Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E0A861863D for ; Tue, 9 Jun 2015 03:15:12 +0000 (UTC) Received: (qmail 8804 invoked by uid 500); 9 Jun 2015 03:15:07 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 8667 invoked by uid 500); 9 Jun 2015 03:15:07 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 8544 invoked by uid 99); 9 Jun 2015 03:15:07 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Jun 2015 03:15:07 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 495FCE0016; Tue, 9 Jun 2015 03:15:07 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: smckinney@apache.org To: commits@directory.apache.org Date: Tue, 09 Jun 2015 03:15:11 -0000 Message-Id: <042ecbc0a05144448ebb3070163b5bad@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [05/75] [abbrv] [partial] directory-fortress-core git commit: FC-109 - rename rbac package to impl http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/test/java/org/apache/directory/fortress/core/jmeter/AccelCreateSession.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/directory/fortress/core/jmeter/AccelCreateSession.java b/src/test/java/org/apache/directory/fortress/core/jmeter/AccelCreateSession.java index 863362b..570d94d 100644 --- a/src/test/java/org/apache/directory/fortress/core/jmeter/AccelCreateSession.java +++ b/src/test/java/org/apache/directory/fortress/core/jmeter/AccelCreateSession.java @@ -27,7 +27,7 @@ import org.apache.jmeter.samplers.SampleResult; import org.slf4j.LoggerFactory; import org.apache.directory.fortress.core.AccelMgr; import org.apache.directory.fortress.core.model.Session; -import org.apache.directory.fortress.core.rbac.TestUtils; +import org.apache.directory.fortress.core.impl.TestUtils; import org.apache.directory.fortress.core.model.User; import static org.junit.Assert.*; http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/test/java/org/apache/directory/fortress/core/jmeter/CheckAccess.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/directory/fortress/core/jmeter/CheckAccess.java b/src/test/java/org/apache/directory/fortress/core/jmeter/CheckAccess.java index 183e587..9665857 100644 --- a/src/test/java/org/apache/directory/fortress/core/jmeter/CheckAccess.java +++ b/src/test/java/org/apache/directory/fortress/core/jmeter/CheckAccess.java @@ -30,7 +30,7 @@ import org.apache.directory.fortress.core.AccelMgr; import org.apache.directory.fortress.core.AccessMgr; import org.apache.directory.fortress.core.model.Permission; import org.apache.directory.fortress.core.model.Session; -import org.apache.directory.fortress.core.rbac.TestUtils; +import org.apache.directory.fortress.core.impl.TestUtils; import org.apache.directory.fortress.core.model.User; import static org.junit.Assert.*; http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/test/java/org/apache/directory/fortress/core/jmeter/FortressCreateSession.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/directory/fortress/core/jmeter/FortressCreateSession.java b/src/test/java/org/apache/directory/fortress/core/jmeter/FortressCreateSession.java index 44b3651..de78140 100644 --- a/src/test/java/org/apache/directory/fortress/core/jmeter/FortressCreateSession.java +++ b/src/test/java/org/apache/directory/fortress/core/jmeter/FortressCreateSession.java @@ -27,7 +27,7 @@ import org.apache.jmeter.samplers.SampleResult; import org.slf4j.LoggerFactory; import org.apache.directory.fortress.core.AccessMgr; import org.apache.directory.fortress.core.model.Session; -import org.apache.directory.fortress.core.rbac.TestUtils; +import org.apache.directory.fortress.core.impl.TestUtils; import org.apache.directory.fortress.core.model.User; import static org.junit.Assert.*; http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/test/java/org/apache/directory/fortress/core/rbac/AccelMgrImplTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/directory/fortress/core/rbac/AccelMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/rbac/AccelMgrImplTest.java deleted file mode 100644 index de4d6e5..0000000 --- a/src/test/java/org/apache/directory/fortress/core/rbac/AccelMgrImplTest.java +++ /dev/null @@ -1,459 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac; - -import java.util.ArrayList; -import java.util.List; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -import org.apache.commons.lang.StringUtils; -import org.apache.directory.fortress.core.model.Permission; -import org.apache.directory.fortress.core.model.Session; -import org.apache.directory.fortress.core.model.User; -import org.apache.directory.fortress.core.model.UserRole; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import org.apache.directory.fortress.core.AccelMgr; -import org.apache.directory.fortress.core.AccelMgrFactory; -import org.apache.directory.fortress.core.GlobalErrIds; -import org.apache.directory.fortress.core.SecurityException; -import org.apache.directory.fortress.core.util.LogUtil; - - -/** - * AccelMgrImpl Tester. This module executes RBAC accelerator client side extended operations. - * It requires the OpenLDAP RBAC Accelerator Overlay to be configured on the server-side. - * - * @author Apache Directory Project - */ -public class AccelMgrImplTest extends TestCase -{ - private static final String CLS_NM = AccelMgrImplTest.class.getName(); - private static final Logger LOG = LoggerFactory.getLogger( CLS_NM ); - - public static Test suite() - { - TestSuite suite = new TestSuite(); - suite.addTest( new AccelMgrImplTest( "testCreateSession" ) ); - suite.addTest( new AccelMgrImplTest( "testCreateSessionWithRole" ) ); - suite.addTest( new AccelMgrImplTest( "testCheckAccess" ) ); - suite.addTest( new AccelMgrImplTest( "testAddActiveRole" ) ); - suite.addTest( new AccelMgrImplTest( "testDropActiveRole" ) ); - return suite; - } - - public AccelMgrImplTest( String name ) - { - super( name ); - } - - public void setUp() throws Exception - { - super.setUp(); - } - - public void tearDown() throws Exception - { - super.tearDown(); - } - - public void testGetSession() throws Exception - { - //TODO: Test goes here... - } - - public void testGetToken() throws Exception - { - //TODO: Test goes here... - } - - /** - * - */ - public void testCreateSession() - { - // public Session createSession(User user, boolean isTrusted) - createSessions( "CREATE-SESS TU1_UPD