1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.services.security.turbine;
18
19
20
21 import org.apache.jetspeed.test.JetspeedTestCase;
22 import org.apache.jetspeed.om.profile.Entry;
23 import org.apache.jetspeed.om.profile.psml.PsmlEntry;
24 import org.apache.jetspeed.om.security.JetspeedUser;
25 import org.apache.jetspeed.om.registry.base.BaseSecurity;
26 import org.apache.jetspeed.om.registry.base.BasePortletEntry;
27 import org.apache.jetspeed.om.registry.base.BaseParameter;
28 import org.apache.jetspeed.om.registry.Parameter;
29 import org.apache.jetspeed.om.registry.PortletEntry;
30 import org.apache.jetspeed.om.registry.Security;
31
32 import org.apache.jetspeed.services.JetspeedSecurity;
33 import org.apache.jetspeed.services.JetspeedPortalAccessController;
34 import org.apache.jetspeed.services.resources.JetspeedResources;
35 import org.apache.jetspeed.services.security.PortalResource;
36
37
38 import org.apache.turbine.util.TurbineConfig;
39 import org.apache.turbine.util.StringUtils;
40
41
42 import junit.awtui.TestRunner;
43 import junit.framework.Test;
44 import junit.framework.TestSuite;
45
46 /***
47 * TestAccessController
48 *
49 * @author <a href="paulsp@apache.org">Paul Spencer</a>
50 * @version $Id: TestAccessController.java,v 1.1 2004/04/07 22:02:42 jford Exp $
51 */
52 public class TestAccessController extends JetspeedTestCase
53 {
54 private static String ADMIN_PORTLET = "GlobalAdminPortlet";
55 private static String ALL_PORTLET = "HelloVelocity";
56 private static String TEST_GROUP = "Jetspeed";
57 private static String TEST_SECURITY_PAGE = "SecurityTest";
58 private static String USER_PORTLET = "SkinBrowser";
59
60 /***
61 * Defines the testcase name for JUnit.
62 *
63 * @param name the testcase's name.
64 */
65 public TestAccessController( String name )
66 {
67 super( name );
68 }
69
70 /***
71 * Start the tests.
72 *
73 * @param args the arguments. Not used
74 */
75 public static void main(String args[])
76 {
77 TestRunner.main( new String[]
78 { TestAccessController.class.getName() } );
79 }
80
81 public void setup()
82 {
83 System.out.println("Setup: Testing categories of Profiler Service");
84 }
85 /***
86 * Creates the test suite.
87 *
88 * @return a test suite (<code>TestSuite</code>) that includes all methods
89 * starting with "test"
90 */
91 public static Test suite()
92 {
93
94 return new TestSuite( TestAccessController.class );
95 }
96
97 public void testVerifyEnvironment() throws Exception
98 {
99 assertEquals( "Using TurbineAccessController",
100 "org.apache.jetspeed.services.security.turbine.TurbineAccessController",
101 JetspeedResources.getString("services.PortalAccessController.classname"));
102
103 assertNotNull( "Getting admin user", JetspeedSecurity.getUser("admin"));
104 assertNotNull( "Getting turbine user", JetspeedSecurity.getUser("turbine"));
105 assertNotNull( "Getting anonymous user", JetspeedSecurity.getAnonymousUser());
106 }
107
108 public void testRequiredActions() throws Exception
109 {
110 JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
111 assertNotNull( "Getting admin user", adminUser);
112 adminUser.setHasLoggedIn(Boolean.TRUE);
113
114 JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
115 assertNotNull( "Getting turbine user", turbineUser);
116 turbineUser.setHasLoggedIn(Boolean.TRUE);
117
118 JetspeedUser anonymousUser = (JetspeedUser) JetspeedSecurity.getAnonymousUser();
119 assertNotNull( "Getting anonymous user", anonymousUser);
120 Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin");
121 Entry userEntry = createEntry(USER_PORTLET, "ST_01.user");
122 Entry allEntry = createEntry(ALL_PORTLET, "ST_01.all");
123
124 assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
125
126
127
128
129
130 assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
131 assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
132
133
134
135 assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
136 assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
137 assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
138 assertEquals( "null user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, allEntry, "view"));
139 }
140
141 public void testRegistryActions() throws Exception
142 {
143 JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
144 assertNotNull( "Getting admin user", adminUser);
145 adminUser.setHasLoggedIn(Boolean.TRUE);
146
147 JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
148 assertNotNull( "Getting turbine user", turbineUser);
149 turbineUser.setHasLoggedIn(Boolean.TRUE);
150
151 JetspeedUser anonymousUser = (JetspeedUser) JetspeedSecurity.getAnonymousUser();
152 assertNotNull( "Getting anonymous user", anonymousUser);
153
154 Security adminSecurity = new BaseSecurity("admin");
155 assertNotNull( "Have admin security", adminSecurity);
156 Security userSecurity = new BaseSecurity("user");
157 assertNotNull( "Have user security", userSecurity);
158
159 PortletEntry userPortletEntry = new BasePortletEntry();
160 assertNotNull( "Have userPortletEntry", userPortletEntry);
161 userPortletEntry.setName( USER_PORTLET);
162 userPortletEntry.setSecurity( userSecurity);
163 Parameter adminParam = new BaseParameter();
164 assertNotNull( "Have adminParameter", adminParam);
165 adminParam.setName("AdminParam");
166 adminParam.setValue("adminValue");
167 adminParam.setSecurity(adminSecurity);
168 userPortletEntry.addParameter(adminParam);
169
170 Parameter userParam = new BaseParameter();
171 assertNotNull( "Have userParameter", userParam);
172 userParam.setName("UserParam");
173 userParam.setValue("userValue");
174 userParam.setSecurity(userSecurity);
175 userPortletEntry.addParameter(userParam);
176 assertEquals( "Admin user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( adminUser, new PortalResource( userPortletEntry, adminParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
177 assertEquals( "Turbine user customize access to admin parameter", false, JetspeedPortalAccessController.checkPermission( turbineUser, new PortalResource( userPortletEntry, adminParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
178 assertEquals( "Admin user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( adminUser, new PortalResource( userPortletEntry, userParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
179 assertEquals( "Turbine user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( turbineUser, new PortalResource( userPortletEntry, userParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201 }
202
203
204
205
206
207
208
209
210 private static TurbineConfig config = null;
211
212
213
214
215
216 static
217 {
218 try
219 {
220 config = new TurbineConfig( "webapp", "/WEB-INF/conf/TurbineResources.properties");
221 config.init();
222 }
223 catch (Exception e)
224 {
225 fail(StringUtils.stackTrace(e));
226 }
227 }
228
229 private PsmlEntry createEntry(java.lang.String parent, java.lang.String id)
230 {
231 PsmlEntry entry = new PsmlEntry();
232 entry.setParent( parent);
233 if (id != null)
234 entry.setId( id);
235 return entry;
236 }
237 }