You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/06/03 14:36:25 UTC
svn commit: r1860566 - in /jackrabbit/oak/trunk/oak-core: ./
src/test/java/org/apache/jackrabbit/oak/security/authorization/
Author: angela
Date: Mon Jun 3 14:36:25 2019
New Revision: 1860566
URL: http://svn.apache.org/viewvc?rev=1860566&view=rev
Log:
OAK-8379 : Improve tests for o.a.j.oak.security.authorization
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java (with props)
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializerTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/pom.xml
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java
Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1860566&r1=1860565&r2=1860566&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Mon Jun 3 14:36:25 2019
@@ -159,6 +159,7 @@
<include>org.apache.jackrabbit.oak.security.user.autosave</include>
<include>org.apache.jackrabbit.oak.security.authentication.user</include>
<include>org.apache.jackrabbit.oak.security.user.whiteboard</include>
+ <include>org.apache.jackrabbit.oak.security.authorization</include>
</includes>
<excludes>
<exclude>*Test</exclude>
@@ -196,7 +197,6 @@
<element>PACKAGE</element>
<includes>
<include>org.apache.jackrabbit.oak.security.authentication</include>
- <include>org.apache.jackrabbit.oak.security.authorization</include>
<include>org.apache.jackrabbit.oak.security.user.query</include>
<include>org.apache.jackrabbit.oak.security.privilege</include>
<include>org.apache.jackrabbit.oak.security.authorization.accesscontrol</include>
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java?rev=1860566&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java Mon Jun 3 14:36:25 2019
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterables;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlImporter;
+import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidatorProvider;
+import org.apache.jackrabbit.oak.security.authorization.permission.MountPermissionProvider;
+import org.apache.jackrabbit.oak.security.authorization.permission.PermissionHook;
+import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreValidatorProvider;
+import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
+import org.apache.jackrabbit.oak.security.authorization.permission.VersionablePathHook;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
+import org.junit.Rule;
+import org.junit.Test;
+
+import java.lang.reflect.Field;
+import java.util.List;
+import java.util.Map;
+
+import static org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants.PARAM_ADMINISTRATIVE_PRINCIPALS;
+import static org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants.PARAM_READ_PATHS;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class AuthorizationConfigurationImplOSGiTest extends AbstractSecurityTest {
+
+ @Rule
+ public final OsgiContext context = new OsgiContext();
+
+ private AuthorizationConfigurationImpl authorizationConfiguration;
+
+ private MountInfoProvider mip;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ authorizationConfiguration = new AuthorizationConfigurationImpl(getSecurityProvider());
+ authorizationConfiguration.setTreeProvider(getTreeProvider());
+ authorizationConfiguration.setRootProvider(getRootProvider());
+
+ mip = when(mock(MountInfoProvider.class).hasNonDefaultMounts()).thenReturn(true).getMock();
+ context.registerService(MountInfoProvider.class, mip);
+
+ Map options = ImmutableMap.of(PARAM_ADMINISTRATIVE_PRINCIPALS, "administrators");
+ context.registerInjectActivateService(authorizationConfiguration, options);
+ }
+
+ @Test
+ public void testGetParameters() {
+ ConfigurationParameters params = authorizationConfiguration.getParameters();
+ assertEquals("administrators", params.getConfigValue(PARAM_ADMINISTRATIVE_PRINCIPALS, "undefined"));
+ assertEquals(PermissionConstants.DEFAULT_READ_PATHS, params.getConfigValue(PARAM_READ_PATHS, ImmutableSet.of()));
+ }
+
+ @Test
+ public void testGetName() {
+ assertEquals(AuthorizationConfiguration.NAME, authorizationConfiguration.getName());
+ }
+
+ @Test
+ public void testGetContext() {
+ assertSame(AuthorizationContext.getInstance(), authorizationConfiguration.getContext());
+ }
+
+ @Test