TR1", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - createSessions( "CREATE-SESS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - createSessions( "CREATE-SESS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void createSessions( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accelMgr.createSession( user, false ); - assertNotNull( session ); - accelMgr.deleteSession( session ); - // now try negative test case: - try - { - User userBad = new User( user.getUserId(), "badpw".toCharArray() ); - accelMgr.createSession( userBad, false ); - fail( CLS_NM + ".createSessions failed negative test" ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "createSessions excep id check", se.getErrorId() == GlobalErrIds - .USER_PW_INVLD ); - // pass - } - } - LOG.debug( "createSessions successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessions: failed with SecurityException rc=" + ex.getErrorId() + ", " + - "msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCreateSessionWithRole() - { - // public Session createSession(User user, boolean isTrusted) - createSessionsWithRoles( "CR-SESS-WRLS TU1_UPD TR1", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - createSessionsWithRoles( "CR-SESS-WRLS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - createSessionsWithRoles( "CR-SESS-WRLS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void createSessionsWithRoles( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - List rlsRequested = new ArrayList<>(); - int cnt = 0; - for ( String[] rle : rArray ) - { - rlsRequested.add( RoleTestData.getUserRole( user.getUserId(), rle ) ); - user.setRoles( rlsRequested ); - Session session = accelMgr.createSession( user, false ); - assertTrue( CLS_NM + ".createSessionsWithRoles failed role search USER [" + user.getUserId() + "]" + - " CNT [" + ++cnt + "] size [" + session.getRoles().size() + "]", - cnt == session.getRoles().size() ); - accelMgr.deleteSession( session ); - } - } - LOG.debug( "createSessionsWithRoles successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessionsWithRoles: failed with SecurityException rc=" + ex.getErrorId() + ", " + - "msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCheckAccess() - { - checkAccess( "CHCK-ACS TU3 TOB3 TOP3 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3, - PermTestData.OPS_TOP3, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 ); - - checkAccess( "CHCK-ACS TU3 TO3 TOP1 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3, - PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 ); - - checkAccess( "CHCK-ACS TU4 TO4 TOP1 ", UserTestData.USERS_TU4, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP2, - PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 ); - - checkAccess( "CHCK-ACS TU1_UPD TO1 TOP1 ", UserTestData.USERS_TU1_UPD, PermTestData.OBJS_TOB1, - PermTestData.OPS_TOP1, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3 ); - } - - - /** - * @param msg - * @param uArray - * @param oArray - * @param opArray - * @param oArrayBad - * @param opArrayBad - */ - public static void checkAccess( String msg, String[][] uArray, String[][] oArray, String[][] opArray, - String[][] oArrayBad, String[][] opArrayBad ) - { - LogUtil.logIt( msg ); - try - { - AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accelMgr.createSession( user, false ); - assertNotNull( session ); - int i = 0; - for ( String[] obj : oArray ) - { - int j = 0; - for ( String[] op : opArray ) - { - Permission goodPerm; - if( StringUtils.isNotEmpty( PermTestData.getObjId( opArray[j] ) ) ) - { - // with an objectId: - goodPerm = new Permission( - PermTestData.getName( obj ), - PermTestData.getName( op ), - PermTestData.getObjId( opArray[j] ) ); - } - else - { - // without an objectId: - goodPerm = new Permission( - PermTestData.getName( obj ), - PermTestData.getName( op ) ); - } - - // Positive test case, call checkAccess method, should return 'true': - assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + - PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]", - accelMgr.checkAccess( session, goodPerm ) ); - - Permission badPerm = new Permission( - PermTestData.getName( oArrayBad[i] ), - PermTestData.getName( opArrayBad[j]), - PermTestData.getObjId( opArrayBad[j] ) ); - - // Negative test case, call checkAccess method again, should return 'false': - assertFalse( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + - PermTestData.getName( oArrayBad[i] ) + "] operationName [" + PermTestData.getName( - opArrayBad[j] ) + "]", accelMgr.checkAccess( session, badPerm ) ); - j++; - } - i++; - } - accelMgr.deleteSession( session ); - } - LOG.debug( "checkAccess successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "checkAccess: failed with SecurityException rc=" + ex.getErrorId() + ", " + - "msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testAddActiveRole() - { - // public void addActiveRole(Session session, String role) - addActiveRoles( "ADD-ACT-RLS TU1_UPD TR1 bad:TR2", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1, - RoleTestData.ROLES_TR2 ); - addActiveRoles( "ADD-ACT-RLS TU3 TR3 bad:TR1:", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3, - RoleTestData.ROLES_TR1 ); - addActiveRoles( "ADD-ACT-RLS TU4 TR2 bad:TR1", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2, - RoleTestData.ROLES_TR1 ); - } - - - /** - * @param msg - * @param uArray - * @param rPosArray - * @param rNegArray - */ - public static void addActiveRoles( String msg, String[][] uArray, String[][] rPosArray, String[][] rNegArray ) - { - LogUtil.logIt( msg ); - try - { - AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accelMgr.createSession( user, false ); - assertNotNull( session ); - // Attempt to activate roles that aren't assigned to user: - for ( String[] badRle : rNegArray ) - { - try - { - // Add Role (this better fail): - accelMgr.addActiveRole( session, new UserRole( user.getUserId(), - RoleTestData.getName( badRle ) ) ); - String error = "addActiveRoles failed negative test 1 User [" + user.getUserId() + "] Role [" - + RoleTestData.getName( badRle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "addActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_ACTIVATE_FAILED ); - // pass - } - } - // remove all roles from the user's session: - int ctr = rPosArray.length; - for ( String[] rle : rPosArray ) - { - // Drop Role: - accelMgr.dropActiveRole( session, new UserRole( user.getUserId(), RoleTestData.getName( rle ) ) ); - // Drop Role again: (This better fail because role has already been deactivated from user's - // session) - try - { - // Drop Role3 (this better fail): - accelMgr.dropActiveRole( session, new UserRole( user.getUserId(), - RoleTestData.getName( rle ) ) ); - String error = "addActiveRoles failed negative test 2 User [" + user.getUserId() + "] Role [" - + RoleTestData.getName( rle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "addActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE ); - } - } - // Now activate the list of assigned roles: - ctr = 0; - for ( String[] rle : rPosArray ) - { - // Activate Role(s): - accelMgr.addActiveRole( session, new UserRole( user.getUserId(), RoleTestData.getName( rle ) ) ); - // TODO: this does not work with RAO - fix me. - try - { - // Activate Role again (this should throw SecurityException): - accelMgr.addActiveRole( session, new UserRole( user.getUserId(), - RoleTestData.getName( rle ) ) ); - String error = "addActiveRoles failed test 3 User [" + user.getUserId() + "] Role [" + - RoleTestData.getName( rle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "addActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_ALREADY_ACTIVE ); - // this is good - } - } - accelMgr.deleteSession( session ); - } - } - catch ( SecurityException ex ) - { - LOG.error( "addActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", " + - "msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testDropActiveRole() - { - // public void dropActiveRole(Session session, String role) - dropActiveRoles( "DRP-ACT-RLS TU1_UPD TR1 bad:TR2", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - dropActiveRoles( "DRP-ACT-RLS TU3 TR3 bad:TR1", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - dropActiveRoles( "DRP-ACT-RLS TU4 TR2 bad:TR1", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void dropActiveRoles( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accelMgr.createSession( user, false ); - assertNotNull( session ); - // remove all roles from the user's session: - int ctr = rArray.length; - for ( String[] rle : rArray ) - { - // Drop Role: - accelMgr.dropActiveRole( session, new UserRole( user.getUserId(), RoleTestData.getName( rle ) ) ); - // Drop Role again: (This better fail because role has already been deactivated from user's - // session) - try - { - // Drop Role3 (this better fail): - accelMgr.dropActiveRole( session, new UserRole( user.getUserId(), - RoleTestData.getName( rle ) ) ); - String error = "dropActiveRoles failed negative test 2 User [" + user.getUserId() + "] Role [" + RoleTestData.getName( rle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( "dropActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE ); - } - } - accelMgr.deleteSession( session ); - } - } - catch ( SecurityException ex ) - { - LOG.error( "dropActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/test/java/org/apache/directory/fortress/core/rbac/AccessMgrImplTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/directory/fortress/core/rbac/AccessMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/rbac/AccessMgrImplTest.java deleted file mode 100755 index 3206a2a..0000000 --- a/src/test/java/org/apache/directory/fortress/core/rbac/AccessMgrImplTest.java +++ /dev/null @@ -1,1285 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.directory.fortress.core.rbac; - - -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.Set; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -import org.apache.commons.lang.StringUtils; -import org.apache.directory.fortress.core.model.Permission; -import org.apache.directory.fortress.core.model.SDSet; -import org.apache.directory.fortress.core.model.Session; -import org.apache.directory.fortress.core.model.User; -import org.apache.directory.fortress.core.model.UserRole; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import org.apache.directory.fortress.core.AccessMgr; -import org.apache.directory.fortress.core.AccessMgrFactory; -import org.apache.directory.fortress.core.GlobalErrIds; -import org.apache.directory.fortress.core.PwPolicyMgr; -import org.apache.directory.fortress.core.SecurityException; -import org.apache.directory.fortress.core.util.LogUtil; - - -/** - * AccessMgrImpl Tester. - * - * @author Apache Directory Project - */ -public class AccessMgrImplTest extends TestCase -{ - private static final String CLS_NM = AccessMgrImplTest.class.getName(); - private static final Logger LOG = LoggerFactory.getLogger( CLS_NM ); - - - public static Test suite() - { - TestSuite suite = new TestSuite(); - //suite.addTest(new AccessMgrImplTest("testDropActiveRole")); -/* - suite.addTest( new AdminMgrImplTest( "testResetPassword" ) ); - suite.addTest( new AccessMgrImplTest( "testAuthenticateReset" ) ); - suite.addTest( new AdminMgrImplTest( "testChangePassword" ) ); - suite.addTest( new AccessMgrImplTest( "testAuthenticate" ) ); - suite.addTest( new AdminMgrImplTest( "testLockUserAccount" ) ); - suite.addTest( new AccessMgrImplTest( "testAuthenticateLocked" ) ); - suite.addTest( new AdminMgrImplTest( "testUnlockUserAccount" ) ); -*/ - suite.addTest( new AccessMgrImplTest( "testCheckAccess" ) ); - return suite; - } - - - public AccessMgrImplTest( String name ) - { - super( name ); - } - - - public void setUp() throws Exception - { - super.setUp(); - } - - - public void tearDown() throws Exception - { - super.tearDown(); - } - - - public void testGetSession() throws Exception - { - //TODO: Test goes here... - } - - - public void testGetToken() throws Exception - { - //TODO: Test goes here... - } - - - public void testGetUserId() - { - // public String getUserId(Session, session) - getUsers( "GET-USRIDS TU1_UPD", UserTestData.USERS_TU1_UPD ); - getUsers( "GET-USRIDS TU3", UserTestData.USERS_TU3 ); - getUsers( "GET-USRIDS TU4", UserTestData.USERS_TU4 ); - } - - - /** - * @param msg - * @param uArray - */ - public static void getUserIds( String msg, String[][] uArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.authenticate( user.getUserId(), user.getPassword() ); - assertNotNull( session ); - String userId = accessMgr.getUserId( session ); - assertTrue( "getUserIds failed compare found userId [" + userId + "] valid