You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2008/02/13 07:24:06 UTC
svn commit: r627271 [4/8] - in
/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki:
./ action/ attachment/ auth/ auth/acl/ auth/authorize/ auth/login/
auth/permissions/ auth/user/ dav/ diff/ filters/ htmltowiki/ parser/
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,668 @@
+package com.ecyrd.jspwiki.auth;
+
+import java.io.File;
+import java.security.Permission;
+import java.security.Principal;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiException;
+import com.ecyrd.jspwiki.WikiPage;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.WikiSessionTest;
+import com.ecyrd.jspwiki.attachment.Attachment;
+import com.ecyrd.jspwiki.auth.acl.UnresolvedPrincipal;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.auth.authorize.Role;
+import com.ecyrd.jspwiki.auth.permissions.AllPermission;
+import com.ecyrd.jspwiki.auth.permissions.PagePermission;
+import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
+import com.ecyrd.jspwiki.auth.permissions.WikiPermission;
+import com.ecyrd.jspwiki.auth.user.DefaultUserProfile;
+import com.ecyrd.jspwiki.auth.user.UserProfile;
+import com.ecyrd.jspwiki.providers.ProviderException;
+
+/**
+ * Tests the AuthorizationManager class.
+ * @author Janne Jalkanen
+ */
+public class AuthorizationManagerTest extends TestCase
+{
+ private AuthorizationManager m_auth;
+
+ private TestEngine m_engine;
+
+ private GroupManager m_groupMgr;
+
+ private WikiSession m_session;
+
+ private static class TestPrincipal implements Principal
+ {
+ private final String m_name;
+
+ public TestPrincipal( String name )
+ {
+ m_name = name;
+ }
+
+ public String getName()
+ {
+ return m_name;
+ }
+ }
+
+ public AuthorizationManagerTest( String s )
+ {
+ super( s );
+ }
+
+ public static Test suite()
+ {
+ TestSuite suite = new TestSuite( "Authorization Manager test" );
+ suite.addTestSuite( AuthorizationManagerTest.class );
+ return suite;
+ }
+
+ public void setUp() throws Exception
+ {
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+ m_engine = new TestEngine( props );
+ m_auth = m_engine.getAuthorizationManager();
+ m_groupMgr = m_engine.getGroupManager();
+ m_session = WikiSessionTest.adminSession( m_engine );
+ }
+
+ /**
+ * Tests the default policy. Anonymous users can read, Authenticated can
+ * edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
+ * the JRE at startup.
+ * @throws Exception
+ */
+ public void testDefaultPermissions() throws Exception
+ {
+ // Save a page without an ACL
+ m_engine.saveText( "TestDefaultPage", "Foo" );
+ Permission view = PermissionFactory.getPagePermission( "*:TestDefaultPage", "view" );
+ Permission edit = PermissionFactory.getPagePermission( "*:TestDefaultPage", "edit" );
+ WikiSession session;
+
+ // Alice is asserted
+ session = WikiSessionTest.assertedSession( m_engine, Users.ALICE );
+ assertTrue( "Alice view", m_auth.checkPermission( session, view ) );
+ assertTrue( "Alice edit", m_auth.checkPermission( session, edit ) );
+
+ // Bob is logged in
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+ assertTrue( "Bob view", m_auth.checkPermission( session, view ) );
+ assertTrue( "Bob edit", m_auth.checkPermission( session, edit ) );
+
+ // Delete the test page
+ try
+ {
+ m_engine.deletePage( "TestDefaultPage" );
+ }
+ catch( ProviderException e )
+ {
+ assertTrue( false );
+ }
+ }
+
+ public void testGetRoles() throws Exception
+ {
+ WikiSession session;
+ Principal[] principals;
+
+ // Create a new "asserted" session for Bob
+ session = WikiSessionTest.assertedSession( m_engine, Users.BOB );
+
+ // Set up a group without Bob in it
+ Group test = m_groupMgr.parseGroup( "Test", "Alice \n Charlie", true );
+ m_groupMgr.setGroup( m_session, test );
+
+ // Bob should have two roles: ASSERTED and ALL
+ principals = session.getRoles();
+ assertTrue( "Bob in ALL", ArrayUtils.contains( principals, Role.ALL ) );
+ assertTrue( "Bob in ASSERTED", ArrayUtils.contains( principals, Role.ASSERTED ) );
+ assertFalse( "Bob not in ANONYMOUS", ArrayUtils.contains( principals, Role.ANONYMOUS ) );
+ assertFalse( "Bob not in Test", ArrayUtils.contains( principals, test.getPrincipal() ) );
+
+ // Re-save group "Test" with Bob as a member
+ test = m_groupMgr.parseGroup( "Test", "Alice \n Bob \nCharlie", true );
+ m_groupMgr.setGroup( m_session, test );
+
+ // Bob not authenticated: should still have only two romes
+ principals = session.getRoles();
+ assertTrue( "Bob in ALL", ArrayUtils.contains( principals, Role.ALL ) );
+ assertTrue( "Bob in ASSERTED", ArrayUtils.contains( principals, Role.ASSERTED ) );
+ assertFalse( "Bob not in ANONYMOUS", ArrayUtils.contains( principals, Role.ANONYMOUS ) );
+ assertFalse( "Bob in Test", ArrayUtils.contains( principals, test.getPrincipal() ) );
+
+ // Elevate Bob to "authenticated" status
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+
+ // Re-save the group; Bob should possess the role now
+ test = m_groupMgr.parseGroup( "Test", "Alice \n Bob \n Charlie", true );
+ m_groupMgr.setGroup( m_session, test );
+ principals = session.getRoles();
+ assertTrue( "Bob in ALL", ArrayUtils.contains( principals, Role.ALL ) );
+ assertFalse( "Bob in ASSERTED", ArrayUtils.contains( principals, Role.ASSERTED ) );
+ assertFalse( "Bob not in ANONYMOUS", ArrayUtils.contains( principals, Role.ANONYMOUS ) );
+ assertTrue( "Bob in Test", ArrayUtils.contains( principals, test.getPrincipal() ) );
+
+ // Cleanup
+ m_groupMgr.removeGroup( "Test" );
+ }
+
+ public void testAssertedSession() throws Exception
+ {
+ // Create Alice and her roles
+ Principal alice = new WikiPrincipal( Users.ALICE );
+ Role it = new Role( "IT" );
+ Role engineering = new Role( "Engineering" );
+ Role finance = new Role( "Finance" );
+ Principal admin = new GroupPrincipal( "Admin" );
+ WikiSession session = WikiSessionTest.assertedSession(
+ m_engine,
+ Users.ALICE,
+ new Principal[] { it, engineering, admin } );
+
+ // Create two groups: Alice should be part of group Bar, but not Foo
+ Group fooGroup = m_groupMgr.parseGroup( "Foo", "", true );
+ Group barGroup = m_groupMgr.parseGroup( "Bar", "", true );
+ barGroup.add( alice );
+ m_groupMgr.setGroup( m_session, fooGroup );
+ m_groupMgr.setGroup( m_session, barGroup );
+
+ // Test user principal posession: Alice isn't considered to
+ // have the "Alice" principal because she's not authenticated
+ assertFalse ( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.ALICE ) ) );
+ assertFalse ( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.ALICE ) ) );
+ assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.BOB ) ) );
+ assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.BOB ) ) );
+
+ // Built-in role memberships
+ assertTrue( "Alice in ALL", m_auth.hasRoleOrPrincipal( session, Role.ALL ) );
+ assertFalse( "Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+ assertTrue( "Alice in ASSERTED", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+ assertFalse( "Alice not in AUTHENTICATED", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+
+ // Custom roles should be FALSE because Alice is asserted
+ assertFalse( "Alice not in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+ assertFalse( "Alice not in Engineering", m_auth.hasRoleOrPrincipal( session, engineering ) );
+ assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+
+ // Group memberships should be FALSE because Alice is asserted
+ assertFalse( "Alice not in Foo", m_auth.hasRoleOrPrincipal( session, fooGroup.getPrincipal() ) );
+ assertFalse( "Alice not in Bar", m_auth.hasRoleOrPrincipal( session, barGroup.getPrincipal() ) );
+
