extends TestCase {
018:
019: public static void main(String[] args) {
020: junit.textui.TestRunner.run(GroupPermissionTest.class);
021: }
022:
023: /*
024: * Class under test for boolean equals(java.lang.Object)
025: */
026: public final void testEqualsObject() {
027: GroupPermission p1 = new GroupPermission("mywiki:Test",
028: "view,edit,delete");
029: GroupPermission p2 = new GroupPermission("mywiki:Test",
030: "view,edit,delete");
031: GroupPermission p3 = new GroupPermission("mywiki:Test",
032: "delete,view,edit");
033: GroupPermission p4 = new GroupPermission("mywiki:Test*",
034: "delete,view,edit");
035: assertEquals(p1, p2);
036: assertEquals(p1, p3);
037: assertFalse(p3.equals(p4));
038: }
039:
040: public final void testCreateMask() {
041: assertEquals(1, GroupPermission.createMask("view"));
042: assertEquals(7, GroupPermission.createMask("view,edit,delete"));
043: assertEquals(7, GroupPermission.createMask("edit,delete,view"));
044: assertEquals(2, GroupPermission.createMask("edit"));
045: assertEquals(6, GroupPermission.createMask("edit,delete"));
046: }
047:
048: /*
049: * Class under test for java.lang.String toString()
050: */
051: public final void testToString() {
052: GroupPermission p;
053: p = new GroupPermission("Test", "view,edit,delete");
054: assertEquals(
055: "(\"com.ecyrd.jspwiki.auth.permissions.GroupPermission\",\"*:Test\",\"delete,edit,view\")",
056: p.toString());
057: p = new GroupPermission("mywiki:Test", "view,edit,delete");
058: assertEquals(
059: "(\"com.ecyrd.jspwiki.auth.permissions.GroupPermission\",\"mywiki:Test\",\"delete,edit,view\")",
060: p.toString());
061: }
062:
063: /**
064: * Tests wiki name support.
065: */
066: public final void testWikiNames() {
067: GroupPermission p1;
068: GroupPermission p2;
069:
070: // Permissions without prepended wiki name should imply themselves
071: p1 = new GroupPermission("Test", "edit");
072: p2 = new GroupPermission("Test", "edit");
073: assertTrue(p1.implies(p1));
074: assertTrue(p1.implies(p2));
075:
076: // Permissions with a wildcard wiki should imply other wikis
077: p1 = new GroupPermission("*:Test", "edit");
078: p2 = new GroupPermission("mywiki:Test", "edit");
079: assertTrue(p1.implies(p2));
080: assertFalse(p2.implies(p1));
081:
082: // Permissions that start with ":" are just like "*:"
083: p1 = new GroupPermission("*:Test", "edit");
084: p2 = new GroupPermission("Test", "edit");
085: assertTrue(p1.implies(p1));
086: assertTrue(p1.implies(p2));
087: }
088:
089: public final void testImpliesMember() {
090: GroupPermission p1;
091: Permission p2;
092: Subject s;
093:
094: // <groupmember> implies TestGroup if Subject has GroupPermission("TestGroup")
095: p1 = new GroupPermission("*:<groupmember>", "view");
096: p2 = new GroupPermission("*:TestGroup", "view");
097: s = new Subject();
098: s.getPrincipals().add(new GroupPrincipal("TestGroup"));
099: assertTrue(subjectImplies(s, p1, p2));
100:
101: // <groupmember> doesn't imply it if Subject has no GroupPermission("TestGroup")
102: s = new Subject();
103: s.getPrincipals().add(new WikiPrincipal("TestGroup"));
104: assertFalse(subjectImplies(s, p1, p2));
105:
106: // <groupmember> doesn't imply it if Subject's GP doesn't match
107: s = new Subject();
108: s.getPrincipals().add(new GroupPrincipal("FooGroup"));
109: assertFalse(subjectImplies(s, p1, p2));
110:
111: // <groupmember> doesn't imply it if p2 isn't GroupPermission type
112: p2 = new PagePermission("*:TestGroup", "view");
113: s = new Subject();
