1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.services.security.registry;
18
19
20 import java.util.Iterator;
21 import java.util.Vector;
22
23 import junit.awtui.TestRunner;
24 import junit.framework.Test;
25 import junit.framework.TestSuite;
26
27 import org.apache.jetspeed.om.BaseSecurityReference;
28 import org.apache.jetspeed.om.SecurityReference;
29 import org.apache.jetspeed.om.profile.Entry;
30 import org.apache.jetspeed.om.profile.psml.PsmlEntry;
31 import org.apache.jetspeed.om.registry.RegistryEntry;
32 import org.apache.jetspeed.om.registry.SecurityAccess;
33 import org.apache.jetspeed.om.registry.SecurityAllow;
34 import org.apache.jetspeed.om.registry.SecurityEntry;
35 import org.apache.jetspeed.om.registry.base.BaseSecurityAccess;
36 import org.apache.jetspeed.om.registry.base.BaseSecurityAllow;
37 import org.apache.jetspeed.om.registry.base.BaseSecurityEntry;
38 import org.apache.jetspeed.om.security.JetspeedUser;
39 import org.apache.jetspeed.services.JetspeedPortalAccessController;
40 import org.apache.jetspeed.services.JetspeedSecurity;
41 import org.apache.jetspeed.services.Registry;
42 import org.apache.jetspeed.services.resources.JetspeedResources;
43 import org.apache.jetspeed.services.security.JetspeedGroupManagement;
44 import org.apache.jetspeed.services.security.JetspeedRoleManagement;
45 import org.apache.jetspeed.test.JetspeedTestCase;
46 import org.apache.turbine.util.StringUtils;
47 import org.apache.turbine.util.TurbineConfig;
48
49 /***
50 * TestAccessController
51 *
52 * @author <a href="paulsp@apache.org">Paul Spencer</a>
53 * @version $Id: TestAccessController.java,v 1.1 2004/04/07 22:02:43 jford Exp $
54 */
55 public class TestAccessController extends JetspeedTestCase
56 {
57
58 private static String ADMIN_PORTLET = "GlobalAdminPortlet";
59 private static SecurityReference adminSecurityRef = new BaseSecurityReference();
60 private static String ALL_PORTLET = "HelloVelocity";
61 private static SecurityReference defaultSecurityRef = new BaseSecurityReference();
62 private static String TEST_GROUP = "Jetspeed";
63 private static String TEST_SECURITY_PAGE = "SecurityTest";
64 private static String USER_PORTLET = "SkinBrowser";
65 private static String USERANON_PORTLET = "Welcome";
66 private static SecurityReference userSecurityRef = new BaseSecurityReference();
67 private static SecurityReference userAllAnonViewSecurityRef = new BaseSecurityReference();
68
69 /***
70 * Defines the testcase name for JUnit.
71 *
72 * @param name the testcase's name.
73 */
74 public TestAccessController( String name )
75 {
76 super( name );
77 }
78
79 /***
80 * Start the tests.
81 *
82 * @param args the arguments. Not used
83 */
84 public static void main(String args[])
85 {
86 TestRunner.main( new String[]
87 { TestAccessController.class.getName() } );
88 }
89
90 public void setup()
91 {
92 System.out.println("Setup: Testing categories of Profiler Service");
93 }
94 /***
95 * Creates the test suite.