+ // Clean up
+ m_groupMgr.removeGroup( "Foo" );
+ m_groupMgr.removeGroup( "Bar" );
+ }
+
+ public void testAuthenticatedSession() throws Exception
+ {
+ // Create Alice and her roles
+ Principal alice = new WikiPrincipal( Users.ALICE );
+ Role it = new Role( "IT" );
+ Role engineering = new Role( "Engineering" );
+ Role finance = new Role( "Finance" );
+ Principal admin = new GroupPrincipal( "Admin" );
+ WikiSession session = WikiSessionTest.containerAuthenticatedSession(
+ m_engine,
+ Users.ALICE,
+ new Principal[] { it, engineering, admin } );
+
+ // Create two groups: Alice should be part of group Bar, but not Foo
+ Group fooGroup = m_groupMgr.parseGroup( "Foo", "", true );
+ Group barGroup = m_groupMgr.parseGroup( "Bar", "", true );
+ barGroup.add( alice );
+ m_groupMgr.setGroup( m_session, fooGroup );
+ m_groupMgr.setGroup( m_session, barGroup );
+
+ // Test user principal posession: user principals of different
+ // types should still be "the same" if their names are equal
+ assertTrue( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.ALICE ) ) );
+ assertTrue( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.ALICE ) ) );
+ assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.BOB ) ) );
+ assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.BOB ) ) );
+
+ // Built-in role membership
+ assertTrue( "Alice in ALL", m_auth.hasRoleOrPrincipal( session, Role.ALL ) );
+ assertFalse( "Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+ assertFalse( "Alice not in ASSERTED", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+ assertTrue( "Alice in AUTHENTICATED", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+
+ // Custom roles
+ assertTrue( "Alice in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+ assertTrue( "Alice in Engineering", m_auth.hasRoleOrPrincipal( session, engineering ) );
+ assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+
+ // Group memberships
+ assertFalse( "Alice not in Foo", m_auth.hasRoleOrPrincipal( session, fooGroup.getPrincipal() ) );
+ assertTrue( "Alice in Bar", m_auth.hasRoleOrPrincipal( session, barGroup.getPrincipal() ) );
+
+ // Cleanup
+ m_groupMgr.removeGroup( "Foo" );
+ m_groupMgr.removeGroup( "Bar" );
+ }
+
+ public void testInheritedPermissions() throws Exception
+ {
+ // Create test page & attachment
+ String src = "[{ALLOW edit Alice}] ";
+ m_engine.saveText( "Test", src );
+
+ File f = m_engine.makeAttachmentFile();
+ Attachment att = new Attachment( m_engine, "Test", "test1.txt" );
+ att.setAuthor( "FirstPost" );
+ m_engine.getAttachmentManager().storeAttachment( att, f );
+
+ Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" );
+ Permission view = PermissionFactory.getPagePermission( p, "view" );
+ Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+ // Create authenticated session with user 'Alice', who can read & edit (in ACL)
+ WikiSession session;
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+ assertTrue( "Alice view Test/test1.txt", m_auth.checkPermission( session, view ) );
+ assertTrue( "Alice edit Test/test1.txt", m_auth.checkPermission( session, edit ) );
+
+ // Create authenticated session with user 'Bob', who can't read or edit (not in ACL)
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+ assertFalse( "Bob !view Test/test1.txt", m_auth.checkPermission( session, view ) );
+ assertFalse( "Bob !edit Test/test1.txt", m_auth.checkPermission( session, edit ) );
+
+ // Delete test page & attachment
+ m_engine.getAttachmentManager().deleteAttachment( att );
+ m_engine.deletePage( "Test" );
+ }
+
+ public void testInheritedAclPermissions() throws Exception
+ {
+ // Create test page & attachment
+ String src = "[{ALLOW view Alice}] ";
+ m_engine.saveText( "Test", src );
+
+ File f = m_engine.makeAttachmentFile();
+ Attachment att = new Attachment( m_engine, "Test", "test1.txt" );
+ att.setAuthor( "FirstPost" );
+ m_engine.getAttachmentManager().storeAttachment( att, f );
+
+ Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" );
+ Permission view = PermissionFactory.getPagePermission( p, "view" );
+ Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+ // Create session with user 'Alice', who can read (in ACL)
+ WikiSession session;
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+ assertTrue( "Foo view Test", m_auth.checkPermission( session, view ) );
+ assertFalse( "Foo !edit Test", m_auth.checkPermission( session, edit ) );
+
+ // Create session with user 'Bob', who can't read or edit (not in ACL)
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+ assertFalse( "Bar !view Test", m_auth.checkPermission( session, view ) );
+ assertFalse( "Bar !edit Test", m_auth.checkPermission( session, view ) );
+
+ // Delete test page & attachment
+ m_engine.getAttachmentManager().deleteAttachment( att );
+ m_engine.deletePage( "Test" );
+ }
+
+ public void testHasRoleOrPrincipal() throws Exception
+ {
+ // Create new user Alice and 2 sample roles
+ Principal alice = new WikiPrincipal( Users.ALICE );
+ Role it = new Role( "IT" );
+ Role finance = new Role( "Finance" );
+
+ // Create Group1 with Alice in it, Group2 without
+ WikiSession session = WikiSessionTest.adminSession( m_engine );
+ Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true );
+ m_groupMgr.setGroup( session, g1 );
+ Principal group1 = g1.getPrincipal();
+ Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true );
+ m_groupMgr.setGroup( session, g2 );
+ Principal group2 = g2.getPrincipal();
+
+ // Create anonymous session; not in ANY custom roles or groups
+ session = WikiSessionTest.anonymousSession( m_engine );
+ assertTrue ( "Anon anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+ assertFalse( "Anon not asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+ assertFalse( "Anon not authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+ assertFalse( "Alice not in Anon", m_auth.hasRoleOrPrincipal( session, alice ) );
+ assertFalse( "Anon not in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+ assertFalse( "Anon not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+ assertFalse( "Anon not in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) );
+ assertFalse( "Anon not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) );
+
+ // Create asserted session with 1 GroupPrincipal & 1 custom Role
+ // Alice is asserted, and thus not in ANY custom roles or groups
+ session = WikiSessionTest.assertedSession( m_engine, Users.ALICE, new Principal[] { it } );
+ assertFalse( "Alice not anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+ assertTrue ( "Alice asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+ assertFalse( "Alice not authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+ assertFalse( "Alice not in Alice", m_auth.hasRoleOrPrincipal( session, alice ) );
+ assertFalse( "Alice not in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+ assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+ assertFalse( "Alice not in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) );
+ assertFalse( "Alice not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) );
+
+ // Create authenticated session with 1 GroupPrincipal & 1 custom Role
+ // Alice is authenticated, and thus part of custom roles and groups
+ session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { it } );
+ assertFalse( "Alice not anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+ assertFalse( "Alice not asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+ assertTrue ( "Alice authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+ assertTrue ( "Alice in Ernie", m_auth.hasRoleOrPrincipal( session, alice ) );