114: s.getPrincipals().add(new GroupPrincipal("TestGroup"));
115: assertFalse(subjectImplies(s, p1, p2));
116:
117: // <groupmember> implies TestGroup if not called with Subject combiner
118: p1 = new GroupPermission("*:<groupmember>", "view");
119: p2 = new GroupPermission("*:TestGroup", "view");
120: assertFalse(p1.impliesMember(p2));
121: }
122:
123: /*
124: * Class under test for boolean implies(java.security.Permission)
125: */
126: public final void testImpliesPermission() {
127: GroupPermission p1;
128: GroupPermission p2;
129: GroupPermission p3;
130:
131: // The same permission should imply itself
132: p1 = new GroupPermission("mywiki:Test", "view,edit,delete");
133: p2 = new GroupPermission("mywiki:Test", "view,edit,delete");
134: assertTrue(p1.implies(p2));
135: assertTrue(p2.implies(p1));
136:
137: // The same permission should imply itself for wildcard wikis
138: p1 = new GroupPermission("Test", "view,edit,delete");
139: p2 = new GroupPermission("*:Test", "view,edit,delete");
140: p3 = new GroupPermission("mywiki:Test", "view,edit,delete");
141: assertTrue(p1.implies(p2));
142: assertTrue(p2.implies(p1));
143: assertTrue(p1.implies(p3));
144: assertTrue(p2.implies(p3));
145: assertFalse(p3.implies(p1));
146: assertFalse(p3.implies(p2));
147:
148: // Actions on collection should imply permission for group with same
149: // actions
150: p1 = new GroupPermission("*:*", "view,edit,delete");
151: p2 = new GroupPermission("*:Test", "view,edit,delete");
152: p3 = new GroupPermission("mywiki:Test", "view,edit,delete");
153: assertTrue(p1.implies(p2));
154: assertTrue(p1.implies(p3));
155: assertTrue(p2.implies(p3));
156: assertFalse(p2.implies(p1));
157: assertFalse(p3.implies(p1));
158:
159: // Actions on single group should imply subset of those actions
160: p1 = new GroupPermission("*:Test", "view,edit,delete");
161: p2 = new GroupPermission("*:Test", "view");
162: p3 = new GroupPermission("mywiki:Test", "view");
163: assertTrue(p1.implies(p2));
164: assertTrue(p1.implies(p3));
165: assertFalse(p2.implies(p1));
166: assertFalse(p3.implies(p1));
167: assertFalse(p3.implies(p2));
168:
169: // Actions on collection should imply subset of actions on single group
170: p1 = new GroupPermission("*:*", "view,edit,delete");
171: p2 = new GroupPermission("*:Test", "view");
172: p3 = new GroupPermission("mywiki:Test", "view");
173: assertTrue(p1.implies(p2));
174: assertTrue(p1.implies(p3));
175: assertFalse(p2.implies(p1));
176: assertFalse(p3.implies(p1));
177:
178: p1 = new GroupPermission("*:Tes*", "view,edit,delete");
179: p2 = new GroupPermission("*:Test", "view");
180: p3 = new GroupPermission("mywiki:Test", "view");
181: assertTrue(p1.implies(p2));
182: assertTrue(p1.implies(p3));
183: assertFalse(p2.implies(p1));
184: assertFalse(p3.implies(p1));
185:
186: p1 = new GroupPermission("*:*st", "view,edit,delete");
187: p2 = new GroupPermission("*:Test", "view");
188: p3 = new GroupPermission("mywiki:Test", "view");
189: assertTrue(p1.implies(p2));
190: assertTrue(p1.implies(p3));
191: assertFalse(p2.implies(p1));
192: assertFalse(p3.implies(p1));
193:
194: // Delete action on collection should imply edit/view on
195: // single group
196: p1 = new GroupPermission("*:*st", "delete");
197: p2 = new GroupPermission("*:Test", "edit");
198: p3 = new GroupPermission("mywiki:Test", "edit");
199: assertTrue(p1.implies(p2));
200: assertTrue(p1.implies(p3));
201: assertFalse(p2.implies(p1));
202: assertFalse(p3.implies(p1));
203:
