portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject cvs commit: jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security TestRdbmsPolicyFolder.java
Date Sat, 18 Sep 2004 05:27:12 GMT
taylor      2004/09/17 22:27:12

  Added:       components/security/src/test/org/apache/jetspeed/security
                        TestRdbmsPolicyFolder.java
  Log:
  Unit test for FolderPermission to support inherited permissions a la Java File Permission
  Patch provided by Christophe Lombard
  
  CVS: ----------------------------------------------------------------------
  CVS: PR:
  CVS:   If this change addresses a PR in the problem report tracking
  CVS:   database, then enter the PR number(s) here.
  CVS: Obtained from:
  CVS:   If this change has been taken from another system, such as NCSA,
  CVS:   then name the system in this line, otherwise delete it.
  CVS: Submitted by:
  CVS:   If this code has been contributed to Apache by someone else; i.e.,
  CVS:   they sent us a patch or a new module, then include their name/email
  CVS:   address here. If this is your work then delete this line.
  CVS: Reviewed by:
  CVS:   If we are doing pre-commit code reviews and someone else has
  CVS:   reviewed your changes, include their name(s) here.
  CVS:   If you have not had it reviewed then delete this line.
  
  Revision  Changes    Path
  1.1                  jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java
  
  Index: TestRdbmsPolicyFolder.java
  ===================================================================
  /* Copyright 2004 Apache Software Foundation
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *     http://www.apache.org/licenses/LICENSE-2.0
   *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  package org.apache.jetspeed.security;
  
  import java.security.AccessControlException;
  import java.security.AccessController;
  import java.security.PrivilegedAction;
  
  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
  
  import junit.framework.Test;
  import junit.framework.TestSuite;
  
  import org.apache.jetspeed.security.FolderPermission;
  import org.apache.jetspeed.security.SecurityException;
  import org.apache.jetspeed.security.UserPrincipal;
  import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
  import org.apache.jetspeed.security.impl.UserPrincipalImpl;
  
  /**
   * @author <a href="mailto:christophe.lombart@sword-technologies.com">Christophe Lombart</a>
   * @version $Id: TestRdbmsPolicyFolder.java,v 1.1 2004/09/18 05:27:12 taylor Exp $
   */
  public class TestRdbmsPolicyFolder extends AbstractSecurityTestcase
  {
      /** <p>The JAAS login context.</p> */
      private LoginContext loginContext = null;
  
      /**
       * <p>Defines the test case name for junit.</p>
       * @param testName The test case name.
       */
      public TestRdbmsPolicyFolder(String testName)
      {
          super(testName);
      }
  
      /**
       * @see junit.framework.TestCase#setUp()
       */
      public void setUp() throws Exception
      {
          super.setUp();
  
          initUser();
  
          // Let's login in.
          try
          {
              System.out.println("\t\t[TestRdbmsPolicy - Folder] Creating login context.");
              PassiveCallbackHandler pch = new PassiveCallbackHandler("anon", "password");
              loginContext = new LoginContext("jetspeed", pch);
              loginContext.login();
          }
          catch (LoginException le)
          {
              le.printStackTrace();
              assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to setup test.", false);
          }
  
      }
  
      /**
       * @see junit.framework.TestCase#tearDown()
       */
      public void tearDown() throws Exception
      {
  
          // Logout.
          try
          {
              loginContext.logout();
          }
          catch (LoginException le)
          {
              le.printStackTrace();
              assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to tear down test.", false);
          }
          destroyUser();
          super.tearDown();
      }
  
      public static Test suite()
      {
          // All methods starting with "test" will be executed in the test suite.
          return new TestSuite(TestRdbmsPolicy.class);
      }
  
      /**
       * Test simple permission on one document
       *
       */
      public void testSimplePermission()
      {
  
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
          }
          catch (AccessControlException ace)
          {
              assertTrue("did not authorize view permission on the Folder.", false);
          }
  
          // Should be denied.
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm2 = new FolderPermission("/files/test.xml", "secure");
                      AccessController.checkPermission(perm2);
                      return null;
                  }
              });
              assertTrue("did not deny update permission on the folder.", false);
          }
          catch (AccessControlException ace)
          {
          }
      }
  
      /**
       * Test permissions with wild card (eg. /file/*) & with recursive setting (eg. /files/-
) 
       *
       */
      public void testAdvancedPermission()
      {
  
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/subfolder1/test.xml",
"view");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
          }
          catch (AccessControlException ace)
          {
              fail("did not authorize view permission on the Folder.");
          }
  
          
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/subfolder1/foo",
"view");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
          }
          catch (AccessControlException ace)
          {
              fail("did not authorize view permission on the Folder.");
          }  
          
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/subfolder1/foo/anotherdoc.xml",
"view");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
              fail("Permission error - should not view the document ");
          }
          catch (AccessControlException ace)
          {
              // Correct behavior - not authorise to view the document
          }         
          
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/subfolder2/test.xml",
"view");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
          }
          catch (AccessControlException ace)
          {
              fail("did not authorize view permission on the Folder.");
          }
  
          
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/subfolder2/foo",
"view");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
          }
          catch (AccessControlException ace)
          {
              fail("did not authorize view permission on the Folder.");
          }
          
          try
          {
              Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
              {
                  public Object run()
                  {
                      FolderPermission perm1 = new FolderPermission("/files/subfolder2/foo/anotherdoc.xml",
"view");
                      AccessController.checkPermission(perm1);
                      return null;
                  }
              });
          }
          catch (AccessControlException ace)
          {
              fail("did not authorize view permission on the Folder.");
          }                
      }
  
  
      /**
       * <p>Initialize user test object.</p>
       */
      protected void initUser()
      {
          try
          {
              ums.addUser("anon", "password");
          }
          catch (SecurityException sex)
          {
          }
          
          UserPrincipal user = new UserPrincipalImpl("anon");
  
          FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
          FolderPermission perm2 = new FolderPermission("/files/subfolder1/*", "view");
          FolderPermission perm3 = new FolderPermission("/files/subfolder2/-", "view");
          try
          {
              pms.grantPermission(user, perm1);
              pms.grantPermission(user, perm2);
              pms.grantPermission(user, perm3);
          }
          catch (SecurityException sex)
          {
              sex.printStackTrace();
          }
      }
  
      /**
       * <p>Destroy user test object.</p>
       */
      protected void destroyUser() throws Exception
      {
          ums.removeUser("anon");
  
          FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
          FolderPermission perm2 = new FolderPermission("/files/subfolder1/*", "view");
          FolderPermission perm3 = new FolderPermission("/files/subfolder2/-", "view");
          pms.removePermission(perm1);
          pms.removePermission(perm2);
          pms.removePermission(perm3);
      }
  
  }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message