You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2008/10/06 13:16:07 UTC
svn commit: r702100 [1/2] - in
/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security:
./ src/main/java/org/apache/jetspeed/security/util/test/
src/test/java/org/apache/jetspeed/security/
src/test/java/org/apache/jetspeed...
Author: ate
Date: Mon Oct 6 04:16:06 2008
New Revision: 702100
URL: http://svn.apache.org/viewvc?rev=702100&view=rev
Log:
Fix most / important Security testcases for the new Security api and model.
Delete testcases which are no long representative
Disable a few less important testcases for now (to be renabled/fixed later)
Added:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestSubjectHelper.java (contents, props changed)
- copied, changed from r701391, portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestSecurityHelper.java
Removed:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestAggregationHierarchy.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestAuthenticationProviderProxy.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGeneralizationHierarchy.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestSecurityHelper.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestCredentialHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestGroupSecurityHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestPasswordCredentialProvider.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestRoleSecurityHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestSecurityMappingHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestUserSecurityHandler.java
Modified:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/pom.xml
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/test/AbstractSecurityTestcase.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestPermissionManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicy.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRoleManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestUserManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestCredentialPasswordEncoder.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestPasswordExpirationAndMaxAuthenticationFailuresInterceptor.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/spi/TestPasswordHistoryInterceptor.java
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/pom.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/pom.xml?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/pom.xml (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/pom.xml Mon Oct 6 04:16:06 2008
@@ -132,9 +132,9 @@
<configuration>
<excludes>
<exclude>**/spi/ldap/**.java</exclude>
- <exclude>**/TestSecurityMappingHandler.java</exclude>
- <exclude>**/TestGeneralizationHierarchy.java</exclude>
- <exclude>**/TestAggregationHierarchy.java</exclude>
+ <exclude>**/spi/TestDefaultJetspeedSynchronizer.java</exclude>
+ <exclude>**/spi/TestPasswordHistoryInterceptor.java</exclude>
+ <exclude>**/spi/TestPasswordExpirationAndMaxAuthenticationFailuresInterceptor.java</exclude>
</excludes>
</configuration>
</plugin>
@@ -156,7 +156,7 @@
<resources>
<resource>
<path>assembly</path>
- <include>transaction.xml,cache.xml,security-*.xml,boot/datasource.xml</include>
+ <include>transaction.xml,cache.xml,security-*.xml,static-bean-references.xml,boot/datasource.xml</include>
</resource>
<resource>
<path>db-ojb</path>
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/test/AbstractSecurityTestcase.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/test/AbstractSecurityTestcase.java?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/test/AbstractSecurityTestcase.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/util/test/AbstractSecurityTestcase.java Mon Oct 6 04:16:06 2008
@@ -16,6 +16,7 @@
*/
package org.apache.jetspeed.security.util.test;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
@@ -25,14 +26,14 @@
import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.components.util.DatasourceEnabledSpringTestCase;
-import org.apache.jetspeed.security.AuthenticationProvider;
-import org.apache.jetspeed.security.Group;
import org.apache.jetspeed.security.GroupManager;
+import org.apache.jetspeed.security.JetspeedPermission;
+import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.PermissionManager;
-import org.apache.jetspeed.security.Role;
import org.apache.jetspeed.security.RoleManager;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
+import org.apache.jetspeed.security.SecurityException;
/**
* @author <a href="mailto:sweaver@einnovation.com">Scott T. Weaver </a>
@@ -62,10 +63,6 @@
super.setUp();
-
- // Security Providers.