userId [" - + UserTestData.getUserId( usr ) + "]", userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - } - LOG.debug( "getUserIds successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( - "getUserIds: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - public void testGetUser() - { - // public User getUser(Session, session) - getUsers( "GET-USRS TU1_UPD", UserTestData.USERS_TU1_UPD ); - getUsers( "GET-USRS TU3", UserTestData.USERS_TU3 ); - getUsers( "GET-USRS TU4", UserTestData.USERS_TU4 ); - } - - - /** - * @param msg - * @param uArray - */ - public static void getUsers( String msg, String[][] uArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - user = accessMgr.getUser( session ); - UserTestData.assertEquals( user, usr ); - } - LOG.debug( "getUsers successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( - "getUsers: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), - ex ); - fail( ex.getMessage() ); - } - } - - - public void testAuthenticate() - { - // public Session authenticate(String userId, String password) - authenticateUsers( "AUTH-USRS TU1_UPD", UserTestData.USERS_TU1_UPD, 1 ); - authenticateUsers( "AUTH-USRS TU2_CHG", UserTestData.USERS_TU2_CHG, 1 ); - authenticateUsers( "AUTH-USRS TU3", UserTestData.USERS_TU3, 1 ); - authenticateUsers( "AUTH-USRS TU4", UserTestData.USERS_TU4, 1 ); - } - - - /** - * @param msg - * @param uArray - * @param multiplier - */ - private static void authenticateUsers( String msg, String[][] uArray, int multiplier ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.authenticate( user.getUserId(), user.getPassword() ); - assertNotNull( session ); - // todo: need to test to ensure roles are not added to session. - // now try negative test case: - try - { - accessMgr.authenticate( user.getUserId(), "wrongpw".toCharArray() ); - fail( "authenticateUsers failed negative test" ); - } - catch ( SecurityException se ) - { - assertTrue( "authenticateUsers reset excep id check", - se.getErrorId() == GlobalErrIds.USER_PW_INVLD ); - // pass - } - } - LOG.debug( "authenticateUsers successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "authenticateUsers: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testAuthenticateLocked() - { - // public Session authenticate(String userId, String password) - authenticateLockedUsers( "AUTH-L-USRS TU1_UPD", UserTestData.USERS_TU1_UPD ); - authenticateLockedUsers( "AUTH-L-USRS TU3", UserTestData.USERS_TU3 ); - authenticateLockedUsers( "AUTH-L-USRS TU4", UserTestData.USERS_TU4 ); - } - - - /** - * @param msg - * @param uArray - */ - private static void authenticateLockedUsers( String msg, String[][] uArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - // now try negative test case: - try - { - accessMgr.authenticate( user.getUserId(), user.getPassword() ); - fail( CLS_NM + ".authenticateLockedUsers failed test" ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "authenticateLockedUsers reset excep id check", - se.getErrorId() == GlobalErrIds.USER_PW_LOCKED ); - // pass - //LOG.error("locked=" + se.getMsgid() + " msg=" + se.getMessage()); - } - } - LOG.debug( "authenticateLockedUsers successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "authenticateLockedUsers: failed with SecurityException rc=" + ex.getErrorId() - + ", msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testAuthenticateReset() - { - // public Session authenticate(String userId, String password) - authenticateResetUsers( "AUTH-R-USRS TU2_RST", UserTestData.USERS_TU2_RST, PolicyTestData.POLICIES_TP2[0] ); - } - - - /** - * @param msg - * @param uArray - */ - private static void authenticateResetUsers( String msg, String[][] uArray, String[] plcy ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - PwPolicyMgr policyMgr = PswdPolicyMgrImplTest.getManagedPswdMgr(); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - // update this user with pw policy that requires change after reset: - policyMgr.updateUserPolicy( user.getUserId(), PolicyTestData.getName( plcy ) ); - // now try negative test case: - try - { - accessMgr.authenticate( user.getUserId(), user.getPassword() ); - //accessMgr.authenticate( user.getUserId(), user.getPassword() ); - fail( CLS_NM + ".authenticateResetUsers failed test" ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "authenticateResetUsers reset excep id check", - se.getErrorId() == GlobalErrIds.USER_PW_RESET ); - // pass - } - } - LOG.debug( "authenticateResetUsers successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "authenticateResetUsers: failed with SecurityException rc=" + ex.getErrorId() - + ", msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCreateSession() - { - // public Session createSession(User user, boolean isTrusted) - createSessions( "CREATE-SESS TU1_UPD TR1", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - createSessions( "CREATE-SESS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - createSessions( "CREATE-SESS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void createSessions( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".createSessions failed compare found userId [" + userId + "] valid userId [" - + UserTestData.getUserId( usr ) + "]", userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - List uRoles = session.getRoles(); - assertNotNull( uRoles ); - assertEquals( CLS_NM + ".createSessions user role check failed list size user [" + user.getUserId() - + "]", rArray.length, uRoles.size() ); - for ( String[] rle : rArray ) - { - assertTrue( CLS_NM + ".createSessions failed role search USER [" + user.getUserId() + "] ROLE1 [" - + RoleTestData.getName( rle ) + "] should be present", - uRoles.contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - } - - // now try negative test case: - try - { - User userBad = new User( user.getUserId(), "badpw".toCharArray() ); - accessMgr.createSession( userBad, false ); - fail( CLS_NM + ".createSessions failed negative test" ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "createSessions excep id check", se.getErrorId() == GlobalErrIds.USER_PW_INVLD ); - // pass - } - } - LOG.debug( "createSessions successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( - "createSessions: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCreateSessionWithRole() - { - // public Session createSession(User