TestAccessController xref


1   /*
2    * Copyright 2000-2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.services.security.turbine;
18  
19  
20  // Jetspeed imports
21  import org.apache.jetspeed.test.JetspeedTestCase;
22  import org.apache.jetspeed.om.profile.Entry;
23  import org.apache.jetspeed.om.profile.psml.PsmlEntry;
24  import org.apache.jetspeed.om.security.JetspeedUser;
25  import org.apache.jetspeed.om.registry.base.BaseSecurity;
26  import org.apache.jetspeed.om.registry.base.BasePortletEntry;
27  import org.apache.jetspeed.om.registry.base.BaseParameter;
28  import org.apache.jetspeed.om.registry.Parameter;
29  import org.apache.jetspeed.om.registry.PortletEntry;
30  import org.apache.jetspeed.om.registry.Security;
31  
32  import org.apache.jetspeed.services.JetspeedSecurity;
33  import org.apache.jetspeed.services.JetspeedPortalAccessController;
34  import org.apache.jetspeed.services.resources.JetspeedResources;
35  import org.apache.jetspeed.services.security.PortalResource;
36  
37  // Turbine imports
38  import org.apache.turbine.util.TurbineConfig;
39  import org.apache.turbine.util.StringUtils;
40  
41  // Junit imports
42  import junit.awtui.TestRunner;
43  import junit.framework.Test;
44  import junit.framework.TestSuite;
45  
46  /***
47   * TestAccessController
48   *
49   * @author <a href="paulsp@apache.org">Paul Spencer</a>
50   * @version $Id: TestAccessController.java,v 1.1 2004/04/07 22:02:42 jford Exp $
51   */
52  public class TestAccessController extends JetspeedTestCase
53  {
54      private static String ADMIN_PORTLET = "GlobalAdminPortlet"; // Portlet accessable by Admin user, role = admin
55      private static String ALL_PORTLET = "HelloVelocity";  // Portlet accessable by Anonymous user
56      private static String TEST_GROUP = "Jetspeed";
57      private static String TEST_SECURITY_PAGE = "SecurityTest";
58      private static String USER_PORTLET = "SkinBrowser"; // Portlet accessable by general user, role = user
59  
60      /***
61       * Defines the testcase name for JUnit.
62       *
63       * @param name the testcase's name.
64       */
65      public TestAccessController( String name )
66      {
67          super( name );
68      }
69      
70      /***
71       * Start the tests.
72       *
73       * @param args the arguments. Not used
74       */
75      public static void main(String args[])
76      {
77          TestRunner.main( new String[]
78          { TestAccessController.class.getName() } );
79      }
80      
81      public void setup()
82      {
83          System.out.println("Setup: Testing categories of Profiler Service");
84      }
85      /***
86       * Creates the test suite.
87       *
88       * @return a test suite (<code>TestSuite</code>) that includes all methods
89       *         starting with "test"
90       */
91      public static Test suite()
92      {
93          // All methods starting with "test" will be executed in the test suite.
94          return new TestSuite( TestAccessController.class );
95      }
96      
97      public void testVerifyEnvironment() throws Exception
98      {
99          assertEquals( "Using TurbineAccessController",
100         "org.apache.jetspeed.services.security.turbine.TurbineAccessController",
101         JetspeedResources.getString("services.PortalAccessController.classname"));
102         
103         assertNotNull( "Getting admin user", JetspeedSecurity.getUser("admin"));
104         assertNotNull( "Getting turbine user", JetspeedSecurity.getUser("turbine"));
105         assertNotNull( "Getting anonymous user", JetspeedSecurity.getAnonymousUser());
106     }
107         
108     public void testRequiredActions() throws Exception
109     {
110         JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
111         assertNotNull( "Getting admin user", adminUser);
112         adminUser.setHasLoggedIn(Boolean.TRUE);
113         
114         JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
115         assertNotNull( "Getting turbine user", turbineUser);
116         turbineUser.setHasLoggedIn(Boolean.TRUE);
117         
118         JetspeedUser anonymousUser =  (JetspeedUser) JetspeedSecurity.getAnonymousUser();
119         assertNotNull( "Getting anonymous user", anonymousUser);
120         Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin");
121         Entry userEntry = createEntry(USER_PORTLET, "ST_01.user");
122         Entry allEntry = createEntry(ALL_PORTLET, "ST_01.all");
123         
124         assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
125 //        assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
126 
127 //        assertEquals( "Anonymous user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, adminEntry, "view"));
128 //        assertEquals( "null user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, adminEntry, "view"));
129         
130         assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
131         assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
132  //       assertEquals( "Anonymous user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userEntry, "view"));
133 //        assertEquals( "null user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, userEntry, "view"));
134         
135         assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