- AuthenticationProvider atnProvider = (AuthenticationProvider) scm.getComponent("org.apache.jetspeed.security.AuthenticationProvider");
-
ums = (UserManager) scm.getComponent("org.apache.jetspeed.security.UserManager");
gms = (GroupManager) scm.getComponent("org.apache.jetspeed.security.GroupManager");
rms = (RoleManager) scm.getComponent("org.apache.jetspeed.security.RoleManager");
@@ -74,8 +71,18 @@
pms = (PermissionManager) scm.getComponent("org.apache.jetspeed.security.PermissionManager");
new JetspeedActions(new String[] {"secure"}, new String[] {});
+
+ destroyPrincipals();
+ destroyPermissions();
}
+ protected void tearDown() throws Exception
+ {
+ destroyPrincipals();
+ destroyPermissions();
+ super.tearDown();
+ }
+
/**
* Returns subject's principals of type claz
*
@@ -83,33 +90,46 @@
* @param claz
* @return Returns subject's principals of type claz
*/
- protected Collection getPrincipals(Subject subject, Class claz)
+ protected Collection<Principal> getPrincipals(Subject subject, Class<? extends Principal> claz)
{
- List principals = new ArrayList();
- for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();)
+ List<Principal> principals = new ArrayList<Principal>();
+ for (Iterator<Principal> iter = subject.getPrincipals().iterator(); iter.hasNext();)
{
- Object element = iter.next();
+ Principal element = iter.next();
if (claz.isInstance(element))
principals.add(element);
}
return principals;
}
+
+ protected User addUser(String name, String password) throws SecurityException
+ {
+ User user = ums.addUser(name);
+ PasswordCredential credential = ums.getPasswordCredential(user);
+ credential.setPassword(password, false);
+ ums.storePasswordCredential(credential);
+ return user;
+ }
+
+ protected String getBeanDefinitionFilterCategories()
+ {
+ return "security,transaction,cache,jdbcDS";
+ }
protected String[] getConfigurations()
{
//String[] confs = super.getConfigurations();
- List confList = new ArrayList(); //Arrays.asList(confs));
+ List<String> confList = new ArrayList<String>(); //Arrays.asList(confs));
confList.add("security-atn.xml");
confList.add("security-atz.xml");
confList.add("security-managers.xml");
confList.add("security-providers.xml");
confList.add("security-spi.xml");
confList.add("security-spi-atn.xml");
- confList.add("security-spi-atz.xml");
- confList.add("security-attributes.xml");
confList.add("transaction.xml");
confList.add("cache.xml");
+ confList.add("static-bean-references.xml");
return (String[]) confList.toArray(new String[1]);
}
@@ -120,21 +140,35 @@
*/
protected void destroyPrincipals() throws Exception
{
- Collection<User> users = this.ums.getUsers("");
- for (User user : users)
+ for (String name : ums.getUserNames(null))
+ {
+ ums.removeUser(name);
+ }
+ for (String name : rms.getRoleNames(null))
{
- ums.removeUser(user.getName());
+ // because of possible dependent roles already been deleted through a parent deletion,
+ // first check if it still exists
+ if (rms.roleExists(name))
+ {
+ rms.removeRole(name);
+ }
}
- Collection<Role> roles = this.rms.getRoles("");
- for (Role role : roles)
+ for (String name : gms.getGroupNames(null))
{
- rms.removeRole(role.getName());
+ // because of possible dependent groups already been deleted through a parent deletion,
+ // first check if it still exists
+ if (gms.groupExists(name))
+ {
+ gms.removeGroup(name);
+ }
}
- Collection<Group> groups = this.gms.getGroups("");
- for (Group group : groups)
+ }
+
+ protected void destroyPermissions() throws Exception
+ {
+ for (JetspeedPermission p : pms.getPermissions())
{
- gms.removeGroup(group.getName());
+ pms.removePermission(p);
}
}
-
}
\ No newline at end of file
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestGroupManager.java Mon Oct 6 04:16:06 2008
@@ -16,13 +16,13 @@
*/
package org.apache.jetspeed.security;
-import java.security.Principal;
-import java.util.Collection;
+import java.util.List;
+
+import javax.security.auth.Subject;
import junit.framework.Test;
import junit.framework.TestSuite;
-import org.apache.jetspeed.security.impl.GroupImpl;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
@@ -35,25 +35,6 @@
*/
public class TestGroupManager extends AbstractSecurityTestcase
{
-
- /**
- * @see junit.framework.TestCase#setUp()
- */
- protected void setUp() throws Exception
- {
- super.setUp();
- }
-
- /**
- * @see junit.framework.TestCase#tearDown()
- */
- public void tearDown() throws Exception
- {
- destroyPrincipals();
- super.tearDown();
-
- }
-
public static Test suite()
{
// All methods starting with "test" will be executed in the test suite.