+ assertTrue ( "Alice in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+ assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+ assertTrue ( "Alice in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) );
+ assertFalse( "Alice not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) );
+
+ // Clean up
+ m_groupMgr.removeGroup( "Group1" );
+ m_groupMgr.removeGroup( "Group2" );
+ }
+
+ public void testIsUserInRole() throws Exception
+ {
+ // Create new user Alice and 2 sample roles
+ Principal alice = new WikiPrincipal( Users.ALICE );
+ Role it = new Role( "IT" );
+ Role finance = new Role( "Finance" );
+
+ // Create Group1 with Alice in it, Group2 without
+ WikiSession session = WikiSessionTest.adminSession( m_engine );
+ Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true );
+ m_groupMgr.setGroup( session, g1 );
+ Principal group1 = g1.getPrincipal();
+ Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true );
+ m_groupMgr.setGroup( session, g2 );
+ Principal group2 = g2.getPrincipal();
+
+ // Create anonymous session; not in ANY custom roles or groups
+ session = WikiSessionTest.anonymousSession( m_engine );
+ assertTrue ( "Anon anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) );
+ assertFalse( "Anon not asserted", m_auth.isUserInRole( session, Role.ASSERTED ) );
+ assertFalse( "Anon not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) );
+ assertFalse( "Anon not in Ernie", m_auth.isUserInRole( session, alice ) );
+ assertFalse( "Anon not in IT", m_auth.isUserInRole( session, it ) );
+ assertFalse( "Anon not in Finance", m_auth.isUserInRole( session, finance ) );
+ assertFalse( "Anon not in Group1", m_auth.isUserInRole( session, group1 ) );
+ assertFalse( "Anon not in Group2", m_auth.isUserInRole( session, group2 ) );
+
+ // Create asserted session with 1 GroupPrincipal & 1 custom Role
+ // Alice is asserted, and thus not in ANY custom roles or groups
+ session = WikiSessionTest.assertedSession( m_engine, Users.ALICE, new Principal[] { it } );
+ assertFalse( "Alice not anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) );
+ assertTrue ( "Alice asserted", m_auth.isUserInRole( session, Role.ASSERTED ) );
+ assertFalse( "Alice not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) );
+ assertFalse( "Alice not in Alice", m_auth.isUserInRole( session, alice ) );
+ assertFalse( "Alice not in IT", m_auth.isUserInRole( session, it ) );
+ assertFalse( "Alice not in Finance", m_auth.isUserInRole( session, finance ) );
+ assertFalse( "Alice not in Group1", m_auth.isUserInRole( session, group1 ) );
+ assertFalse( "Alice not in Group2", m_auth.isUserInRole( session, group2 ) );
+
+ // Create authenticated session with 1 GroupPrincipal & 1 custom Role
+ // Ernie is authenticated, and thus part of custom roles and groups
+ session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { it } );
+ assertFalse( "Alice not anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) );
+ assertFalse( "Alice not asserted", m_auth.isUserInRole( session, Role.ASSERTED ) );
+ assertTrue ( "Alice not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) );
+ assertFalse( "Alice not in Alice", m_auth.isUserInRole( session, alice ) );
+ assertTrue ( "Alice in IT", m_auth.isUserInRole( session, it ) );
+ assertFalse( "Alice not in Finance", m_auth.isUserInRole( session, finance ) );
+ assertTrue ( "Alice in Group1", m_auth.isUserInRole( session, group1 ) );
+ assertFalse( "Alice not in Group2", m_auth.isUserInRole( session, group2 ) );
+
+ // Clean up
+ m_groupMgr.removeGroup( "Group1" );
+ m_groupMgr.removeGroup( "Group2" );
+ }
+
+ public void testPrincipalAcl() throws Exception
+ {
+ // Create test page & attachment
+ String src = "[{ALLOW edit Alice}] ";
+ m_engine.saveText( "Test", src );
+
+ WikiPage p = m_engine.getPage( "Test" );
+ Permission view = PermissionFactory.getPagePermission( p, "view" );
+ Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+ // Create session with authenticated user 'Alice', who can read & edit (in ACL)
+ WikiSession session;
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+ assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) );
+ assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) );
+
+ // Create session with authenticated user 'Bob', who can't read or edit (not in ACL)
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+ assertFalse( "Bob !view Test", m_auth.checkPermission( session, view ) );
+ assertFalse( "Bob !edit Test", m_auth.checkPermission( session, edit ) );
+
+ // Cleanup
+ try
+ {
+ m_engine.deletePage( "Test" );
+ }
+ catch( ProviderException e )
+ {
+ fail( "Could not delete page" );
+ }
+ }
+
+ /**
+ * Any principal strings that have same names as built-in roles should
+ * resolve as built-in roles!
+ */
+ public void testResolveBuiltInRoles()
+ {
+ Principal principal = Role.AUTHENTICATED;
+ assertEquals( principal, m_auth.resolvePrincipal( "Authenticated" ) );
+ principal = Role.ASSERTED;
+ assertEquals( principal, m_auth.resolvePrincipal( "Asserted" ) );
+ principal = Role.ALL;
+ assertEquals( principal, m_auth.resolvePrincipal( "All" ) );
+ principal = Role.ANONYMOUS;
+ assertEquals( principal, m_auth.resolvePrincipal( "Anonymous" ) );
+
+ // This should not resolve because there's no built-in role Admin
+ principal = new WikiPrincipal( "Admin" );
+ assertFalse( principal.equals( m_auth.resolvePrincipal( "Admin" ) ) );
+ }
+
+ public void testResolveGroups() throws WikiException
+ {
+ Group group1 = m_groupMgr.parseGroup( "SampleGroup", "", true );
+ m_groupMgr.setGroup( m_session, group1 );
+
+ assertEquals( group1.getPrincipal(), m_auth.resolvePrincipal( "SampleGroup" ) );
+ m_groupMgr.removeGroup( "SampleGroup" );
+
+ // We shouldn't be able to spoof a built-in role
+ try
+ {
+ Group group2 = m_groupMgr.parseGroup( "Authenticated", "", true );
+ assertNotSame( group2.getPrincipal(), m_auth.resolvePrincipal( "Authenticated" ) );
+ }
+ catch ( WikiSecurityException e )
+ {
+ assertTrue ( "Authenticated not allowed as group name.", true );
+ }
+ assertEquals( Role.AUTHENTICATED, m_auth.resolvePrincipal( "Authenticated" ) );
+ }
+
+ public void testResolveUsers() throws WikiException
+ {
+ // We should be able to resolve a user by login, user, or wiki name
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "authmanagertest@tester.net" );
+ profile.setFullname( "AuthorizationManagerTest User" );
+ profile.setLoginName( "authmanagertest" );
+ try
+ {
+ m_engine.getUserManager().getUserDatabase().save( profile );
+ }
+ catch( WikiSecurityException e )
+ {
+ fail( "Failed save: " + e.getLocalizedMessage() );
+ }
+ assertEquals( new WikiPrincipal( "authmanagertest", WikiPrincipal.LOGIN_NAME ), m_auth.resolvePrincipal( "authmanagertest" ) );
+ assertEquals( new WikiPrincipal( "AuthorizationManagerTest User", WikiPrincipal.FULL_NAME ), m_auth.resolvePrincipal( "AuthorizationManagerTest User" ) );
+ assertEquals( new WikiPrincipal( "AuthorizationManagerTestUser", WikiPrincipal.WIKI_NAME ), m_auth.resolvePrincipal( "AuthorizationManagerTestUser" ) );
+ try
+ {
+ m_engine.getUserManager().getUserDatabase().deleteByLoginName( "authmanagertest" );
+ }
+ catch( WikiSecurityException e )
+ {
+ fail( "Failed delete: " + e.getLocalizedMessage() );
+ }
+
+
+ // A wiki group should resolve to itself
+ Group group1 = m_groupMgr.parseGroup( "SampleGroup", "", true );
+ m_groupMgr.setGroup( m_session, group1 );
+ assertEquals( group1.getPrincipal(), m_auth.resolvePrincipal( "SampleGroup" ) );
+ m_groupMgr.removeGroup( "SampleGroup" );
+
+ // A built-in role should resolve to itself
+ assertEquals( Role.AUTHENTICATED, m_auth.resolvePrincipal( "Authenticated" ) );
