You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by to...@apache.org on 2016/05/10 15:24:40 UTC
svn commit: r1743213 - in
/sling/trunk/contrib/extensions/distribution/core/src:
main/java/org/apache/sling/distribution/agent/impl/
test/java/org/apache/sling/distribution/agent/impl/
Author: tommaso
Date: Tue May 10 15:24:40 2016
New Revision: 1743213
URL: http://svn.apache.org/viewvc?rev=1743213&view=rev
Log:
SLING-5717 - added unit test for PrivilegeDistributionRequestAuthorizationStrategy
Added:
sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategyTest.java (with props)
Modified:
sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategy.java
Modified: sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategy.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategy.java?rev=1743213&r1=1743212&r2=1743213&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategy.java (original)
+++ sling/trunk/contrib/extensions/distribution/core/src/main/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategy.java Tue May 10 15:24:40 2016
@@ -48,6 +48,10 @@ public class PrivilegeDistributionReques
public void checkPermission(@Nonnull ResourceResolver resourceResolver, @Nonnull DistributionRequest distributionRequest) throws DistributionException {
Session session = resourceResolver.adaptTo(Session.class);
+ if (session == null) {
+ throw new DistributionException("cannot obtain a Session");
+ }
+
try {
if (DistributionRequestType.ADD.equals(distributionRequest.getRequestType())) {
checkPermissionForAdd(session, distributionRequest.getPaths());
Added: sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategyTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategyTest.java?rev=1743213&view=auto
==============================================================================
--- sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategyTest.java (added)
+++ sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategyTest.java Tue May 10 15:24:40 2016
@@ -0,0 +1,173 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.distribution.agent.impl;
+
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.distribution.DistributionRequest;
+import org.apache.sling.distribution.DistributionRequestType;
+import org.apache.sling.distribution.common.DistributionException;
+import org.junit.Test;
+
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * Tests for {@link PrivilegeDistributionRequestAuthorizationStrategy}
+ */
+public class PrivilegeDistributionRequestAuthorizationStrategyTest {
+
+ @Test
+ public void testCheckPermissionWithoutSession() throws Exception {
+ String jcrPrivilege = "foo";
+ PrivilegeDistributionRequestAuthorizationStrategy strategy = new PrivilegeDistributionRequestAuthorizationStrategy(jcrPrivilege);
+ DistributionRequest distributionRequest = mock(DistributionRequest.class);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+ try {
+ strategy.checkPermission(resourceResolver, distributionRequest);
+ fail("permission check should fail without a Session");
+ } catch (DistributionException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testCheckPermissionWithSession() throws Exception {
+ String jcrPrivilege = "foo";
+ PrivilegeDistributionRequestAuthorizationStrategy strategy = new PrivilegeDistributionRequestAuthorizationStrategy(jcrPrivilege);
+ DistributionRequest distributionRequest = mock(DistributionRequest.class);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+ Session session = mock(Session.class);
+ when(resourceResolver.adaptTo(Session.class)).thenReturn(session);
+ strategy.checkPermission(resourceResolver, distributionRequest);
+ }
+
+ @Test
+ public void testNoPermissionOnAdd() throws Exception {
+ String jcrPrivilege = "somePermission";
+ PrivilegeDistributionRequestAuthorizationStrategy strategy = new PrivilegeDistributionRequestAuthorizationStrategy(jcrPrivilege);
+ DistributionRequest distributionRequest = mock(DistributionRequest.class);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+ Session session = mock(Session.class);
+ AccessControlManager acm = mock(AccessControlManager.class);
+ Privilege privilege = mock(Privilege.class);
+ when(acm.privilegeFromName(jcrPrivilege)).thenReturn(privilege);
+
+ when(session.getAccessControlManager()).thenReturn(acm);
+ when(resourceResolver.adaptTo(Session.class)).thenReturn(session);
+ String[] paths = new String[]{"/foo"};
+ for (String path : paths) {
+ when(acm.hasPrivileges(path, new Privilege[]{privilege})).thenReturn(false);