@@ -92,16 +73,6 @@
catch (SecurityException sex)
{
}
-
- // Cleanup test.
- try
- {
- gms.removeGroup("testgroup");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove group. exception caught: " + sex, false);
- }
}
/**
@@ -127,8 +98,8 @@
try
{
gms.addUserToGroup("anonuser1", "testusertogroup1.group1");
- Collection principals = ums.getSubject(ums.getUser("anonuser1")).getPrincipals();
- assertTrue("anonuser1 should contain testusertogroup1.group1", principals.contains(new GroupImpl("testusertogroup1.group1")));
+ Subject subject = ums.getSubject(ums.getUser("anonuser1"));
+ assertTrue("anonuser1 should contain testusertogroup1.group1", SubjectHelper.getPrincipal(subject, Group.class, "testusertogroup1.group1") != null);
}
catch (SecurityException sex)
{
@@ -138,8 +109,8 @@
try
{
gms.addUserToGroup("anonuser1", "testusertogroup1.group2");
- Collection principals = ums.getSubject(ums.getUser("anonuser1")).getPrincipals();
- assertTrue("anonuser1 should contain testusertogroup1.group2", principals.contains(new GroupImpl("testusertogroup1.group2")));
+ Subject subject = ums.getSubject(ums.getUser("anonuser1"));
+ assertTrue("anonuser1 should contain testusertogroup1.group2", SubjectHelper.getPrincipal(subject, Group.class, "testusertogroup1.group2") != null);
}
catch (SecurityException sex)
{
@@ -163,17 +134,6 @@
catch (SecurityException sex)
{
}
-
- // Cleanup test.
- try
- {
- ums.removeUser("anonuser1");
- gms.removeGroup("testusertogroup1");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and group. exception caught: " + sex, false);
- }
}
/**
@@ -181,54 +141,38 @@
* Test remove group.
* </p>
*/
- public void testRemoveGroup()
+ public void testRemoveGroup() throws Exception
{
// Init test.
- try
- {
- ums.addUser("anonuser2");
- gms.addGroup("testgroup1");
- gms.addGroup("testgroup1.group1");
- gms.addGroup("testgroup1.group2");
- gms.addGroup("testgroup2");
- gms.addGroup("testgroup2.group1");
- gms.addUserToGroup("anonuser2", "testgroup1.group1");
- gms.addUserToGroup("anonuser2", "testgroup1.group2");
- gms.addUserToGroup("anonuser2", "testgroup2.group1");
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testRemoveGroup(), " + sex, false);
- }
+ User user = ums.addUser("anonuser2");
+ Group group1 = gms.addGroup("testgroup1");
+ Group group11 = gms.addGroup("testgroup1.group1");
+ Group group12 = gms.addGroup("testgroup1.group2");
+ Group group2 = gms.addGroup("testgroup2");
+ Group group21 = gms.addGroup("testgroup2.group1");
+ gms.addGroupToGroup(group11, group1, JetspeedPrincipalAssociationType.IS_A);
+ gms.addGroupToGroup(group12, group1, JetspeedPrincipalAssociationType.IS_A);
+ gms.addGroupToGroup(group21, group2, JetspeedPrincipalAssociationType.IS_A);
+ gms.addUserToGroup("anonuser2", "testgroup1.group1");
+ gms.addUserToGroup("anonuser2", "testgroup1.group2");
+ gms.addUserToGroup("anonuser2", "testgroup2.group1");
try
{
- gms.removeGroup("testgroup1.group1");
- Collection principals = ums.getSubject(ums.getUser("anonuser2")).getPrincipals();
- // because of hierarchical groups with generalization strategy as default. Was 5 groups + 1 user, should now be 5
- // (4 groups + 1 user).