+
+ // We shouldn't be able to spoof a built-in role
+ assertNotSame( new WikiPrincipal( "Authenticated" ), m_auth.resolvePrincipal( "Authenticated" ) );
+
+ // An unknown user should resolve to a generic UnresolvedPrincipal
+ Principal principal = new UnresolvedPrincipal( "Bart Simpson" );
+ assertEquals( principal, m_auth.resolvePrincipal( "Bart Simpson" ) );
+ }
+
+ public void testRoleAcl() throws Exception
+ {
+ // Create test page & attachment
+ String src = "[{ALLOW edit Authenticated}] ";
+ m_engine.saveText( "Test", src );
+
+ WikiPage p = m_engine.getPage( "Test" );
+ Permission view = PermissionFactory.getPagePermission( p, "view" );
+ Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+ // Create session with authenticated user 'Alice', who can read & edit
+ WikiSession session;
+ session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+ assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) );
+ assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) );
+
+ // Create session with asserted user 'Bob', who can't read or edit (not in ACL)
+ session = WikiSessionTest.assertedSession( m_engine, Users.BOB );
+ assertFalse( "Bob !view Test", m_auth.checkPermission( session, view ) );
+ assertFalse( "Bob !edit Test", m_auth.checkPermission( session, edit ) );
+
+ // Cleanup
+ try
+ {
+ m_engine.deletePage( "Test" );
+ }
+ catch( ProviderException e )
+ {
+ assertTrue( false );
+ }
+ }
+
+ public void testStaticPermission() throws Exception
+ {
+ WikiSession s = WikiSessionTest.anonymousSession( m_engine );
+ assertTrue( "Anonymous view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+ assertTrue( "Anonymous edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+ assertTrue( "Anonymous comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+ assertFalse( "Anonymous modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+ assertFalse( "Anonymous upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+ assertFalse( "Anonymous rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+ assertFalse( "Anonymous delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+ assertTrue( "Anonymous prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+ assertTrue( "Anonymous profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+ assertTrue( "Anonymous pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+ assertFalse( "Anonymous groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+
+ s = WikiSessionTest.assertedSession( m_engine, "Jack Sparrow" );
+ assertTrue( "Asserted view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+ assertTrue( "Asserted edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+ assertTrue( "Asserted comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+ assertFalse( "Asserted modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+ assertFalse( "Asserted upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+ assertFalse( "Asserted rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+ assertFalse( "Asserted delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+ assertTrue( "Asserted prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+ assertTrue( "Asserted profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+ assertTrue( "Asserted pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+ assertFalse( "Asserted groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+
+ s = WikiSessionTest.authenticatedSession( m_engine, Users.JANNE, Users.JANNE_PASS );
+ assertTrue( "Authenticated view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+ assertTrue( "Authenticated edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+ assertTrue( "Authenticated comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+ assertTrue( "Authenticated modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+ assertTrue( "Authenticated upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+ assertTrue( "Authenticated rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+ assertFalse( "Authenticated delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+ assertTrue( "Authenticated prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+ assertTrue( "Authenticated profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+ assertTrue( "Authenticated pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+ assertTrue( "Authenticated groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+
+ s = WikiSessionTest.adminSession( m_engine );
+ assertTrue( "Admin view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+ assertTrue( "Admin edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+ assertTrue( "Admin comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+ assertTrue( "Admin modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+ assertTrue( "Admin upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+ assertTrue( "Admin rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+ // Even though we grant AllPermission in the policy, 'delete' isn't explicit so the check
+ // for delete privileges will fail (but it will succeed if requested via the checkPermission())
+ assertFalse( "Admin delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+ assertTrue( "Admin prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+ assertTrue( "Admin profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+ assertTrue( "Admin pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+ assertTrue( "Admin groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+ }
+
+ public void testAdminView()
+ throws Exception
+ {
+ m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" );
+
+ Principal admin = new GroupPrincipal( "Admin" );
+ WikiSession session = WikiSessionTest.containerAuthenticatedSession(
+ m_engine,
+ Users.ALICE,
+ new Principal[] { admin } );
+
+ assertTrue( "Alice has AllPermission", m_auth.checkPermission( session,
+ new AllPermission( m_engine.getApplicationName() )));
+ assertTrue( "Alice cannot read", m_auth.checkPermission( session,
+ new PagePermission("TestDefaultPage","view") ) );
+ }
+
+ public void testAdminView2() throws Exception
+ {
+ m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" );
+
+ WikiSession session = WikiSessionTest.adminSession(m_engine);
+
+ assertTrue( "Alice has AllPermission", m_auth.checkPermission( session,
+ new AllPermission( m_engine.getApplicationName() )));
+ assertTrue( "Alice cannot read", m_auth.checkPermission( session,
+ new PagePermission("TestDefaultPage","view") ) );
+ }
+
+}
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,197 @@
+package com.ecyrd.jspwiki.auth;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiException;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.WikiSessionTest;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.event.WikiSecurityEvent;
+
+public class GroupManagerTest extends TestCase
+{
+ private TestEngine m_engine;
+
+ private GroupManager m_groupMgr;
+
+ private SecurityEventTrap m_trap = new SecurityEventTrap();
+
+ private WikiSession m_session;
+
+ public GroupManagerTest( String s )
+ {
+ super( s );
+ }
+
+ public void setUp() throws Exception
+ {
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+
+ m_engine = new TestEngine( props );
+ m_groupMgr = m_engine.getGroupManager();
+ m_session = WikiSessionTest.adminSession( m_engine );
+
+ // Flush any pre-existing groups (left over from previous failures, perhaps)
+ try
+ {
+ m_groupMgr.removeGroup( "Test" );
+ m_groupMgr.removeGroup( "Test2" );
+ m_groupMgr.removeGroup( "Test3" );
+ }
+ catch ( NoSuchPrincipalException e )
+ {
+ // It's not a problem if we can't find the principals...