96 *
97 * @return a test suite (<code>TestSuite</code>) that includes all methods
98 * starting with "test"
99 */
100 public static Test suite()
101 {
102
103 return new TestSuite( TestAccessController.class );
104 }
105
106 public void testVerifyEnvironment() throws Exception
107 {
108 assertEquals( "Using TurbineAccessController",
109 "org.apache.jetspeed.services.security.registry.RegistryAccessController",
110 JetspeedResources.getString("services.PortalAccessController.classname"));
111
112 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", null, "admin", null, "*"));
113 assertNotNull( "Getting admin_only security " , Registry.getEntry( Registry.SECURITY, "admin_only"));
114 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", null, "user", null, "*"));
115 assertNotNull( "Getting user_only security " , Registry.getEntry( Registry.SECURITY, "user_only"));
116 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, null, null, "*"));
117 assertNotNull( "Getting wide_open security " , Registry.getEntry( Registry.SECURITY, "wide_open"));
118
119
120
121
122
123
124
125
126
127
128
129
130
131 Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", null, "user", null, "*"));
132 assertNotNull( "Getting all_users-view_anon security " , Registry.getEntry( Registry.SECURITY, "all_users-view_anon"));
133 SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "all_users-view_anon");
134 Vector accessVector = secEntry.getAccesses();
135 assertEquals( "Getting number of accesses for all_users-view_anon", 1, accessVector.size());
136 BaseSecurityAllow allowElement = new BaseSecurityAllow();
137 allowElement.setRole("guest");
138 Vector allowVector = new Vector();
139 allowVector.addElement(allowElement);
140 BaseSecurityAccess accessElement = new BaseSecurityAccess();
141 accessElement.setAction("view");
142 accessElement.setAllows( allowVector );
143 accessVector.addElement(accessElement);
144 secEntry.setAccesses(accessVector);
145 assertEquals( "Getting number of accesses for all_users-view_anon", 2, secEntry.getAccesses().size());
146
147
148 assertNotNull( "Getting admin user", JetspeedSecurity.getUser("admin"));
149 assertTrue( "Admin user has Admin role", JetspeedRoleManagement.hasRole("admin","admin"));
150 assertTrue( "Admin user has User role", JetspeedRoleManagement.hasRole("admin","user"));
151 assertNotNull( "Getting turbine user", JetspeedSecurity.getUser("turbine"));
152 assertTrue( "Turbine user does not have Admin role", !JetspeedRoleManagement.hasRole("turbine","admin"));
153 assertTrue( "Turbine user has User role", JetspeedRoleManagement.hasRole("turbine","user"));
154 assertNotNull( "Getting anonymous user", JetspeedSecurity.getAnonymousUser());
155 assertTrue( "anonymous user does not have Admin role", !JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"admin"));
156 assertTrue( "anonymous user does not have User role", !JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"user"));
157 assertTrue( "anonymous user does not have Guest role", JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"guest"));
158
159 assertNotNull( "adminSecurityRef", adminSecurityRef);
160 adminSecurityRef.setParent("admin_only");
161 assertNotNull( "Getting security for " + adminSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, adminSecurityRef.getParent()));
162
163 assertNotNull( "userSecurityRef", userSecurityRef);
164 userSecurityRef.setParent("user_only");
165 assertNotNull( "Getting security for " + userSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, userSecurityRef.getParent()));
166
167 assertNotNull( "defaultSecurityRef", defaultSecurityRef);
168 defaultSecurityRef.setParent("wide_open");
169 assertNotNull( "Getting security for " + defaultSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent()));
170
171 assertNotNull( "userAllAnonViewSecurityRef", userAllAnonViewSecurityRef);
172 userAllAnonViewSecurityRef.setParent("all_users-view_anon");
173 assertNotNull( "Getting security for " + userAllAnonViewSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent()));
174
175 }
176
177 public void testRequiredActions() throws Exception
178 {
179 JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
180 assertNotNull( "Getting admin user", adminUser);
181 adminUser.setHasLoggedIn(Boolean.TRUE);
182
183 JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
184 assertNotNull( "Getting turbine user", turbineUser);
185 turbineUser.setHasLoggedIn(Boolean.TRUE);
186
187 JetspeedUser anonymousUser = (JetspeedUser) JetspeedSecurity.getAnonymousUser();
188 assertNotNull( "Getting anonymous user", anonymousUser);
189 Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin", adminSecurityRef);
190 Entry userEntry = createEntry( USER_PORTLET, "ST_01.user", userSecurityRef);
191 Entry allEntry = createEntry( ALL_PORTLET, "ST_01.all", defaultSecurityRef);