+ gms.removeGroup("testgroup1.group1");
+ Subject subject = ums.getSubject(user);
+ // because of hierarchical groups with generalization strategy as default. Was 5 groups + 2 users (including UserSubjectPrincipal), should now be 6
+ // (4 groups + 2 users).
assertEquals(
- "principal size should be == 3 after removing testgroup1.group1, for principals: " + principals.toString(),
- 3,
- principals.size());
- assertFalse("anonuser2 should not contain testgroup1.group1", principals.contains(new GroupImpl("testgroup1.group1")));
+ "principal size should be == 6 after removing testgroup1.group1, for principals: " + subject.getPrincipals(),
+ 6,
+ subject.getPrincipals().size());
+ assertTrue("anonuser2 should not contain testgroup1.group1", SubjectHelper.getPrincipal(subject, Group.class, "testgroup1.group1") == null);
}
catch (SecurityException sex)
{
assertTrue("should remove group. exception caught: " + sex, false);
}
-
- // Cleanup test.
- try
- {
- ums.removeUser("anonuser2");
- gms.removeGroup("testgroup1");
- gms.removeGroup("testgroup2");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and group. exception caught: " + sex, false);
- }
}
/**
@@ -260,16 +204,6 @@
}
assertNotNull("group is null", group);
assertEquals("expected group principal full path == testgetgroup", "testgetgroup", group.getName());
-
- // Cleanup test.
- try
- {
- gms.removeGroup("testgetgroup");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove group. exception caught: " + sex, false);
- }
}
/**
@@ -299,7 +233,7 @@
try
{
- Collection groups = gms.getGroupsForUser("anonuser2");
+ List<Group> groups = gms.getGroupsForUser("anonuser2");
// Default hierarchy used in by generalization.
assertEquals("groups size should be == 3", 3, groups.size());
}
@@ -307,18 +241,6 @@
{
assertTrue("user exists. should not have thrown an exception: " + sex, false);
}
-
- // Cleanup test.
- try
- {
- ums.removeUser("anonuser2");
- gms.removeGroup("testgroup1");
- gms.removeGroup("testgroup2");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and group. exception caught: " + sex, false);
- }
}
/**
@@ -346,24 +268,13 @@
try
{
- Collection groups = gms.getGroupsInRole("testuserrolemapping");
+ List<Group> groups = gms.getGroupsInRole("testuserrolemapping");
assertEquals("groups size should be == 3", 3, groups.size());
}
catch (SecurityException sex)
{
assertTrue("role exists. should not have thrown an exception: " + sex, false);
}
-
- // Cleanup test.
- try
- {
- rms.removeRole("testuserrolemapping");
- gms.removeGroup("testrolegroupmapping");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove role and group. exception caught: " + sex, false);
- }
}
/**
@@ -389,24 +300,13 @@
try
{
gms.removeUserFromGroup("anonuser4", "testgroup1.group1");
- Collection groups = gms.getGroupsForUser("anonuser4");
+ List<Group> groups = gms.getGroupsForUser("anonuser4");
assertEquals("groups size should be == 0", 0, groups.size());
}
catch (SecurityException sex)
{
assertTrue("user exists. should not have thrown an exception: " + sex, false);
}
-
- // Cleanup test.
- try
- {
- ums.removeUser("anonuser4");
- gms.removeGroup("testgroup1");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and group. exception caught: " + sex, false);
- }
}
/**
@@ -438,17 +338,6 @@
{
assertTrue("user and group exist. should not have thrown an exception: " + sex, false);
}
-
- // Cleanup test.