+ }
+
+ m_groupMgr.addWikiEventListener( m_trap );
+ m_trap.clearEvents();
+
+ // Add 3 test groups
+ Group group;
+ group = m_groupMgr.parseGroup( "Test", "Alice \n Bob \n Charlie", true );
+ m_groupMgr.setGroup( m_session, group );
+ group = m_groupMgr.parseGroup( "Test2", "Bob", true );
+ m_groupMgr.setGroup( m_session, group );
+ group = m_groupMgr.parseGroup( "Test3", "Fred Flintstone", true );
+ m_groupMgr.setGroup( m_session, group );
+
+ // We should see 3 events: 1 for each group add
+ assertEquals( 3, m_trap.events().length );
+ m_trap.clearEvents();
+ }
+
+ public void tearDown() throws WikiException
+ {
+ m_groupMgr.removeGroup( "Test" );
+ m_groupMgr.removeGroup( "Test2" );
+ m_groupMgr.removeGroup( "Test3" );
+ }
+
+ public void testParseGroup() throws WikiSecurityException
+ {
+ String members = "Biff";
+ Group group = m_groupMgr.parseGroup( "Group1", members, true );
+ assertEquals( 1, group.getMembers().size() );
+ assertTrue ( group.isMember( new WikiPrincipal( "Biff" ) ) );
+
+ members = "Biff \n SteveAustin \n FredFlintstone";
+ group = m_groupMgr.parseGroup( "Group2", members, true );
+ assertEquals( 3, group.getMembers().size() );
+ assertTrue ( group.isMember( new WikiPrincipal( "Biff" ) ) );
+ assertTrue ( group.isMember( new WikiPrincipal( "SteveAustin" ) ) );
+ assertTrue ( group.isMember( new WikiPrincipal( "FredFlintstone" ) ) );
+ }
+
+ public void testGetRoles()
+ {
+ Principal[] roles = m_groupMgr.getRoles();
+ assertTrue( "Found Test", ArrayUtils.contains( roles, new GroupPrincipal( "Test" ) ) );
+ assertTrue( "Found Test2", ArrayUtils.contains( roles, new GroupPrincipal( "Test2" ) ) );
+ assertTrue( "Found Test3", ArrayUtils.contains( roles, new GroupPrincipal( "Test3" ) ) );
+ }
+
+ public void testGroupMembership() throws Exception
+ {
+ WikiSession s;
+
+ // Anonymous; should belong to NO groups
+ s = WikiSessionTest.anonymousSession( m_engine );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+ // Alice is asserted; should belong to NO groups
+ s = WikiSessionTest.assertedSession( m_engine, Users.ALICE );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+ // Alice is authenticated; should belong to Test
+ s = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+ assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+ // Bob is authenticated; should belong to Test & Test2
+ s = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+ assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+ // Charlie is authenticated; should belong to Test
+ s = WikiSessionTest.authenticatedSession( m_engine, Users.CHARLIE, Users.CHARLIE_PASS );
+ assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+ // Fred is authenticated; should belong to Test3
+ s = WikiSessionTest.authenticatedSession( m_engine, Users.FRED, Users.FRED_PASS );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+ // Nobody loves Biff!
+ s = WikiSessionTest.authenticatedSession( m_engine, Users.BIFF, Users.BIFF_PASS );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+ assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+ }
+
+ public void testGroupAddEvents() throws Exception
+ {
+ // Flush any pre-existing groups (left over from previous failures, perhaps)
+ try
+ {
+ m_groupMgr.removeGroup( "Events" );
+ }
+ catch ( NoSuchPrincipalException e )
+ {
+ // It's not a problem if we get here...
+ }
+ m_trap.clearEvents();
+
+ Group group = m_groupMgr.parseGroup( "Events", "", true );
+ m_groupMgr.setGroup( m_session, group );
+ WikiSecurityEvent event;
+ group = m_groupMgr.getGroup( "Events" );
+ group.add( new WikiPrincipal( "Alice" ) );
+ group.add( new WikiPrincipal( "Bob" ) );
+ group.add( new WikiPrincipal( "Charlie" ) );
+
+ // We should see a GROUP_ADD event
+ WikiSecurityEvent[] events = m_trap.events();
+ assertEquals( 1, events.length );
+ event = events[0];
+ assertEquals( m_groupMgr, event.getSource() );
+ assertEquals( WikiSecurityEvent.GROUP_ADD, event.getType() );
+ assertEquals( group, event.getTarget() );
+
+ // Clean up
+ m_groupMgr.removeGroup( "Events" );
+ }
+
+ public static Test suite()
+ {
+ TestSuite suite = new TestSuite("Group manager tests");
+ suite.addTestSuite( GroupManagerTest.class );
+ return suite;
+ }
+
+}
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,48 @@
+package com.ecyrd.jspwiki.auth;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.ecyrd.jspwiki.event.WikiEvent;
+import com.ecyrd.jspwiki.event.WikiEventListener;
+import com.ecyrd.jspwiki.event.WikiSecurityEvent;
+
+/**
+ * Traps the most recent WikiEvent so that it can be used in assertions.
+ * @author Andrew Jaquith
+ * @since 2.3.79
+ */
+public class SecurityEventTrap implements WikiEventListener
+{
+ private WikiSecurityEvent m_lastEvent = null;
+ private List<WikiSecurityEvent> m_events = new ArrayList<WikiSecurityEvent>();
+
+ public void actionPerformed( WikiEvent event )
+ {
+ if ( event instanceof WikiSecurityEvent )
+ {
+ m_lastEvent = (WikiSecurityEvent)event;
+ m_events.add( (WikiSecurityEvent)event );
+ }
+ else
+ {
+ throw new IllegalArgumentException( "Event wasn't a WikiSecurityEvent. Check the unit test code!" );
+ }
+ }
+
+ public WikiSecurityEvent lastEvent()
+ {
+ return m_lastEvent;
+ }
+
+ public void clearEvents()
+ {
+ m_events.clear();
+ }
+
+ public WikiSecurityEvent[] events()
+ {
+ return m_events.toArray(new WikiSecurityEvent[m_events.size()]);
+ }
+
+}
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,404 @@
+package com.ecyrd.jspwiki.auth;
+import java.security.Principal;
+import java.util.Collection;
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import junit.framework.TestCase;
+
+import com.ecyrd.jspwiki.*;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
+import com.ecyrd.jspwiki.auth.user.*;
+import com.ecyrd.jspwiki.workflow.*;
+
+
+
+/**
+ * @author Andrew Jaquith
+ */
+public class UserManagerTest extends TestCase
+{
+
+ private TestEngine m_engine;
+ private UserManager m_mgr;
+ private UserDatabase m_db;
+
+ /**
+ * @see junit.framework.TestCase#setUp()
+ */
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+
+ // Make sure user profile save workflow is OFF
+ props.remove( "jspwiki.approver"+UserManager.SAVE_APPROVER );
+
+ // Make sure we are using the XML user database
+ props.put( XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml" );
+ m_engine = new TestEngine( props );
+ m_mgr = m_engine.getUserManager();
+ m_db = m_mgr.getUserDatabase();
+ }
+
+ /** Call this setup program to use the save-profile workflow. */
+ protected void setUpWithWorkflow() throws Exception
+ {
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+
+ // Turn on user profile saves by the Admin group
+ props.put( "jspwiki.approver."+UserManager.SAVE_APPROVER, "Admin" );
+
+ // Make sure we are using the XML user database
+ props.put( XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml" );
+ m_engine = new TestEngine( props );
+ m_mgr = m_engine.getUserManager();
+ m_db = m_mgr.getUserDatabase();
+ }
+
+ public void testSetRenamedUserProfile() throws Exception
+ {
+ // First, count the number of users, groups, and pages
+ int oldUserCount = m_db.getWikiNames().length;
+ GroupManager groupManager = m_engine.getGroupManager();
+ PageManager pageManager = m_engine.getPageManager();
+ AuthorizationManager authManager = m_engine.getAuthorizationManager();
+ int oldGroupCount = groupManager.getRoles().length;
+ int oldPageCount = pageManager.getTotalPageCount();
+
+ // Setup Step 1: create a new user with random name
+ WikiSession session = m_engine.guestSession();
+ long now = System.currentTimeMillis();
+ String oldLogin = "TestLogin" + now;
+ String oldName = "Test User " + now;
+ String newLogin = "RenamedLogin" + now;
+ String newName = "Renamed User " + now;
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "testuser@testville.com" );
+ profile.setLoginName( oldLogin );
+ profile.setFullname ( oldName );
+ profile.setPassword ( "password" );
+ m_mgr.setUserProfile( session, profile );
+
+ // 1a. Make sure the profile saved successfully
+ profile = m_mgr.getUserProfile( session );
+ assertEquals( oldLogin, profile.getLoginName() );
+ assertEquals( oldName, profile.getFullname() );
+ assertEquals( oldUserCount+1, m_db.getWikiNames().length );
+
+ // Setup Step 2: create a new group with our test user in it
+ String groupName = "Group"+now;
+ Group group = groupManager.parseGroup( groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true );
+ groupManager.setGroup( session, group );
+
+ // 2a. Make sure the group is created with the user in it, and the role is added to the Subject
+ assertEquals( oldGroupCount+1, groupManager.getRoles().length );
+ assertTrue ( group.isMember( new WikiPrincipal( oldLogin ) ) );
+ assertTrue ( group.isMember( new WikiPrincipal( oldName ) ) );
+ assertFalse ( group.isMember( new WikiPrincipal( newLogin ) ) );
+ assertFalse ( group.isMember( new WikiPrincipal( newName ) ) );
+ assertTrue ( groupManager.isUserInRole( session, group.getPrincipal() ) );
+
+ // Setup Step 3: create a new page with our test user in the ACL
+ String pageName = "TestPage" + now;