136         assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
137         assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
138         assertEquals( "null user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, allEntry, "view"));
139     }
140 
141     public void testRegistryActions() throws Exception
142     {
143         JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
144         assertNotNull( "Getting admin user", adminUser);
145         adminUser.setHasLoggedIn(Boolean.TRUE);
146         
147         JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
148         assertNotNull( "Getting turbine user", turbineUser);
149         turbineUser.setHasLoggedIn(Boolean.TRUE);
150         
151         JetspeedUser anonymousUser =  (JetspeedUser) JetspeedSecurity.getAnonymousUser();
152         assertNotNull( "Getting anonymous user", anonymousUser);
153         // Create security objects
154         Security adminSecurity = new BaseSecurity("admin");
155         assertNotNull( "Have admin security", adminSecurity);
156         Security userSecurity = new BaseSecurity("user");
157         assertNotNull( "Have user security", userSecurity);
158 
159         PortletEntry userPortletEntry = new BasePortletEntry();
160         assertNotNull( "Have userPortletEntry", userPortletEntry);
161         userPortletEntry.setName( USER_PORTLET);
162         userPortletEntry.setSecurity( userSecurity);
163         Parameter adminParam = new BaseParameter();
164         assertNotNull( "Have adminParameter", adminParam);
165         adminParam.setName("AdminParam");
166         adminParam.setValue("adminValue");
167         adminParam.setSecurity(adminSecurity);
168         userPortletEntry.addParameter(adminParam);
169 
170         Parameter userParam = new BaseParameter();
171         assertNotNull( "Have userParameter", userParam);
172         userParam.setName("UserParam");
173         userParam.setValue("userValue");
174         userParam.setSecurity(userSecurity);
175         userPortletEntry.addParameter(userParam);
176         assertEquals( "Admin user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( adminUser, new PortalResource( userPortletEntry, adminParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
177         assertEquals( "Turbine user customize access to admin parameter", false, JetspeedPortalAccessController.checkPermission( turbineUser, new PortalResource( userPortletEntry, adminParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
178         assertEquals( "Admin user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( adminUser, new PortalResource( userPortletEntry, userParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
179         assertEquals( "Turbine user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( turbineUser, new PortalResource( userPortletEntry, userParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
180         
181 /*
182         RegistryEntry adminEntry = createRegistryEntry( ADMIN_PORTLET, "ST_01.admin");
183         RegistryEntry userEntry = createRegistryEntry( USER_PORTLET, "ST_01.user");
184         RegistryEntry allEntry = createRegistryEntry( ALL_PORTLET, "ST_01.all");
185         
186         assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
187         assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
188         assertEquals( "Anonymous user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, adminEntry, "view"));
189         assertEquals( "null user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, adminEntry, "view"));
190         
191         assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
192         assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
193         assertEquals( "Anonymous user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userEntry, "view"));
194         assertEquals( "null user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, userEntry, "view"));
195         
196         assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
197         assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
198         assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
199         assertEquals( "null user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, allEntry, "view"));
200 */
201     }
202     /*
203      * Setup Turbine environment
204      */
205     
206     /*
207      * Configuration object to run Turbine outside a servlet container
208      * ( uses turbine.properties )
209      */
210     private static TurbineConfig config = null;
211     
212     /*
213      * Sets up TurbineConfig using the system property:
214      * <pre>turbine.properties</pre>
215      */
216     static
217     {
218         try
219         {
220             config = new TurbineConfig( "webapp", "/WEB-INF/conf/TurbineResources.properties");
221             config.init();
222         }
223         catch (Exception e)
224         {
225             fail(StringUtils.stackTrace(e));
226         }
227     }
228     
229     private PsmlEntry createEntry(java.lang.String parent, java.lang.String id)
230     {
231         PsmlEntry entry = new PsmlEntry();
232         entry.setParent( parent);
233         if (id != null)
234             entry.setId( id);
235         return entry;
236     }
237 }