user, boolean isTrusted) - createSessionsWithRoles( "CR-SESS-WRLS TU1_UPD TR1", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - createSessionsWithRoles( "CR-SESS-WRLS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - createSessionsWithRoles( "CR-SESS-WRLS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void createSessionsWithRoles( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - List rlsRequested = new ArrayList<>(); - int cnt = 0; - for ( String[] rle : rArray ) - { - rlsRequested.add( RoleTestData.getUserRole( user.getUserId(), rle ) ); - user.setRoles( rlsRequested ); - Session session = accessMgr.createSession( user, false ); - assertTrue( CLS_NM + ".createSessionsWithRoles failed role search USER [" + user.getUserId() - + "] CNT [" + ++cnt + "] size [" + session.getRoles().size() + "]", cnt == session.getRoles() - .size() ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".createSessionsWithRoles failed compare found userId [" + userId - + "] valid userId [" + UserTestData.getUserId( usr ) + "]", - userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - } - } - LOG.debug( "createSessionsWithRoles successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessionsWithRoles: failed with SecurityException rc=" + ex.getErrorId() - + ", msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCreateSessionWithRolesTrusted() - { - // public Session createSession(User user, boolean isTrusted) - createSessionsWithRolesTrusted( "CR-SESS-WRLS-TRST TU1_UPD TR1", UserTestData.USERS_TU1_UPD, - RoleTestData.ROLES_TR1 ); - createSessionsWithRolesTrusted( "CR-SESS-WRLS-TRST TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - createSessionsWithRolesTrusted( "CR-SESS-WRLS-TRST TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void createSessionsWithRolesTrusted( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - List rlsRequested = new ArrayList<>(); - int cnt = 0; - for ( String[] rle : rArray ) - { - rlsRequested.add( RoleTestData.getUserRole( user.getUserId(), rle ) ); - user.setRoles( rlsRequested ); - Session session = accessMgr.createSession( user, true ); - assertTrue( CLS_NM + ".createSessionsWithRolesTrusted failed role search USER [" + user.getUserId() - + "] CNT [" + ++cnt + "] size [" + session.getRoles().size() + "]", cnt == session.getRoles() - .size() ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".createSessionsWithRolesTrusted failed compare found userId [" + userId - + "] valid userId [" + UserTestData.getUserId( usr ) + "]", - userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - } - } - LOG.debug( "createSessionsWithRolesTrusted successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessionsWithRolesTrusted: failed with SecurityException rc=" + ex.getErrorId() - + ", msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCreateSessionTrusted() - { - // public Session createSession(User user, boolean isTrusted) - createSessionsTrusted( "CR-SESS-TRST TU1_UPD TR1", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - createSessionsTrusted( "CR-SESS-TRST TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - createSessionsTrusted( "CR-SESS-TRST TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void createSessionsTrusted( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, true ); - assertNotNull( session ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".createSessionsTrusted failed compare found userId [" + userId - + "] valid userId [" + UserTestData.getUserId( usr ) + "]", - userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - List uRoles = session.getRoles(); - assertNotNull( uRoles ); - assertEquals( - CLS_NM + ".createSessionsTrusted user role check failed list size user [" + user.getUserId() + "]", - rArray.length, uRoles.size() ); - for ( String[] rle : rArray ) - { - assertTrue( CLS_NM + ".createSessionsTrusted failed role search USER [" + user.getUserId() - + "] ROLE1 [" + RoleTestData.getName( rle ) + "] should be present", - uRoles.contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - } - - // now try negative test case: - try - { - User badUser = new User( user.getUserId() + "wrong" ); - accessMgr.createSession( badUser, true ); - fail( CLS_NM + ".createSessionsTrusted failed negative test" ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "createSessionsTrusted excep id check", - se.getErrorId() == GlobalErrIds.USER_NOT_FOUND ); - // pass - } - } - LOG.debug( "createSessionsTrusted successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessionsTrusted: failed with SecurityException rc=" + ex.getErrorId() - + ", msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - public void createSessionsDSD() - { - // public Session createSession(User user, boolean isTrusted) - createSessionsDSD( "CR-SESS-DSD TU12 DSD_T1", UserTestData.USERS_TU12_DSD, RoleTestData.DSD_T1 ); - createSessionsDSD( "CR-SESS-DSD TU13 DSD_T4_B", UserTestData.USERS_TU13_DSD_HIER, RoleTestData.DSD_T4_B ); - createSessionsDSD( "CR-SESS-DSD TU14 DSD_T5_B", UserTestData.USERS_TU14_DSD_HIER, RoleTestData.DSD_T5_B ); - createSessionsDSD( "CR-SESS-DSD TU15 DSD_T6_C", UserTestData.USERS_TU15_DSD_HIER, RoleTestData.DSD_T6_C ); - createSessionsDSD( "CR-SESS-DSD TU21 DSD_T8_BRUNO", UserTestData.USERS_TU21_DSD_BRUNO, - RoleTestData.DSD_T8_BRUNO ); - } - - - /** - * - * @param msg - * @param uArray - * @param dsdArray - */ - public static void createSessionsDSD( String msg, String[][] uArray, String[][] dsdArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - int i = 0; - for ( String[] usr : uArray ) - { - SDSet dsd = RoleTestData.getSDSet( dsdArray[i++] ); - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".createSessionsDSD failed compare found userId [" + userId + "] valid userId [" - + UserTestData.getUserId( usr ) + "]", userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - List uRoles = session.getRoles(); - assertNotNull( uRoles ); - // was the number of members in test DSD greater than the cardinality? - if ( dsd.getMembers().size() < dsd.getCardinality() ) - { - assertEquals( - CLS_NM + ".createSessionsDSD role list size check failed user-role user [" + user.getUserId() - + "]", dsd.getMembers().size(), uRoles.size() ); - } - else - { - assertEquals( - CLS_NM + ".createSessionsDSD role cardinality check failed user-role list size user [" - + user.getUserId() + "] dsd set [" + dsd.getName() + "] card [" + dsd.getCardinality() - + "] listsize [" + uRoles.size() + "]", dsd.getCardinality() - 1, uRoles.size() ); - } - } - LOG.debug( "createSessionsDSD successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessionsDSD: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCreateSessionHier() - { - // public Session createSession(User user, boolean isTrusted) - createSessionsHier( "CREATE-SESS-HIER TU18 TR6 DESC", UserTestData.USERS_TU18U_TR6_DESC ); - createSessionsHier( "CREATE-SESS-HIER TU19U TR7 ASC", UserTestData.USERS_TU19U_TR7_ASC ); - } - - - /** - * - * @param msg - * @param uArray - */ - public static void createSessionsHier( String msg, String[][] uArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".createSessionsHier failed compare found userId [" + userId + "] valid userId [" - + UserTestData.getUserId( usr ) + "]", userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - - // Get the authorized roles for this user: - Collection authZRoles = UserTestData.getAuthorizedRoles( usr ); - - // If there are any assigned roles, add them to list of authorized. - Set asgnRoles = UserTestData.getAssignedRoles( usr ); - assertNotNull( asgnRoles ); - assertTrue( asgnRoles.size() > 0 ); - - for ( String asgnRole : asgnRoles ) - { - authZRoles.add( asgnRole ); - } - - Set actualRoles = accessMgr.authorizedRoles( session ); - assertNotNull( actualRoles ); - assertEquals( - CLS_NM + ".createSessionsHier authorized roles list size test case failed for [" + user.getUserId() - + "]", authZRoles.size(), actualRoles.size() ); - for ( String name : authZRoles ) - { - assertTrue( CLS_NM + ".createSessionsHier authorized roles compare test case failed for USER [" - + user.getUserId() + "] expect role [" + name + "] nout found", actualRoles.contains( name ) ); - } - } - LOG.debug( "createSessionsHier successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "createSessionsHier: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testCheckAccess() - { - // public boolean checkAccess(String object, String operation, Session session) - checkAccess( "CHCK-ACS TU1_UPD TO1 TOP1 ", UserTestData.USERS_TU1_UPD, PermTestData.OBJS_TOB1, - PermTestData.OPS_TOP1, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3 ); - checkAccess( "CHCK-ACS TU3 TO3 TOP1 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3, - PermTestData.OBJS_TOB2, PermTestData.OPS_TOP2 ); - checkAccess( "CHCK-ACS TU4 TO4 TOP1 ", UserTestData.USERS_TU4, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP2, - PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3 ); - } - - - public static void checkAccess( String msg, String[][] uArray, String[][] oArray, String[][] opArray, - String[][] oArrayBad, String[][] opArrayBad ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - int i = 0; - for ( String[] obj : oArray ) - { - int j = 0; - for ( String[] op : opArray ) - { - Permission goodPerm; - if( StringUtils.isNotEmpty( PermTestData.getObjId( opArray[j] ) ) ) - { - // with an objectId: - goodPerm = new Permission( - PermTestData.getName( obj ), - PermTestData.getName( op ), - PermTestData.getObjId( opArray[j] ) ); - } - else - { - // without an objectId: - goodPerm = new Permission( - PermTestData.getName( obj ), - PermTestData.getName( op ) ); - } - - // Positive test case, call checkAccess method, should return 'true': - assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + - PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]", - accessMgr.checkAccess( session, goodPerm ) ); - Permission badPerm; - if( StringUtils.isNotEmpty( PermTestData.getObjId( opArrayBad[j] ) ) ) - { - // with an objectId: - badPerm = new Permission( - PermTestData.getName( oArrayBad[i] ), - PermTestData.getName( opArrayBad[j] ), - PermTestData.getObjId( opArrayBad[j] ) ); - } - else - { - // without an objectId: - badPerm = new Permission( - PermTestData.getName( oArrayBad[i] ), - PermTestData.getName( opArrayBad[j] ) ); - } - //LOG.warn("Assert False userId [" + user.getUserId() + "], perm: " + badPerm); - // Negative test case, call checkAccess method again, should return 'false': - assertFalse( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + - PermTestData.getName( oArrayBad[i] ) + "] operationName [" + PermTestData.getName( - opArrayBad[j] ) + "]", accessMgr.checkAccess( session, badPerm ) ); - j++; - } - i++; - } - } - LOG.debug( "checkAccess successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( "checkAccess: failed with SecurityException rc=" + ex.getErrorId() + ", " + - "msg=" + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testSessionPermission() - { - // public List sessionPermissions(Session session) - // public static void sessionPermissions(String msg, String[][] uArray, String[][] oArray, String[][] opArray) - sessionPermissions( "SESS-PRMS TU1_UPD TO1 TOP1 ", UserTestData.USERS_TU1_UPD, PermTestData.OBJS_TOB1, - PermTestData.OPS_TOP1 ); - sessionPermissionsH( "SESS-PRMS_H USERS_TU7_HIER OBJS_TOB4 OPS_TOP4 ", UserTestData.USERS_TU7_HIER, - PermTestData.OBJS_TOB4, PermTestData.OPS_TOP4 ); - } - - - /** - * @param msg - * @param uArray - * @param oArray - * @param opArray - */ - public static void sessionPermissions( String msg, String[][] uArray, String[][] oArray, String[][] opArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - List pOps = accessMgr.sessionPermissions( session ); - assertNotNull( pOps ); - // There should be objs * ops number of perms in the list returned from sessionPermissions method: - assertEquals( CLS_NM + - ".sessionPermissions failed list size user[" + user.getUserId() + "]", - oArray.length * opArray.length, pOps.size() ); - - // Iterate over objs x ops, see if every expected valid permission is contained within the returned list: - for ( String[] obj : oArray ) - { - for ( String[] op : opArray ) - { - Permission validPOp = PermTestData.getOp( PermTestData.getName( obj ), op ); - assertTrue( CLS_NM + - ".sessionPermissions failed perm list compare USER [" + user.getUserId() + - "] PERM Obj [" + PermTestData.getName( obj ) + "] " + - "OPER [" + PermTestData.getName( op ) + "]", - pOps.contains( validPOp ) ); - } - } - } - } - catch ( SecurityException ex ) - { - LOG.error( "sessionPermissions: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - * @param msg - * @param uArray - * @param oArray - * @param opArray - */ - public static void sessionPermissionsH( String msg, String[][] uArray, String[][] oArray, String[][] opArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - int i = 0; - for ( String[] usr : uArray ) - { - i++; - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - List pOps = accessMgr.sessionPermissions( session ); - assertNotNull( pOps ); - //LOG.warn("sessionPermissionsH list size user [" + user.getUserId() + "] expected len=" + - // (11 - i) * opArray.length + " actual len=" + pOps.size()); - assertEquals( CLS_NM + - ".sessionPermissionsH failed list size user[" + user.getUserId() + "]", - ( 11 - i ) * opArray.length, pOps.size() ); - - // Iterate over objs x ops, see if every expected valid permission is contained within the returned list: - int j = 0; - for ( String[] obj : oArray ) - { - j++; - // role1 inherits 2 - 10, role 2 inherits 3 - 10, role 3 inherits 4 - 10, etc. - // obj1.op1 - 10 are granted to role1, obj2.op1 - 10 are granted to role2, etc... - // positive tests: - if ( i == j || i < j ) - { - int k = 0; - for ( String[] op : opArray ) - { - k++; - Permission validPOp = PermTestData.getOp( PermTestData.getName( obj ), op ); - assertTrue( CLS_NM + - ".sessionPermissionsH failed perm list compare USER [" + user.getUserId() + - "] PERM Obj [" + PermTestData.getName( obj ) + "] " + - "OPER [" + PermTestData.getName( op ) + "]", - pOps.contains( validPOp ) ); - - boolean result = accessMgr.checkAccess( session, new Permission( - PermTestData.getName( obj ), PermTestData.getName( op ) ) ); - assertTrue( CLS_NM + - ".sessionPermissionsH failed checkAccess USER [" + user.getUserId() + - "] PERM Obj [" + PermTestData.getName( obj ) + "] " + - "OPER [" + PermTestData.getName( op ) + "]", - result ); - } - } - // negative tests: - else - { - int k = 0; - for ( String[] op : opArray ) - { - k++; - Permission validPOp = PermTestData.getOp( PermTestData.getName( obj ), op ); - assertTrue( CLS_NM + - ".sessionPermissionsH failed negative perm list compare USER [" + user.getUserId() + - "] PERM Obj [" + PermTestData.getName( obj ) + "] " + - "OPER [" + PermTestData.getName( op ) + "]", - !pOps.contains( validPOp ) ); - - boolean result = accessMgr.checkAccess( session, new Permission( - PermTestData.getName( obj ), PermTestData.getName( op ) ) ); - assertTrue( CLS_NM + - ".sessionPermissionsH failed negative checkAccess USER [" + user.getUserId() + - "] PERM Obj [" + PermTestData.getName( obj ) + "] " + - "OPER [" + PermTestData.getName( op ) + "]", - !result ); - } - } - } - } - } - catch ( SecurityException ex ) - { - LOG.error( "sessionPermissionsH: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testSessionRole() - { - // public List sessionRoles(Session session) - sessionRoles( "SESS-RLS TU1_UPD TR1", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - sessionRoles( "SESS-RLS TU3 TR3", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - sessionRoles( "SESS-RLS TU4 TR2", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void sessionRoles( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - String userId = accessMgr.getUserId( session ); - assertTrue( CLS_NM + ".sessionRoles failed compare found userId [" + userId + "] valid userId [" - + UserTestData.getUserId( usr ) + "]", userId.equalsIgnoreCase( UserTestData.getUserId( usr ) ) ); - UserTestData.assertEquals( user, usr ); - List uRoles = accessMgr.sessionRoles( session ); - assertNotNull( uRoles ); - assertEquals( - CLS_NM + ".sessionRoles user role check failed list size user [" + user.getUserId() + "]", - rArray.length, uRoles.size() ); - for ( String[] rle : rArray ) - { - assertTrue( CLS_NM + ".sessionRoles failed role search USER [" + user.getUserId() + "] ROLE1 [" - + RoleTestData.getName( rle ) + "] should be present", - uRoles.contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - } - } - LOG.debug( "sessionRoles successful" ); - } - catch ( SecurityException ex ) - { - LOG.error( - "sessionRoles: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testAddActiveRole() - { - // public void addActiveRole(Session session, String role) - addActiveRoles( "ADD-ACT-RLS TU1_UPD TR1 bad:TR2", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1, - RoleTestData.ROLES_TR2 ); - addActiveRoles( "ADD-ACT-RLS TU3 TR3 bad:TR1:", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3, - RoleTestData.ROLES_TR1 ); - addActiveRoles( "ADD-ACT-RLS TU4 TR2 bad:TR1", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2, - RoleTestData.ROLES_TR1 ); - addActiveRolesDSD( "ADD-ACT-RLS-USRS_DSDT1 TU8 DSD_T1", UserTestData.USERS_TU8_SSD, RoleTestData.DSD_T1 ); - addActiveRolesDSD( "ADD-ACT-RLS-USRS_DSDT4B TU9 DSD_T4_B", UserTestData.USERS_TU9_SSD_HIER, - RoleTestData.DSD_T4_B ); - addActiveRolesDSD( "ADD-ACT-RLS-USRS_DSDT5B TU10 DSD_T5_B", UserTestData.USERS_TU10_SSD_HIER, - RoleTestData.DSD_T5_B ); - addActiveRolesDSD( "ADD-ACT-RLS-USRS_DSDT6B TU11 DSD_T6_B", UserTestData.USERS_TU11_SSD_HIER, - RoleTestData.DSD_T6_D ); - } - - - /** - * @param msg - * @param uArray - * @param rPosArray - * @param rNegArray - */ - public static void addActiveRoles( String msg, String[][] uArray, String[][] rPosArray, String[][] rNegArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - List uRoles = session.getRoles(); - assertNotNull( uRoles ); - assertEquals( CLS_NM + ".addActiveRoles failed list size user[" + user.getUserId() + "]", - rPosArray.length, uRoles.size() ); - for ( String[] rle : rPosArray ) - { - assertTrue( CLS_NM + ".addActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" - + RoleTestData.getName( rle ) + "] should be present", - uRoles.contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - } - // Attempt to activate roles that aren't assigned to user: - for ( String[] badRle : rNegArray ) - { - try - { - // Add Role (this better fail): - accessMgr.addActiveRole( session, new UserRole( RoleTestData.getName( badRle ) ) ); - String error = "addActiveRoles failed negative test 1 User [" + user.getUserId() - + "] Role [" + RoleTestData.getName( badRle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "addActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_ACTIVATE_FAILED ); - // pass - } - } - // remove all roles from the user's session: - int