+ m_engine.saveText( pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text." );
+
+ // 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
+ WikiPage p = m_engine.getPage( pageName );
+ assertEquals ( oldPageCount+1, pageManager.getTotalPageCount() );
+ assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+ assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldName ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newName ) ) );
+ assertTrue ( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+ WikiSession bobSession = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+ assertFalse ( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+
+ // Setup Step 4: change the user name in the profile and see what happens
+ profile = new DefaultUserProfile();
+ profile.setEmail ( "testuser@testville.com" );
+ profile.setLoginName( oldLogin );
+ profile.setFullname ( newName );
+ profile.setPassword ( "password" );
+ m_mgr.setUserProfile( session, profile );
+
+ // Test 1: the wiki session should have the new wiki name in Subject
+ Principal[] principals = session.getPrincipals();
+ assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( oldLogin ) ) );
+ assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( oldName ) ) );
+ assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( newLogin ) ) );
+ assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( newName ) ) );
+
+ // Test 2: our group should not contain the old name OR login name any more
+ // (the full name is always used)
+ group = groupManager.getGroup( groupName );
+ assertFalse( group.isMember( new WikiPrincipal( oldLogin ) ) );
+ assertFalse( group.isMember( new WikiPrincipal( oldName ) ) );
+ assertFalse( group.isMember( new WikiPrincipal( newLogin ) ) );
+ assertTrue ( group.isMember( new WikiPrincipal( newName ) ) );
+
+ // Test 3: our page should not contain the old wiki name OR login name
+ // in the ACL any more (the full name is always used)
+ p = m_engine.getPage( pageName );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( oldName ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+ assertNotNull( p.getAcl().getEntry( new WikiPrincipal( newName ) ) );
+ assertTrue( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+ assertFalse( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+
+ // Test 4: our page text should have been re-written
+ // (The new full name should be in the ACL, but the login name should have been removed)
+ String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text. More text.\r\n";
+ String actualText = m_engine.getText( pageName );
+ assertEquals( expectedText, actualText );
+
+ // Remove our test page
+ m_engine.deletePage( pageName );
+
+ // Setup Step 6: re-create the group with our old test user names in it
+ group = groupManager.parseGroup( groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true );
+ groupManager.setGroup( session, group );
+
+ // Setup Step 7: Save a new page with the old login/wiki names in the ACL again
+ // The test user should still be able to see the page (because the login name matches...)
+ pageName = "TestPage2" + now;
+ m_engine.saveText( pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text." );
+ p = m_engine.getPage( pageName );
+ assertEquals ( oldPageCount+1, pageManager.getTotalPageCount() );
+ assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+ assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldName ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newName ) ) );
+ assertTrue ( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+ assertFalse ( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+
+ // Setup Step 8: re-save the profile with the new login name
+ profile = new DefaultUserProfile();
+ profile.setEmail ( "testuser@testville.com" );
+ profile.setLoginName( newLogin );
+ profile.setFullname ( oldName );
+ profile.setPassword ( "password" );
+ m_mgr.setUserProfile( session, profile );
+
+ // Test 5: the wiki session should have the new login name in Subject
+ principals = session.getPrincipals();
+ assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( oldLogin ) ) );
+ assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( oldName ) ) );
+ assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( newLogin ) ) );
+ assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( newName ) ) );
+
+ // Test 6: our group should not contain the old name OR login name any more
+ // (the full name is always used)
+ group = groupManager.getGroup( groupName );
+ assertFalse( group.isMember( new WikiPrincipal( oldLogin ) ) );
+ assertTrue ( group.isMember( new WikiPrincipal( oldName ) ) );
+ assertFalse( group.isMember( new WikiPrincipal( newLogin ) ) );
+ assertFalse( group.isMember( new WikiPrincipal( newName ) ) );
+
+ // Test 7: our page should not contain the old wiki name OR login name
+ // in the ACL any more (the full name is always used)
+ p = m_engine.getPage( pageName );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+ assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldName ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+ assertNull ( p.getAcl().getEntry( new WikiPrincipal( newName ) ) );
+ assertTrue( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+ assertFalse( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+
+ // Test 8: our page text should have been re-written
+ // (The new full name should be in the ACL, but the login name should have been removed)
+ expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text. More text.\r\n";
+ actualText = m_engine.getText( pageName );
+ assertEquals( expectedText, actualText );
+
+ // CLEANUP: delete the profile; user and page; should be back to old counts
+ m_db.deleteByLoginName( newLogin );
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+
+ groupManager.removeGroup( group.getName() );
+ assertEquals( oldGroupCount, groupManager.getRoles().length );
+
+ m_engine.deletePage( pageName );
+ assertEquals( oldPageCount, pageManager.getTotalPageCount() );
+ }
+
+ public void testSetUserProfile() throws Exception
+ {
+ // First, count the number of users in the db now.
+ int oldUserCount = m_db.getWikiNames().length;
+
+ // Create a new user with random name
+ WikiSession session = m_engine.guestSession();
+ String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "testuser@testville.com" );
+ profile.setLoginName( loginName );
+ profile.setFullname( "FullName"+loginName );
+ profile.setPassword( "password");
+ m_mgr.setUserProfile( session, profile );
+
+ // Make sure the profile saved successfully
+ profile = m_mgr.getUserProfile( session );
+ assertEquals( loginName, profile.getLoginName() );
+ assertEquals( oldUserCount+1, m_db.getWikiNames().length );
+
+ // Now delete the profile; should be back to old count
+ m_db.deleteByLoginName( loginName );
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+ }
+
+ public void testSetUserProfileWithApproval() throws Exception
+ {
+ setUpWithWorkflow();
+
+ // First, count the number of users in the db now.
+ int oldUserCount = m_db.getWikiNames().length;
+
+ // Create a new user with random name
+ WikiSession session = m_engine.guestSession();
+ String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "testuser@testville.com" );
+ profile.setLoginName( loginName );
+ profile.setFullname( "FullName"+loginName );
+ profile.setPassword( "password");
+
+ // Because user profile saves require approvals, we will catch a Redirect
+ try
+ {
+ m_mgr.setUserProfile( session, profile );
+ fail( "We should have caught a DecisionRequiredException caused by approval!" );
+ }
+ catch ( DecisionRequiredException e )
+ {
+ }
+
+ // The user should NOT be saved yet
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+
+ // Now, look in Admin's queue, and verify there's a pending Decision there
+ DecisionQueue dq = m_engine.getWorkflowManager().getDecisionQueue();
+ Collection decisions = dq.getActorDecisions( m_engine.adminSession() );
+ assertEquals( 1, decisions.size() );
+
+ // Verify that the Decision has all the facts and attributes we need
+ Decision d = (Decision)decisions.iterator().next();
+ List facts = d.getFacts();
+ assertEquals( new Fact( UserManager.PREFS_FULL_NAME, profile.getFullname() ), facts.get(0) );
+ assertEquals( new Fact( UserManager.PREFS_LOGIN_NAME, profile.getLoginName() ), facts.get(1) );
+ assertEquals( new Fact( UserManager.FACT_SUBMITTER, session.getUserPrincipal().getName() ), facts.get(2) );
+ assertEquals( new Fact( UserManager.PREFS_EMAIL, profile.getEmail() ), facts.get(3) );
+ assertEquals( profile, d.getWorkflow().getAttribute( UserManager.SAVED_PROFILE ) );
+
+ // Approve the profile
+ d.decide( Outcome.DECISION_APPROVE );
+
+ // Make sure the profile saved successfully
+ assertEquals( oldUserCount+1, m_db.getWikiNames().length );
+
+ // Now delete the profile; should be back to old count
+ m_db.deleteByLoginName( loginName );
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+ }
+
+ public void testSetUserProfileWithDenial() throws Exception
+ {
+ setUpWithWorkflow();
+
+ // First, count the number of users in the db now.