- try
- {
- ums.removeUser("anonuser4");
- gms.removeGroup("testgroup1");
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and group. exception caught: " + sex, false);
- }
}
/**
@@ -460,34 +349,9 @@
*/
public void testGetGroups() throws Exception
{
- int groupCount = 0;
- int groupAdded = 0;
- Collection<Group> groups = gms.getGroups("");
- for (Group group : groups)
- {
- System.out.println("Group is " + group);
- groupCount++;
- }
-
- ums.addUser("notme");
gms.addGroup("g1");
gms.addGroup("g2");
gms.addGroup("g3");
- groupAdded = 3;
- int count = 0;
- groups = gms.getGroups("");
- for (Group group : groups)
- {
- System.out.println("Group is " + group);
- count++;
- }
- ums.removeUser("notme");
- gms.removeGroup("g1");
- gms.removeGroup("g2");
- gms.removeGroup("g3");
- assertTrue("group count should be " + (groupAdded + groupCount), count == (groupAdded + groupCount));
-
+ assertTrue("group count should be 3", 3 == gms.getGroups(null).size());
}
-
-
}
\ No newline at end of file
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestLoginModule.java Mon Oct 6 04:16:06 2008
@@ -18,6 +18,7 @@
import java.security.Principal;
+import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -25,7 +26,6 @@
import junit.framework.TestSuite;
import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
-import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
@@ -56,58 +56,34 @@
}
}
- /**
- * @see junit.framework.TestCase#tearDown()
- */
- public void tearDown() throws Exception
- {
- destroyUserObject();
- super.tearDown();
-
- }
-
public static Test suite()
{
// All methods starting with "test" will be executed in the test suite.
return new TestSuite(TestLoginModule.class);
}
- public void testLogin() throws LoginException
+ public void testLogin() throws Exception
{
- loginContext.login();
- Principal found = SecurityHelper.getPrincipal(loginContext.getSubject(), UserPrincipal.class);
- assertNotNull("found principal is null", found);
- assertTrue("found principal should be anonlogin, " + found.getName(), found.getName().equals((new UserPrincipalImpl("anonlogin")).getName()));
+ loginContext.login();
+ Subject subject = loginContext.getSubject();
+ Principal found = SubjectHelper.getPrincipal(loginContext.getSubject(), User.class);
+ assertNotNull("found principal is null, subject: "+subject, found);
+ assertTrue("found principal should be anonlogin, " + found.getName(), found.getName().equals("anonlogin"));
}
public void testLogout() throws LoginException
{
loginContext.login();
loginContext.logout();
- Principal found = SecurityHelper.getBestPrincipal(loginContext.getSubject(), UserPrincipal.class);
+ Principal found = SubjectHelper.getBestPrincipal(loginContext.getSubject(), User.class);
assertNull("found principal is not null", found);
}
/**
* <p>Initialize user test object.</p>
*/
- protected void initUserObject()
- {
- try
- {
- ums.addUser("anonlogin", "password");
- }
- catch (SecurityException sex)
- {
- }
- }
-
- /**
- * <p>Destroy user test object.</p>
- */
- protected void destroyUserObject() throws Exception
+ protected void initUserObject() throws SecurityException
{
- ums.removeUser("anonlogin");
+ addUser("anonlogin", "password");
}
-
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestPermissionManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestPermissionManager.java?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestPermissionManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestPermissionManager.java Mon Oct 6 04:16:06 2008
@@ -16,31 +16,24 @@
*/
package org.apache.jetspeed.security;
-import java.lang.reflect.Constructor;
import java.security.AccessControlException;
+import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.Principal;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
import java.util.Collections;
-import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
-import java.util.Vector;
import javax.security.auth.Subject;
import junit.framework.Test;
import junit.framework.TestSuite;
-import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
-import org.apache.jetspeed.security.impl.RolePrincipalImpl;
-import org.apache.jetspeed.security.impl.UserPrincipalImpl;
-import org.apache.jetspeed.security.om.InternalPermission;
-import org.apache.jetspeed.security.spi.impl.PortletPermission;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
@@ -50,32 +43,6 @@
*/
public class TestPermissionManager extends AbstractSecurityTestcase
{
- private static final Comparator principalComparator = new Comparator()
- {
- public int compare(Object arg0, Object arg1)
- {
- return (((Principal)arg0).getName().compareTo(((Principal)arg1).getName()));
- }
- };
-
- /**
- * @see junit.framework.TestCase#setUp()
- */
- protected void setUp() throws Exception
- {
- super.setUp();
- destroyPermissions();
- }
-
- /**
- * @see junit.framework.TestCase#tearDown()
- */
- public void tearDown() throws Exception
- {
- destroyPermissions();
- super.tearDown();
- }
-
public static Test suite()
{
// All methods starting with "test" will be executed in the test suite.