+ public void testGetWorkspaceInitializer() {
+ assertTrue(authorizationConfiguration.getWorkspaceInitializer() instanceof AuthorizationInitializer);
+ }
+
+ @Test
+ public void testGetCommitHooks() {
+ List<Class> expected = ImmutableList.of(VersionablePathHook.class, PermissionHook.class);
+ assertTrue(Iterables.elementsEqual(expected, Iterables.transform(authorizationConfiguration.getCommitHooks(adminSession.getWorkspaceName()), commitHook -> commitHook.getClass())));
+ }
+
+ @Test
+ public void testGetValidators() {
+ List<Class> expected = ImmutableList.of(PermissionStoreValidatorProvider.class, PermissionValidatorProvider.class, AccessControlValidatorProvider.class);
+ assertTrue(Iterables.elementsEqual(expected, Iterables.transform(authorizationConfiguration.getValidators(adminSession.getWorkspaceName(), ImmutableSet.of(), new MoveTracker()), commitHook -> commitHook.getClass())));
+ }
+
+ @Test
+ public void testGetProtectedItemImporters() {
+ List<ProtectedItemImporter> importers = authorizationConfiguration.getProtectedItemImporters();
+ assertEquals(1, importers.size());
+ assertTrue(importers.get(0) instanceof AccessControlImporter);
+ }
+
+ @Test
+ public void testDefaultMountInfoProvider() {
+ AuthorizationConfigurationImpl ac = new AuthorizationConfigurationImpl(getSecurityProvider());
+ ac.setRootProvider(getRootProvider());
+ ac.setTreeProvider(getTreeProvider());
+
+ PermissionProvider pp = ac.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
+ assertTrue(pp instanceof PermissionProviderImpl);
+ }
+
+ @Test
+ public void testBindMountInfoProvider() {
+ PermissionProvider pp = authorizationConfiguration.getPermissionProvider(root, adminSession.getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
+ assertTrue(pp instanceof MountPermissionProvider);
+ }
+
+ @Test
+ public void testUnbindMountInfoProvider() throws Exception {
+ authorizationConfiguration.unbindMountInfoProvider(mip);
+
+ Field f = AuthorizationConfigurationImpl.class.getDeclaredField("mountInfoProvider");
+ f.setAccessible(true);
+
+ assertNull(f.get(authorizationConfiguration));
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImplOSGiTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java?rev=1860566&r1=1860565&r2=1860566&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java Mon Jun 3 14:36:25 2019
@@ -33,13 +33,13 @@ import org.apache.jackrabbit.oak.commons
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Test;
@@ -75,7 +75,7 @@ public class AuthorizationContextTest ex
* @see <a href="https://issues.apache.org/jira/browse/OAK-2740">OAK-2740</a>
*/
@Test
- public void testItemDefinitionsDefinesContextRoot() throws Exception {
+ public void testItemDefinitionsDefinesContextRoot() {
List<String> paths = Lists.newArrayList(
"/jcr:system/jcr:nodeTypes/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy",
"/jcr:system/jcr:nodeTypes/rep:RepoAccessControllable/rep:namedChildNodeDefinitions/rep:repoPolicy");
@@ -179,7 +179,6 @@ public class AuthorizationContextTest ex
}
}
-
private static final class TypeTest {
private final String path;
@@ -197,7 +196,7 @@ public class AuthorizationContextTest ex
}
private static List<TypeTest> createTests(@NotNull Root root) throws Exception {
- List<TypeTest> tests = new ArrayList();
+ List<TypeTest> tests = new ArrayList<>();
tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy", TreeType.DEFAULT));
tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy/rep:Policy", TreeType.DEFAULT));
tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:ACL/rep:residualChildNodeDefinitions/rep:ACE", TreeType.DEFAULT));
@@ -209,22 +208,22 @@ public class AuthorizationContextTest ex
tests.add(new TypeTest(PermissionConstants.PERMISSIONS_STORE_PATH, TreeType.INTERNAL));
tests.add(new TypeTest(PermissionConstants.PERMISSIONS_STORE_PATH + "/a/b/child", TreeType.INTERNAL, TreeType.INTERNAL));
- NodeUtil testTree = new NodeUtil(root.getTree("/")).addChild("test", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree testTree = TreeUtil.addChild(root.getTree(PathUtils.ROOT_PATH),"test", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
for (String name : AccessControlConstants.POLICY_NODE_NAMES) {
- NodeUtil acl = testTree.addChild(name, AccessControlConstants.NT_REP_ACL);