+ }
+ when(distributionRequest.getPaths()).thenReturn(paths);
+
+ when(distributionRequest.getRequestType()).thenReturn(DistributionRequestType.ADD);
+ try {
+ strategy.checkPermission(resourceResolver, distributionRequest);
+ fail("should throw an exception when ACM privilege check fails");
+ } catch (DistributionException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testPermissionOnAdd() throws Exception {
+ String jcrPrivilege = "somePermission";
+ PrivilegeDistributionRequestAuthorizationStrategy strategy = new PrivilegeDistributionRequestAuthorizationStrategy(jcrPrivilege);
+ DistributionRequest distributionRequest = mock(DistributionRequest.class);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+ Session session = mock(Session.class);
+ AccessControlManager acm = mock(AccessControlManager.class);
+ Privilege privilege = mock(Privilege.class);
+ when(acm.privilegeFromName(jcrPrivilege)).thenReturn(privilege);
+ Privilege jcrReadPrivilege = mock(Privilege.class);
+ when(acm.privilegeFromName(Privilege.JCR_READ)).thenReturn(jcrReadPrivilege);
+
+ when(session.getAccessControlManager()).thenReturn(acm);
+ when(resourceResolver.adaptTo(Session.class)).thenReturn(session);
+ String[] paths = new String[]{"/foo"};
+ for (String path : paths) {
+ when(acm.hasPrivileges(path, new Privilege[]{privilege, jcrReadPrivilege})).thenReturn(true);
+ }
+ when(distributionRequest.getPaths()).thenReturn(paths);
+
+ when(distributionRequest.getRequestType()).thenReturn(DistributionRequestType.ADD);
+ strategy.checkPermission(resourceResolver, distributionRequest);
+ }
+
+ @Test
+ public void testNoPermissionOnDelete() throws Exception {
+ String jcrPrivilege = "somePermission";
+ PrivilegeDistributionRequestAuthorizationStrategy strategy = new PrivilegeDistributionRequestAuthorizationStrategy(jcrPrivilege);
+ DistributionRequest distributionRequest = mock(DistributionRequest.class);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+ Session session = mock(Session.class);
+ AccessControlManager acm = mock(AccessControlManager.class);
+ Privilege privilege = mock(Privilege.class);
+ when(acm.privilegeFromName(jcrPrivilege)).thenReturn(privilege);
+
+ when(session.getAccessControlManager()).thenReturn(acm);
+ when(resourceResolver.adaptTo(Session.class)).thenReturn(session);
+ String[] paths = new String[]{"/foo"};
+ for (String path : paths) {
+ when(acm.hasPrivileges(path, new Privilege[]{privilege})).thenReturn(false);
+ when(session.nodeExists(path)).thenReturn(true);
+ }
+ when(distributionRequest.getPaths()).thenReturn(paths);
+
+ when(distributionRequest.getRequestType()).thenReturn(DistributionRequestType.DELETE);
+ try {
+ strategy.checkPermission(resourceResolver, distributionRequest);
+ fail("should throw an exception when ACM privilege check fails");
+ } catch (DistributionException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testPermissionOnDelete() throws Exception {
+ String jcrPrivilege = "somePermission";
+ PrivilegeDistributionRequestAuthorizationStrategy strategy = new PrivilegeDistributionRequestAuthorizationStrategy(jcrPrivilege);
+ DistributionRequest distributionRequest = mock(DistributionRequest.class);
+ ResourceResolver resourceResolver = mock(ResourceResolver.class);
+ Session session = mock(Session.class);
+ AccessControlManager acm = mock(AccessControlManager.class);
+ Privilege privilege = mock(Privilege.class);
+ when(acm.privilegeFromName(jcrPrivilege)).thenReturn(privilege);
+ Privilege jcrReadPrivilege = mock(Privilege.class);
+ when(acm.privilegeFromName(Privilege.JCR_REMOVE_NODE)).thenReturn(jcrReadPrivilege);
+
+ when(session.getAccessControlManager()).thenReturn(acm);
+ when(resourceResolver.adaptTo(Session.class)).thenReturn(session);
+ String[] paths = new String[]{"/foo"};
+ for (String path : paths) {
+ when(acm.hasPrivileges(path, new Privilege[]{privilege, jcrReadPrivilege})).thenReturn(true);
+ when(session.nodeExists(path)).thenReturn(true);
+ }
+ when(distributionRequest.getPaths()).thenReturn(paths);
+
+ when(distributionRequest.getRequestType()).thenReturn(DistributionRequestType.DELETE);
+ strategy.checkPermission(resourceResolver, distributionRequest);
+ }
+
+}
\ No newline at end of file
Propchange: sling/trunk/contrib/extensions/distribution/core/src/test/java/org/apache/sling/distribution/agent/impl/PrivilegeDistributionRequestAuthorizationStrategyTest.java
------------------------------------------------------------------------------
svn:eol-style = native