ctr = rPosArray.length; - for ( String[] rle : rPosArray ) - { - // Drop Role: - accessMgr.dropActiveRole( session, new UserRole( RoleTestData.getName( rle ) ) ); - assertEquals( CLS_NM + ".addActiveRoles failed list size user[" + user.getUserId() + "]", - ( --ctr ), session.getRoles().size() ); - assertTrue( CLS_NM + ".addActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" - + RoleTestData.getName( rle ) + "] should not contain role", - !session.getRoles().contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - // Drop Role again: (This better fail because role has already been deactivated from user's session) - try - { - // Drop Role3 (this better fail): - accessMgr.dropActiveRole( session, new UserRole( RoleTestData.getName( rle ) ) ); - String error = "addActiveRoles failed negative test 2 User [" + user.getUserId() - + "] Role [" + RoleTestData.getName( rle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "addActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE ); - } - } - // Now activate the list of assigned roles: - ctr = 0; - for ( String[] rle : rPosArray ) - { - // Activate Role(s): - accessMgr.addActiveRole( session, new UserRole( RoleTestData.getName( rle ) ) ); - uRoles = session.getRoles(); - assertEquals( CLS_NM + ".addActiveRoles failed list size user [" + user.getUserId() + "]", ++ctr, - uRoles.size() ); - assertTrue( CLS_NM + ".addActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" - + RoleTestData.getName( rle ) + "] should contain role", - uRoles.contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - try - { - // Activate Role again (this should throw SecurityException): - accessMgr.addActiveRole( session, new UserRole( RoleTestData.getName( rle ) ) ); - String error = "addActiveRoles failed test 3 User [" + user.getUserId() + "] Role [" - + RoleTestData.getName( rle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( CLS_NM + "addActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_ALREADY_ACTIVE ); - // this is good - } - } - } - } - catch ( SecurityException ex ) - { - LOG.error( - "addActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - /** - * - */ - public void testDropActiveRole() - { - // public void dropActiveRole(Session session, String role) - dropActiveRoles( "DRP-ACT-RLS TU1_UPD TR1 bad:TR2", UserTestData.USERS_TU1_UPD, RoleTestData.ROLES_TR1 ); - dropActiveRoles( "DRP-ACT-RLS TU3 TR3 bad:TR1", UserTestData.USERS_TU3, RoleTestData.ROLES_TR3 ); - dropActiveRoles( "DRP-ACT-RLS TU4 TR2 bad:TR1", UserTestData.USERS_TU4, RoleTestData.ROLES_TR2 ); - } - - - /** - * @param msg - * @param uArray - * @param rArray - */ - public static void dropActiveRoles( String msg, String[][] uArray, String[][] rArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - for ( String[] usr : uArray ) - { - User user = UserTestData.getUser( usr ); - Session session = accessMgr.createSession( user, false ); - assertNotNull( session ); - List uRoles = session.getRoles(); - assertNotNull( uRoles ); - assertEquals( CLS_NM + ".dropActiveRoles failed list size user[" + user.getUserId() + "]", - rArray.length, uRoles.size() ); - for ( String[] rle : rArray ) - { - assertTrue( CLS_NM + ".dropActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" - + RoleTestData.getName( rle ) + "] should be present", - uRoles.contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - } - // remove all roles from the user's session: - int ctr = rArray.length; - for ( String[] rle : rArray ) - { - // Drop Role: - accessMgr.dropActiveRole( session, new UserRole( RoleTestData.getName( rle ) ) ); - assertEquals( CLS_NM + ".dropActiveRoles failed list size user[" + user.getUserId() + "]", - ( --ctr ), session.getRoles().size() ); - assertTrue( CLS_NM + ".dropActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" - + RoleTestData.getName( rle ) + "] should not contain role", - !session.getRoles().contains( RoleTestData.getUserRole( UserTestData.getUserId( usr ), rle ) ) ); - // Drop Role again: (This better fail because role has already been deactivated from user's session) - try - { - // Drop Role3 (this better fail): - accessMgr.dropActiveRole( session, new UserRole( RoleTestData.getName( rle ) ) ); - String error = "dropActiveRoles failed negative test 2 User [" + user.getUserId() - + "] Role [" + RoleTestData.getName( rle ) + "]"; - LOG.info( error ); - fail( error ); - } - catch ( SecurityException se ) - { - assertTrue( "dropActiveRoles excep id check", - se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE ); - } - } - } - } - catch ( SecurityException ex ) - { - LOG.error( - "dropActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } - - - public static void addActiveRolesDSD( String msg, String[][] uArray, String[][] sArray ) - { - LogUtil.logIt( msg ); - try - { - AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() ); - int i = 0; - for ( String[] usr : uArray ) - { - SDSet dsd = RoleTestData.getSDSet( sArray[i++] ); - //Set roles = dsd.getMembers().keySet(); - Set roles = dsd.getMembers(); - User user = UserTestData.getUser( usr ); - Session session = accessMgr.authenticate( user.getUserId(), user.getPassword() ); - int j = 0; - for ( String role : roles ) - { - j++; - try - { - assertNotNull( session ); - - // Activate Role(s): - accessMgr.addActiveRole( session, new UserRole( role ) ); - if ( j >= dsd.getCardinality() ) - { - fail( CLS_NM + ".addActiveRolesDSD user [" + user.getUserId() + "] role [" + role - + "] ssd [" + dsd.getName() + "] cardinality [" + dsd.getCardinality() + "] count [" - + j + "] failed" ); - } - } - catch ( SecurityException ex ) - { - assertTrue( CLS_NM + ".addActiveRolesDSD cardinality test failed user [" + user.getUserId() - + "] role [" + role + "] ssd [" + dsd.getName() + "] cardinality [" + dsd.getCardinality() - + "] count [" + j + "]", j >= ( dsd.getCardinality() ) ); - assertTrue( - CLS_NM + ".addActiveRolesDSD cardinality test failed [" + UserTestData.getUserId( usr ) - + "]", ex.getErrorId() == GlobalErrIds.DSD_VALIDATION_FAILED ); - // still good, break from loop, we're done here - break; - } - } - } - } - catch ( SecurityException ex ) - { - LOG.error( - "addActiveRolesDSD caught SecurityException rc=" + ex.getErrorId() + ", msg=" - + ex.getMessage(), ex ); - fail( ex.getMessage() ); - } - } -} \ No newline at end of file