jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mreut...@apache.org
Subject svn commit: r157952 - in incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test: AbstractJCRTest.java api/CheckPermissionTest.java api/ImpersonateTest.java api/SessionReadMethodsTest.java api/TestAll.java
Date Thu, 17 Mar 2005 18:04:42 GMT
Author: mreutegg
Date: Thu Mar 17 10:04:40 2005
New Revision: 157952

URL: http://svn.apache.org/viewcvs?view=rev&rev=157952
Log:
Test cases for Session.impersonate() and Session.checkPermission()

Added:
    incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/CheckPermissionTest.java
  (with props)
    incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/ImpersonateTest.java
  (with props)
Modified:
    incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/AbstractJCRTest.java
    incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/SessionReadMethodsTest.java
    incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/TestAll.java

Modified: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/AbstractJCRTest.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/AbstractJCRTest.java?view=diff&r1=157951&r2=157952
==============================================================================
--- incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/AbstractJCRTest.java (original)
+++ incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/AbstractJCRTest.java Thu
Mar 17 10:04:40 2005
@@ -125,6 +125,11 @@
     protected String jcrMergeFailed;
 
     /**
+     * JCR Name jcr:system using the namespace resolver of the current session.
+     */
+    protected String jcrSystem;
+
+    /**
      * JCR Name nt:base using the namespace resolver of the current session.
      */
     protected String ntBase;
@@ -290,6 +295,7 @@
         jcrLockOwner = superuser.getNamespacePrefix(NS_JCR_URI) + ":lockOwner";
         jcrlockIsDeep = superuser.getNamespacePrefix(NS_JCR_URI) + ":lockIsDeep";
         jcrMergeFailed = superuser.getNamespacePrefix(NS_JCR_URI) + ":mergeFailed";
+        jcrSystem = superuser.getNamespacePrefix(NS_JCR_URI) + ":system";
         ntBase = superuser.getNamespacePrefix(NS_NT_URI) + ":base";
         ntVersion = superuser.getNamespacePrefix(NS_NT_URI) + ":version";
         ntVersionHistory = superuser.getNamespacePrefix(NS_NT_URI) + ":versionHistory";