192 Entry userAnonEntry = createEntry( USERANON_PORTLET, "ST_01.userAnon", userAllAnonViewSecurityRef);
193
194 assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
195 assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
196 assertEquals( "Anonymous user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, adminEntry, "view"));
197
198 assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
199 assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
200 assertEquals( "Anonymous user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userEntry, "view"));
201
202 assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
203 assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
204 assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
205
206 assertEquals( "Admin user has view access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userAnonEntry, "view"));
207 assertEquals( "Admin user has maximize access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userAnonEntry, "maximize"));
208 assertEquals( "Anonymous user has view access to " + USERANON_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "view"));
209 assertEquals( "Anonymous user has maximize access to " + USERANON_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "maximize"));
210 }
211
212 public void testRolesAndGroups() throws Exception
213 {
214
215
216
217
218
219
220
221
222
223
224 assertEquals( "Using RegistryAccessController",
225 "org.apache.jetspeed.services.security.registry.RegistryAccessController",
226 JetspeedResources.getString("services.PortalAccessController.classname"));
227
228 SecurityEntry paav = createSecurityEntry( "powerusers_all-anon_view", "apache", "admin", null, "*");
229 Registry.addEntry(Registry.SECURITY, (RegistryEntry) paav);
230 assertNotNull( "Getting powerusers_all-anon_view" , Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view"));
231
232 SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view");
233 Vector accessVector = secEntry.getAccesses();
234
235 for (Iterator it = accessVector.iterator(); it.hasNext();)
236 {
237 SecurityAccess access = (SecurityAccess) it.next();
238 System.out.println("Action:" + access.getAction().toString());
239
240 Vector allAllows = access.getAllAllows();
241 for (Iterator it1 = allAllows.iterator(); it1.hasNext();)
242 {
243 SecurityAllow allow = (SecurityAllow) it1.next();
244 System.out.println("Allow group: " + allow.getGroup() + ", role: " + allow.getRole() + ", user: " + allow.getUser());
245 }
246 }
247
248 SecurityReference secRef = new BaseSecurityReference();
249 secRef.setParent("powerusers_all-anon_view");
250 Entry adminEntry = createEntry(ADMIN_PORTLET, "ST_01.apache.admin", secRef);
251
252 JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
253 assertNotNull( "Getting turbine user", turbineUser);
254 turbineUser.setHasLoggedIn(Boolean.TRUE);
255
256 try
257 {
258 JetspeedGroupManagement.joinGroup("turbine", "apache", "admin");
259 }
260 catch (Exception e)
261 {
262 e.printStackTrace();
263 }
264
265 assertEquals( "Turbine user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
266
267 try
268 {
269 JetspeedGroupManagement.unjoinGroup("turbine", "apache", "admin");
270 }
271 catch (Exception e)
272 {
273 e.printStackTrace();
274 }
275
276 assertEquals( "Turbine user has no view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
277 }
278
279
280
281
282
283
284
285
286
287 private static TurbineConfig config = null;
288
289
290
291
292
293 static
294 {
295 try
296 {
297 config = new TurbineConfig( "webapp", "/WEB-INF/conf/TurbineResources.properties");
298 config.init();
299 }
300 catch (Exception e)
301 {
302 fail(StringUtils.stackTrace(e));
303 }
304 }
305
306 private PsmlEntry createEntry(String parent, String entryId, SecurityReference security)
307 {
308 PsmlEntry entry = new PsmlEntry();
309 entry.setParent( parent);
310 if (entryId != null)
311 entry.setId( entryId);
312 if (security != null)
313 entry.setSecurityRef( security);
314 return entry;
315 }
316
317 private SecurityEntry createSecurityEntry( String name, String group, String role, String user, String action)
318 {
319 Vector allowVector = null;
320 if (role != null || group != null || user != null)
321 {
322 BaseSecurityAllow allowElement = new BaseSecurityAllow();
323 allowElement.setRole(role);
324 allowElement.setGroup(group);
325 allowElement.setUser(user);
326 allowVector = new Vector();
327 allowVector.addElement(allowElement);
328 }
329
330 BaseSecurityAccess accessElement = new BaseSecurityAccess();
331 accessElement.setAction(action);
332 accessElement.setAllows( allowVector );
333 Vector accessVector = new Vector();
334 accessVector.addElement(accessElement);
335
336 BaseSecurityEntry securityEntry = new BaseSecurityEntry();
337 securityEntry.setName(name);
338 securityEntry.setAccesses( accessVector);
339 return securityEntry;
340 }
341
342 }