@@ -88,31 +55,19 @@
//////////////////////////////////////////////////////////////////////////
// setup
////////////
- UserPrincipal adminUser = new UserPrincipalImpl("adminTEST");
- UserPrincipal userUser = new UserPrincipalImpl("userTEST");
- PortletPermission adminPerm = new PortletPermission("adminTEST::*", "view, edit");
- PortletPermission userPerm = new PortletPermission("demoTEST::*", "view, edit");
- RolePrincipal adminRole = new RolePrincipalImpl("adminTEST");
- RolePrincipal userRole = new RolePrincipalImpl("userTEST");
-
- try
- {
- ums.addUser(adminUser.getName(), "password");
- ums.addUser(userUser.getName(), "password");
- rms.addRole(adminRole.getName());
- rms.addRole(userRole.getName());
- rms.addRoleToUser(adminUser.getName(), adminRole.getName());
- rms.addRoleToUser(userUser.getName(), userRole.getName());
- rms.addRoleToUser(adminUser.getName(), userRole.getName());
- pms.addPermission(adminPerm);
- pms.addPermission(userPerm);
- pms.grantPermission(adminRole, adminPerm);
- pms.grantPermission(userRole, userPerm);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testRemovePrincipalPermissions(), " + sex, false);
- }
+ User adminUser = ums.addUser("adminTEST");
+ User userUser = ums.addUser("userTEST");
+ Role adminRole = rms.addRole("adminTEST");
+ Role userRole = rms.addRole("userTEST");
+ JetspeedPermission adminPerm = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "adminTEST::*", "view, edit");
+ JetspeedPermission userPerm = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "demoTEST::*", "view, edit");
+ rms.addRoleToUser(adminUser.getName(), adminRole.getName());
+ rms.addRoleToUser(userUser.getName(), userRole.getName());
+ rms.addRoleToUser(adminUser.getName(), userRole.getName());
+ pms.addPermission(adminPerm);
+ pms.addPermission(userPerm);
+ pms.grantPermission(adminPerm, adminRole);
+ pms.grantPermission(userPerm, userRole);
//////////////////////////////////////////////////////////////////////////
// Run Test
@@ -135,46 +90,16 @@
{
Subject adminSubject = new Subject(true, adminPrincipals, adminPublicCredentials, adminPrivateCredentials);
Subject userSubject = new Subject(true, userPrincipals, userPublicCredentials, userPrivateCredentials);
-
- boolean access = pms.checkPermission(adminSubject, adminPerm);
- assertTrue("access to admin Perm should be granted to Admin ", access);
-
- access = pms.checkPermission(adminSubject, userPerm);
- assertTrue("access to user should NOT be granted to Admin ", access);
-
- access = pms.checkPermission(userSubject, userPerm);
- assertTrue("access to User Perm should be granted to User ", access);
-
- access = pms.checkPermission(userSubject, adminPerm);
- assertFalse("access to Admin Perm should NOT be granted to User ", access);
+ assertTrue("access to admin Perm should be granted to Admin ", checkPermission(adminSubject, adminPerm));
+ assertTrue("access to user should NOT be granted to Admin ", checkPermission(adminSubject, userPerm));
+ assertTrue("access to User Perm should be granted to User ", checkPermission(userSubject, userPerm));
+ assertFalse("access to Admin Perm should NOT be granted to User ", checkPermission(userSubject, adminPerm));
}
catch (AccessControlException e)
{
fail("failed permission check");
}
- finally
- {
- //////////////////////////////////////////////////////////////////////////
- // cleanup
- ////////////
- try
- {
- ums.removeUser(adminUser.getName());
- ums.removeUser(userUser.getName());
- rms.removeRole(adminRole.getName());
- rms.removeRole(userRole.getName());
-
- pms.removePermission(adminPerm);
- pms.removePermission(userPerm);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
- }
-
-
}
public void testPermissionCheck()
@@ -183,33 +108,22 @@
//////////////////////////////////////////////////////////////////////////
// setup
////////////
- UserPrincipal user = new UserPrincipalImpl("test");
- PortletPermission perm1 = new PortletPermission("PortletOne", "view, edit");
- PortletPermission perm2 = new PortletPermission("PortletTwo", "view");
- PortletPermission perm3 = new PortletPermission("PortletThree", "view");