- tests.add(new TypeTest(acl.getTree().getPath(), TreeType.ACCESS_CONTROL));
+ Tree acl = TreeUtil.addChild(testTree, name, AccessControlConstants.NT_REP_ACL);
+ tests.add(new TypeTest(acl.getPath(), TreeType.ACCESS_CONTROL));
- NodeUtil ace = acl.addChild("ace", AccessControlConstants.NT_REP_DENY_ACE);
- tests.add(new TypeTest(ace.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
+ Tree ace = TreeUtil.addChild(acl, "ace", AccessControlConstants.NT_REP_DENY_ACE);
+ tests.add(new TypeTest(ace.getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
- NodeUtil ace2 = acl.addChild("ace2", AccessControlConstants.NT_REP_GRANT_ACE);
- tests.add(new TypeTest(ace2.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
+ Tree ace2 = TreeUtil.addChild(acl, "ace2", AccessControlConstants.NT_REP_GRANT_ACE);
+ tests.add(new TypeTest(ace2.getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
- NodeUtil rest = ace2.addChild(AccessControlConstants.REP_RESTRICTIONS, AccessControlConstants.NT_REP_RESTRICTIONS);
- tests.add(new TypeTest(rest.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
+ Tree rest = TreeUtil.addChild(ace2, AccessControlConstants.REP_RESTRICTIONS, AccessControlConstants.NT_REP_RESTRICTIONS);
+ tests.add(new TypeTest(rest.getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
- NodeUtil invalid = rest.addChild("invalid", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
- tests.add(new TypeTest(invalid.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
+ Tree invalid = TreeUtil.addChild(rest, "invalid", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ tests.add(new TypeTest(invalid.getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
}
return tests;
}
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializerTest.java?rev=1860566&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializerTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializerTest.java Mon Jun 3 14:36:25 2019
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.spi.mount.Mount;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class AuthorizationInitializerTest {
+
+ private AuthorizationInitializer initializer;
+ private NodeBuilder builder;
+
+ @Before
+ public void before() {
+ Mount m = when(mock(Mount.class).getPathFragmentName()).thenReturn("mount").getMock();
+ MountInfoProvider mip = when(mock(MountInfoProvider.class).getNonDefaultMounts()).thenReturn(ImmutableSet.of(m)).getMock();
+ initializer = new AuthorizationInitializer(mip);
+
+ builder = mock(NodeBuilder.class);
+ when(builder.child(anyString())).thenReturn(builder);
+ when(builder.setProperty(anyString(), any(Object.class), any(Type.class))).thenReturn(builder);
+ when(builder.setProperty(anyString(), any(Object.class))).thenReturn(builder);
+ when(builder.setProperty(any(PropertyState.class))).thenReturn(builder);
+ }
+ @Test
+ public void testFirstInit() {
+ when(builder.hasChildNode(anyString())).thenReturn(false);
+ when(builder.hasProperty(anyString())).thenReturn(false);
+
+ initializer.initialize(builder, "wspName");
+
+ verify(builder, times(4)).hasChildNode(anyString());
+ verify(builder, times(6)).child(anyString());
+ verify(builder, times(1)).hasProperty(anyString());
+ verify(builder, times(2)).setProperty(any(PropertyState.class));
+ verify(builder, times(3)).setProperty(anyString(), any(Object.class));
+ verify(builder, times(5)).setProperty(anyString(), any(Object.class), any(Type.class));
+ }
+
+ @Test
+ public void testSecondInit() {
+ when(builder.hasChildNode(anyString())).thenReturn(true);
+ when(builder.hasProperty(anyString())).thenReturn(true);
+
+ initializer.initialize(builder, "wspName");
+
+ verify(builder, times(4)).hasChildNode(anyString());
+ verify(builder, times(3)).child(anyString());
+ verify(builder, times(1)).hasProperty(anyString());
+ verify(builder, never()).setProperty(any(PropertyState.class));
+ verify(builder, never()).setProperty(anyString(), any(Object.class));
+ verify(builder, never()).setProperty(anyString(), any(Object.class), any(Type.class));
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializerTest.java
------------------------------------------------------------------------------
svn:eol-style = native