+ int oldUserCount = m_db.getWikiNames().length;
+
+ // Create a new user with random name
+ WikiSession session = m_engine.guestSession();
+ String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "testuser@testville.com" );
+ profile.setLoginName( loginName );
+ profile.setFullname( "FullName"+loginName );
+ profile.setPassword( "password");
+
+ // Because user profile saves require approvals, we will catch a Redirect
+ try
+ {
+ m_mgr.setUserProfile( session, profile );
+ fail( "We should have caught a DecisionRequiredException caused by approval!" );
+ }
+ catch ( DecisionRequiredException e )
+ {
+ }
+
+ // The user should NOT be saved yet
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+
+ // Now, look in Admin's queue, and verify there's a pending Decision there
+ DecisionQueue dq = m_engine.getWorkflowManager().getDecisionQueue();
+ Collection decisions = dq.getActorDecisions( m_engine.adminSession() );
+ assertEquals( 1, decisions.size() );
+
+ // Verify that the Decision has all the facts and attributes we need
+ Decision d = (Decision)decisions.iterator().next();
+ List facts = d.getFacts();
+ assertEquals( new Fact( UserManager.PREFS_FULL_NAME, profile.getFullname() ), facts.get(0) );
+ assertEquals( new Fact( UserManager.PREFS_LOGIN_NAME, profile.getLoginName() ), facts.get(1) );
+ assertEquals( new Fact( UserManager.FACT_SUBMITTER, session.getUserPrincipal().getName() ), facts.get(2) );
+ assertEquals( new Fact( UserManager.PREFS_EMAIL, profile.getEmail() ), facts.get(3) );
+ assertEquals( profile, d.getWorkflow().getAttribute( UserManager.SAVED_PROFILE ) );
+
+ // Approve the profile
+ d.decide( Outcome.DECISION_DENY );
+
+ // Make sure the profile did NOT save
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+ }
+
+ public void testSetCollidingUserProfile() throws Exception
+ {
+ // First, count the number of users in the db now.
+ int oldUserCount = m_db.getWikiNames().length;
+
+ // Create a new user with random name
+ WikiSession session = m_engine.guestSession();
+ String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+ UserProfile profile = new DefaultUserProfile();
+ profile.setEmail( "testuser@testville.com" );
+ profile.setLoginName( loginName );
+ profile.setFullname( "FullName"+loginName );
+ profile.setPassword( "password");
+
+ // Set the login name to collide with Janne's: should prohibit saving
+ profile.setLoginName( "janne" );
+ try
+ {
+ m_mgr.setUserProfile( session, profile );
+ fail( "UserManager allowed saving of user with login name 'janne', but it shouldn't have." );
+ }
+ catch ( DuplicateUserException e )
+ {
+ // Good! That's what we expected; reset for next test
+ profile.setLoginName( loginName );
+ }
+
+ // Set the login name to collide with Janne's: should prohibit saving
+ profile.setFullname( "Janne Jalkanen" );
+ try
+ {
+ m_mgr.setUserProfile( session, profile );
+ fail( "UserManager allowed saving of user with login name 'janne', but it shouldn't have." );
+ }
+ catch ( DuplicateUserException e )
+ {
+ // Good! That's what we expected
+ }
+
+ // There shouldn't have been any users added
+ assertEquals( oldUserCount, m_db.getWikiNames().length );
+ }
+
+}
Propchange: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,26 @@
+package com.ecyrd.jspwiki.auth;
+
+public class Users
+{
+
+ public static final String ADMIN = "admin";
+ public static final String ADMIN_PASS = "myP@5sw0rd";
+
+ public static final String ALICE = "Alice";
+ public static final String ALICE_PASS = "password";
+
+ public static final String BOB = "Bob";
+ public static final String BOB_PASS = "password";
+
+ public static final String CHARLIE = "Charlie";
+ public static final String CHARLIE_PASS = "password";
+
+ public static final String FRED = "Fred";
+ public static final String FRED_PASS = "password";
+
+ public static final String BIFF = "Biff";
+ public static final String BIFF_PASS = "password";
+
+ public static final String JANNE = "janne";
+ public static final String JANNE_PASS = "myP@5sw0rd";
+}
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,113 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+package com.ecyrd.jspwiki.auth.acl;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import com.ecyrd.jspwiki.auth.acl.AclEntryImpl;
+import com.ecyrd.jspwiki.auth.permissions.PagePermission;
+import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
+
+public class AclEntryImplTest
+ extends TestCase
+{
+ AclEntryImpl m_ae;
+
+ public AclEntryImplTest( String s )
+ {
+ super( s );
+ }
+
+ public void setUp()
+ {
+ m_ae = new AclEntryImpl();
+ }
+
+ public void tearDown()
+ {
+ }
+
+ public void testAddPermission()
+ {
+ m_ae.addPermission( PagePermission.VIEW );
+
+ assertTrue( "no permission", m_ae.checkPermission( PagePermission.VIEW ) );
+ assertFalse( "permission found", m_ae.checkPermission( PagePermission.EDIT ) );
+ }
+
+
+ public void testAddPermission2()
+ {
+ m_ae.addPermission( PagePermission.VIEW );
+ m_ae.addPermission( PagePermission.EDIT );
+
+ assertTrue( "no editpermission", m_ae.checkPermission( PagePermission.EDIT ) );
+ assertTrue( "no viewpermission", m_ae.checkPermission( PagePermission.VIEW ) );
+ }
+
+ public void testAddPermission3()
+ {
+ m_ae.addPermission( PagePermission.COMMENT );
+
+ assertFalse( "has edit permission", m_ae.checkPermission( PagePermission.EDIT ) );
+ }
+
+ public void testAddPermission4()
+ {
+ m_ae.addPermission( PagePermission.EDIT );
+
+ assertTrue( "has comment permission", m_ae.checkPermission( PagePermission.COMMENT ) );
+ }
+
+ public void testAddPermission5()
+ {
+ m_ae.addPermission( PagePermission.VIEW );
+
+ assertTrue( "has view all", m_ae.checkPermission( PagePermission.VIEW ) );
+ assertTrue( "has view on single page", m_ae.checkPermission( PermissionFactory.getPagePermission( "mywiki:SamplePage", "view" ) ) );
+ }
+
+ public void testRemovePermission()
+ {
+ m_ae.addPermission( PagePermission.VIEW );
+ m_ae.addPermission( PagePermission.EDIT );
+
+ assertTrue( "has edit permission", m_ae.checkPermission( PagePermission.EDIT ) );
+ assertTrue( "has view permission", m_ae.checkPermission( PagePermission.VIEW ) );
+
+ m_ae.removePermission( PagePermission.EDIT );
+
+ assertFalse( "no edit permission", m_ae.checkPermission( PagePermission.EDIT ) );
+ assertTrue( "has view permission", m_ae.checkPermission( PagePermission.VIEW ) );
+ }
+
+ public void testDefaults()
+ {
+ assertFalse( "elements", m_ae.permissions().hasMoreElements() );
+ assertNull( "principal", m_ae.getPrincipal() );
+ }
+
+ public static Test suite()
+ {
+ return new TestSuite( AclEntryImplTest.class );
+ }
+}
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,239 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+package com.ecyrd.jspwiki.auth.acl;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiEngine;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.WikiSessionTest;
+import com.ecyrd.jspwiki.auth.GroupPrincipal;
+import com.ecyrd.jspwiki.auth.WikiPrincipal;