- PortletPermission perm3a = new PortletPermission("PortletThreeA", "view, edit");
- RolePrincipal role1 = new RolePrincipalImpl("Role1");
- RolePrincipal role2 = new RolePrincipalImpl("Role2");
-
- try
- {
- ums.addUser(user.getName(), "password");
- rms.addRole(role1.getName());
- rms.addRole(role2.getName());
- rms.addRoleToUser(user.getName(), role1.getName());
- rms.addRoleToUser(user.getName(), role2.getName());
- pms.addPermission(perm1);
- pms.addPermission(perm2);
- pms.addPermission(perm3);
- pms.addPermission(perm3a);
- pms.grantPermission(user, perm1);
- pms.grantPermission(role1, perm2);
- pms.grantPermission(role2, perm3);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testRemovePrincipalPermissions(), " + sex, false);
- }
+ User user = ums.addUser("test");
+ Role role1 = rms.addRole("Role1");
+ Role role2 = rms.addRole("Role2");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "PortletOne", "view, edit");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "PortletTwo", "view");
+ JetspeedPermission perm3 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "PortletThree", "view");
+ JetspeedPermission perm3a = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "PortletThreeA", "view, edit");
+ rms.addRoleToUser(user.getName(), role1.getName());
+ rms.addRoleToUser(user.getName(), role2.getName());
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.addPermission(perm3);
+ pms.addPermission(perm3a);
+ pms.grantPermission(perm1, user);
+ pms.grantPermission(perm2, role1);
+ pms.grantPermission(perm3, role2);
//////////////////////////////////////////////////////////////////////////
// Run Test
@@ -224,64 +138,31 @@
try
{
Subject subject = new Subject(true, principals, publicCredentials, privateCredentials);
- boolean access = pms.checkPermission(subject, perm1);
- assertTrue("access to perm1 should be granted ", access);
- access = pms.checkPermission(subject, perm2);
- assertTrue("access to perm2 should be granted ", access);
- access = pms.checkPermission(subject, perm3);
- assertTrue("access to perm3 should be granted ", access);
- access = pms.checkPermission(subject, perm3a);
- assertFalse("access to perm3a should be denied ", access);
+ assertTrue("access to perm1 should be granted ", checkPermission(subject, perm1));
+ assertTrue("access to perm2 should be granted ", checkPermission(subject, perm2));
+ assertTrue("access to perm3 should be granted ", checkPermission(subject, perm3));
+ assertFalse("access to perm3a should be denied ", checkPermission(subject, perm3a));
}
catch (AccessControlException e)
{
fail("failed permission check");
}
- finally
- {
- //////////////////////////////////////////////////////////////////////////
- // cleanup
- ////////////
- try
- {
- ums.removeUser(user.getName());
- rms.removeRole(role1.getName());
- rms.removeRole(role2.getName());
- pms.removePermission(perm1);
- pms.removePermission(perm2);
- pms.removePermission(perm3);
- pms.removePermission(perm3a);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
- }
-
-
}
/**
* <p>Test remove principal and associated permissions.</p>
*/
- public void testRemovePrincipalPermissions()
+ public void testRemovePrincipalPermissions() throws Exception
{
// Init test.
- UserPrincipal user = new UserPrincipalImpl("test");
- PortletPermission perm = new PortletPermission("anontestportlet", "view, edit");
- try
- {
- ums.addUser(user.getName(), "password");
- pms.addPermission(perm);
- pms.grantPermission(user, perm);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testRemovePrincipalPermissions(), " + sex, false);
- }
+ User user = ums.addUser("test");
+ JetspeedPermission perm = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet", "view, edit");
+ pms.addPermission(perm);
+ pms.grantPermission(perm, user);
+
try
{
- pms.removePermissions(user);
+ pms.revokeAllPermissions(user);
Permissions permissions = pms.getPermissions(user);
assertEquals(
"permissions should be empty for user " + user.getName(),
@@ -292,45 +173,18 @@
{
assertTrue("could not remove permission. exception caught: " + sex, false);
}
- // Cleanup test.