Added: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/CheckPermissionTest.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/CheckPermissionTest.java?view=auto&rev=157952
==============================================================================
--- incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/CheckPermissionTest.java
(added)
+++ incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/CheckPermissionTest.java
Thu Mar 17 10:04:40 2005
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.test.api;
+
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+import javax.jcr.Session;
+
+import java.security.AccessControlException;
+
+/**
+ * Tests if {@link Session#checkPermission(String, String)} yields the correct
+ * permissions for a read-only session and a 'superuser' session.
+ *
+ * @test
+ * @sources CheckPermissionTest.java
+ * @executeClass org.apache.jackrabbit.test.api.CheckPermissionTest
+ * @keywords level2
+ */
+public class CheckPermissionTest extends AbstractJCRTest {
+
+    /**
+     * Tests if <code>Session.checkPermission(String, String)</code> works
+     * properly: <ul> <li>Returns quietly if access is permitted.</li>
+     * <li>Throws an {@link java.security.AccessControlException) if access is
+     * denied.</li> </ul>
+     */
+    public void testCheckPermission() throws Exception {
+        testRootNode.addNode(nodeName2);
+        superuser.save();
+
+        Session readOnly = helper.getReadOnlySession();
+        try {
+            permissionCheckReadOnly(readOnly);
+            permissionCheckReadWrite(superuser);
+        } finally {
+            readOnly.logout();
+        }
+    }
+
+    /**
+     * Helper function used in testCheckPermission checks if a read-only session
+     * has the correct permissions
+     */
+    private void permissionCheckReadOnly(Session readOnly) throws Exception {
+        String pathPrefix = (testRoot.length() == 1) ? testRoot : testRoot + "/";
+        readOnly.checkPermission(testRoot, "read");
+
+        try {
+            readOnly.checkPermission(pathPrefix + nodeName1, "add_node");
+            fail("add_node permission granted to read-only Session");
+        } catch (AccessControlException success) {
+            // ok
+        }
+
+        try {
+            readOnly.checkPermission(pathPrefix + nodeName1, "set_property");
+            fail("set_property permission granted to read-only Session");
+        } catch (AccessControlException success) {
+            // ok
+        }
+
+        try {
+            readOnly.checkPermission(pathPrefix + nodeName2, "remove");
+            fail("remove permission granted to read-only Session");
+        } catch (AccessControlException success) {
+            // ok
+        }
+    }
+
+    /**
+     * Helper function used in testCheckPermission checks if a read-write
+     * session has the correct permissions
+     */
+    private void permissionCheckReadWrite(Session readWrite) throws Exception {
+        String pathPrefix = (testRoot.length() == 1) ? testRoot : testRoot + "/";
+        readWrite.checkPermission(testRoot, "read");
+        readWrite.checkPermission(pathPrefix + nodeName1, "add_node");
+        readWrite.checkPermission(pathPrefix + propertyName1, "set_property");
+        readWrite.checkPermission(pathPrefix + nodeName2, "remove");
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/CheckPermissionTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/ImpersonateTest.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/ImpersonateTest.java?view=auto&rev=157952
==============================================================================
--- incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/ImpersonateTest.java
(added)
+++ incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/ImpersonateTest.java
Thu Mar 17 10:04:40 2005
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.test.api;
+
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+import javax.jcr.Session;
+import javax.jcr.Credentials;
+import javax.jcr.NodeIterator;
+import javax.jcr.Node;
+import java.security.AccessControlException;
+
+/**
+ * Tests if {@link Session#impersonate(Credentials)} to a read-only session
+ * respects access controls.
+ *
+ * @test
+ * @sources ImpersonateTest.java
+ * @executeClass org.apache.jackrabbit.test.api.ImpersonateTest
+ * @keywords level2
+ */
+public class ImpersonateTest extends AbstractJCRTest {
+
+    /**
+     * Tests if <code>Session.impersonate(Credentials)</code> works properly
+     */
+    public void testImpersonate() throws Exception {
+        // impersonate to read-only user
+        Session session = superuser.impersonate(helper.getReadOnlyCredentials());
+
+        // get a path to test the permissions on
+        String thePath = "";
+        NodeIterator ni = session.getRootNode().getNodes();
+        while (ni.hasNext()) {
+            Node n = ni.nextNode();
+            if (!n.getPath().equals("/" + jcrSystem)) {
+                thePath = n.getPath();
+                break;
+            }
+        }
+
+        // check that all 4 permissions are granted/denied correctly
+        session.checkPermission(thePath, "read");
+
+        try {
+            session.checkPermission(thePath + "/" + nodeName1, "add_node");
+            fail("add_node permission on \"" + thePath + "/" + nodeName1 + "\" granted to
read-only Session");
+        } catch (AccessControlException success) {
+            // ok
+        }
+
+        try {
+            session.checkPermission(thePath + "/" + propertyName1, "set_property");
+            fail("set_property permission on \"" + thePath + "/" + propertyName1 + "\" granted
to read-only Session");
+        } catch (AccessControlException success) {
+            // ok
+        }
+
+        try {
+            session.checkPermission(thePath, "remove");
+            fail("remove permission on \"" + thePath + "\" granted to read-only Session");
+        } catch (AccessControlException success) {
+            // ok
+        }
+
+        session.logout();
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/ImpersonateTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/SessionReadMethodsTest.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/SessionReadMethodsTest.java?view=diff&r1=157951&r2=157952
==============================================================================
--- incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/SessionReadMethodsTest.java
(original)
+++ incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/SessionReadMethodsTest.java
Thu Mar 17 10:04:40 2005
@@ -27,6 +27,8 @@
 import javax.jcr.ItemNotFoundException;
 import javax.jcr.NodeIterator;
 
+import java.security.AccessControlException;
+
 /**
  * <code>SessionReadMethodsTest</code>...
  *

Modified: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/TestAll.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/TestAll.java?view=diff&r1=157951&r2=157952
==============================================================================
--- incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/TestAll.java (original)
+++ incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/test/api/TestAll.java Thu Mar
17 10:04:40 2005
@@ -116,6 +116,9 @@
         suite.addTestSuite(WorkspaceMoveTest.class);
         suite.addTestSuite(WorkspaceMoveVersionableTest.class);
 
+        suite.addTestSuite(ImpersonateTest.class);
+        suite.addTestSuite(CheckPermissionTest.class);
+
         return suite;
     }
 }



Mime
View raw message