204: p2 = new GroupPermission("*:Test", "view");
205: p3 = new GroupPermission("mywiki:Test", "view");
206: assertTrue(p1.implies(p2));
207: assertTrue(p1.implies(p3));
208: assertFalse(p2.implies(p1));
209: assertFalse(p3.implies(p1));
210:
211: // Edit action on collection should imply view on single group
212: p1 = new GroupPermission("*:*st", "edit");
213: p2 = new GroupPermission("*:Test", "view");
214: p3 = new GroupPermission("mywiki:Test", "view");
215: assertTrue(p1.implies(p2));
216: assertTrue(p1.implies(p3));
217: assertFalse(p2.implies(p1));
218: assertFalse(p3.implies(p1));
219:
220: // Pre- and post- wildcards should also be fine
221: p1 = new GroupPermission("*:Test*", "view");
222: p2 = new GroupPermission("*:TestGroup", "view");
223: p3 = new GroupPermission("mywiki:TestGroup", "view");
224: assertTrue(p1.implies(p2));
225: assertTrue(p1.implies(p3));
226: assertFalse(p2.implies(p1));
227: assertFalse(p3.implies(p1));
228:
229: p1 = new GroupPermission("*:*Group", "view");
230: p2 = new GroupPermission("*:TestGroup", "view");
231: p3 = new GroupPermission("mywiki:TestGroup", "view");
232: assertTrue(p1.implies(p2));
233: assertTrue(p1.implies(p3));
234: assertFalse(p2.implies(p1));
235: assertFalse(p3.implies(p1));
236:
237: // Wildcards don't imply the <groupmember> target
238: p1 = new GroupPermission("*:*", "view");
239: p2 = new GroupPermission("*:<groupmember>", "view");
240: assertFalse(p1.implies(p2));
241: assertFalse(p2.implies(p1));
242:
243: p1 = new GroupPermission("*:*ber>", "view");
244: assertFalse(p1.implies(p2));
245: assertFalse(p2.implies(p1));
246: }
247:
248: public final void testImplies() {
249: assertTrue(GroupPermission.DELETE.implies(GroupPermission.EDIT));
250: assertTrue(GroupPermission.DELETE.implies(GroupPermission.VIEW));
251: assertTrue(GroupPermission.EDIT.implies(GroupPermission.VIEW));
252: }
253:
254: public final void testImpliedMask() {
255: int result = (GroupPermission.DELETE_MASK
256: | GroupPermission.EDIT_MASK | GroupPermission.VIEW_MASK);
257: assertEquals(result, GroupPermission
258: .impliedMask(GroupPermission.DELETE_MASK));
259:
260: result = (GroupPermission.EDIT_MASK | GroupPermission.VIEW_MASK);
261: assertEquals(result, GroupPermission
262: .impliedMask(GroupPermission.EDIT_MASK));
263: }
264:
265: public final void testGetName() {
266: GroupPermission p;
267: p = new GroupPermission("Test", "view,edit,delete");
268: assertEquals("Test", p.getName());
269: p = new GroupPermission("mywiki:Test", "view,edit,delete");
270: assertEquals("mywiki:Test", p.getName());
271: assertNotSame("*:Test", p.getName());
272: }
273:
274: /*
275: * Class under test for java.lang.String getActions()
276: */
277: public final void testGetActions() {
278: GroupPermission p = new GroupPermission("Test",
279: "VIEW,edit,delete");
280: assertEquals("delete,edit,view", p.getActions());
281: }
282:
283: /**
284: * Binds a Subject to the current AccessControlContext and calls
285: * p1.implies(p2).
286: * @param subject
287: * @param p1
288: * @param p2
289: * @return
290: */
291: protected final boolean subjectImplies(final Subject subject,
292: final GroupPermission p1, final Permission p2) {
293: try {
294: Boolean result = (Boolean) Subject.doAsPrivileged(subject,
295: new PrivilegedAction() {
296: public Object run() {
297: return Boolean
298: .valueOf(p1.impliesMember(p2));
299: }
300: }, null);
301: return result.booleanValue();
302: } catch (AccessControlException e) {
303: return false;
304: }
305: }
306:
307: }
|