+import com.ecyrd.jspwiki.auth.acl.AclEntry;
+import com.ecyrd.jspwiki.auth.acl.AclEntryImpl;
+import com.ecyrd.jspwiki.auth.acl.AclImpl;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.auth.permissions.PagePermission;
+
+public class AclImplTest extends TestCase
+{
+ private AclImpl m_acl;
+
+ private AclImpl m_aclGroup;
+
+ private Map<String,Group> m_groups;
+
+ private GroupManager m_groupMgr;
+
+ private WikiSession m_session;
+
+ public AclImplTest( String s )
+ {
+ super( s );
+ }
+
+ /**
+ * We setup the following rules: Alice = may view Bob = may view, may edit
+ * Charlie = may view Dave = may view, may comment groupAcl: FooGroup =
+ * Alice, Bob - may edit BarGroup = Bob, Charlie - may view
+ */
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ Properties props = new Properties();
+ props.load( TestEngine.findTestProperties() );
+ TestEngine engine = new TestEngine( props );
+ m_groupMgr = engine.getGroupManager();
+ m_session = WikiSessionTest.adminSession( engine );
+
+ m_acl = new AclImpl();
+ m_aclGroup = new AclImpl();
+ m_groups = new HashMap<String,Group>();
+ Principal uAlice = new WikiPrincipal( "Alice" );
+ Principal uBob = new WikiPrincipal( "Bob" );
+ Principal uCharlie = new WikiPrincipal( "Charlie" );
+ Principal uDave = new WikiPrincipal( "Dave" );
+
+ // Alice can view
+ AclEntry ae = new AclEntryImpl();
+ ae.addPermission( PagePermission.VIEW );
+ ae.setPrincipal( uAlice );
+
+ // Charlie can view
+ AclEntry ae2 = new AclEntryImpl();
+ ae2.addPermission( PagePermission.VIEW );
+ ae2.setPrincipal( uCharlie );
+
+ // Bob can view and edit (and by implication, comment)
+ AclEntry ae3 = new AclEntryImpl();
+ ae3.addPermission( PagePermission.VIEW );
+ ae3.addPermission( PagePermission.EDIT );
+ ae3.setPrincipal( uBob );
+
+ // Dave can view and comment
+ AclEntry ae4 = new AclEntryImpl();
+ ae4.addPermission( PagePermission.VIEW );
+ ae4.addPermission( PagePermission.COMMENT );
+ ae4.setPrincipal( uDave );
+
+ // Create ACL with Alice, Bob, Charlie, Dave
+ m_acl.addEntry( ae );
+ m_acl.addEntry( ae2 );
+ m_acl.addEntry( ae3 );
+ m_acl.addEntry( ae4 );
+
+ // Foo group includes Alice and Bob
+ Group foo = m_groupMgr.parseGroup( "FooGroup", "", true );
+ m_groupMgr.setGroup( m_session, foo );
+ foo.add( uAlice );
+ foo.add( uBob );
+ AclEntry ag1 = new AclEntryImpl();
+ ag1.setPrincipal( foo.getPrincipal() );
+ ag1.addPermission( PagePermission.EDIT );
+ m_aclGroup.addEntry( ag1 );
+ m_groups.put( "FooGroup", foo );
+
+ // Bar group includes Bob and Charlie
+ Group bar = m_groupMgr.parseGroup( "BarGroup", "", true );
+ m_groupMgr.setGroup( m_session, bar );
+ bar.add( uBob );
+ bar.add( uCharlie );
+ AclEntry ag2 = new AclEntryImpl();
+ ag2.setPrincipal( bar.getPrincipal() );
+ ag2.addPermission( PagePermission.VIEW );
+ m_aclGroup.addEntry( ag2 );
+ m_groups.put( "BarGroup", bar );
+ }
+
+ public void tearDown() throws Exception
+ {
+ m_groupMgr.removeGroup( "FooGroup" );
+ m_groupMgr.removeGroup( "BarGroup" );
+ }
+
+ private boolean inArray( Object[] array, Object key )
+ {
+ for( int i = 0; i < array.length; i++ )
+ {
+ if ( array[i].equals( key ) )
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private boolean inGroup( Object[] array, Principal key )
+ {
+ for( int i = 0; i < array.length; i++ )
+ {
+ if ( array[i] instanceof GroupPrincipal )
+ {
+ String groupName = ((GroupPrincipal)array[i]).getName();
+ Group group = m_groups.get( groupName );
+ if ( group != null && group.isMember( key ) )
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ public void testAlice()
+ {
+ // Alice should be able to view but not edit or comment
+ Principal wup = new WikiPrincipal( "Alice" );
+ assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertFalse( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertFalse( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+ }
+
+ public void testBob()
+ {
+ // Bob should be able to view, edit, and comment but not delete
+ Principal wup = new WikiPrincipal( "Bob" );
+ assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertTrue( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertTrue( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "delete", inArray( m_acl.findPrincipals( PagePermission.DELETE ), wup ) );
+ }
+
+ public void testCharlie()
+ {
+ // Charlie should be able to view, but not edit, comment or delete
+ Principal wup = new WikiPrincipal( "Charlie" );
+ assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertFalse( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertFalse( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "delete", inArray( m_acl.findPrincipals( PagePermission.DELETE ), wup ) );
+ }
+
+ public void testDave()
+ {
+ // Dave should be able to view and comment but not edit or delete
+ Principal wup = new WikiPrincipal( "Dave" );
+ assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertFalse( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertTrue( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "delete", inArray( m_acl.findPrincipals( PagePermission.DELETE ), wup ) );
+ }
+
+ public void testGroups()
+ {
+ Principal wup = new WikiPrincipal( "Alice" );
+ assertTrue( "Alice view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertTrue( "Alice edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertTrue( "Alice comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "Alice delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+
+ wup = new WikiPrincipal( "Bob" );
+ assertTrue( "Bob view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertTrue( "Bob edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertTrue( "Bob comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "Bob delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+
+ wup = new WikiPrincipal( "Charlie" );
+ assertTrue( "Charlie view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertFalse( "Charlie edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertFalse( "Charlie comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "Charlie delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+
+ wup = new WikiPrincipal( "Dave" );
+ assertFalse( "Dave view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+ assertFalse( "Dave edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+ assertFalse( "Dave comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+ assertFalse( "Dave delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+ }
+
+ public static Test suite()
+ {
+ return new TestSuite( AclImplTest.class );
+ }
+}
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,24 @@
+package com.ecyrd.jspwiki.auth.acl;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class AllTests extends TestCase
+{
+ public AllTests( String s )
+ {
+ super( s );
+ }
+
+ public static Test suite()
+ {
+ TestSuite suite = new TestSuite("ACL tests");
+
+ suite.addTest( AclEntryImplTest.suite() );
+ suite.addTest( AclImplTest.suite() );
+ suite.addTest( DefaultAclManagerTest.suite() );
+
+ return suite;
+ }
+}