- try
- {
- ums.removeUser(user.getName());
- pms.removePermission(perm);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
}
/**
* <p>Test remove permission.</p>
*/
- public void testPermissionExists()
+ public void testPermissionExists() throws Exception
{
- PortletPermission perm1 = new PortletPermission("removepermission1", "view, edit, secure, minimized, maximized");
- PortletPermission perm2 = new PortletPermission("removepermission2", "view, edit, minimized, maximized");
- try
- {
- pms.addPermission(perm1);
- assertTrue(pms.permissionExists(perm1));
- }
- catch (SecurityException sex)
- {
- assertTrue("could not add permission, " + sex, false);
- }
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "removepermission1", "view, edit, secure, minimized, maximized");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "removepermission2", "view, edit, minimized, maximized");
+ pms.addPermission(perm1);
+ assertTrue(pms.permissionExists(perm1));
assertFalse(pms.permissionExists(perm2));
-
- // Cleanup test.
- try
- {
- pms.removePermission(perm1);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove permission. exception caught: " + sex, false);
- }
}
/**
@@ -339,20 +193,20 @@
public void testRemovePermission()
{
// Init test.
- UserPrincipal user = new UserPrincipalImpl("removepermission");
- RolePrincipal role = new RolePrincipalImpl("removepermissionrole");
- PortletPermission perm1 = new PortletPermission("removepermission1", "view, edit, secure, minimized, maximized");
- PortletPermission perm2 = new PortletPermission("removepermission2", "view, edit, minimized, maximized");
+ User user = null;
+ Role role = null;
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "removepermission1", "view, edit, secure, minimized, maximized");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "removepermission2", "view, edit, minimized, maximized");
try
{
- ums.addUser(user.getName(), "password");
- rms.addRole(role.getName());
+ user = ums.addUser("removepermission");
+ role = rms.addRole("removepermissionrole");
pms.addPermission(perm1);
pms.addPermission(perm2);
- pms.grantPermission(user, perm1);
- pms.grantPermission(user, perm2);
- pms.grantPermission(role, perm1);
- pms.grantPermission(role, perm2);
+ pms.grantPermission(perm1, user);
+ pms.grantPermission(perm2, user);
+ pms.grantPermission(perm1, role);
+ pms.grantPermission(perm2, role);
}
catch (SecurityException sex)
{
@@ -361,7 +215,7 @@
try
{
pms.removePermission(perm1);
- Permissions permCol1 = pms.getPermissions(new UserPrincipalImpl("removepermission"));
+ Permissions permCol1 = pms.getPermissions(user);
assertTrue(
"should only contain permission == {name = "
+ perm2.getName()
@@ -370,7 +224,7 @@
+ "}, in collection of size == 1, actual size: "
+ (Collections.list(permCol1.elements())).size(),
validatePermissions(permCol1, perm2, 1));
- Permissions permCol2 = pms.getPermissions(new RolePrincipalImpl("removepermissionrole"));
+ Permissions permCol2 = pms.getPermissions(role);
assertTrue(
"should only contain permission == {name = "
+ perm2.getName()
@@ -384,58 +238,33 @@
{
assertTrue("could not remove permission. exception caught: " + sex, false);
}
- // Cleanup test.
- try
- {
- ums.removeUser(user.getName());
- pms.removePermission(perm1);
- pms.removePermission(perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
}
/**
* <p>Test grant permission to principal.</p>
*/
- public void testGrantPermission()
+ public void testGrantPermission() throws Exception
{
// Init test.
- UserPrincipal user1 = new UserPrincipalImpl("testgrantpermission1");
- UserPrincipal user2 = new UserPrincipalImpl("testgrantpermission2");
- PortletPermission perm1 = new PortletPermission("testportlet", "view, minimized, secure");
- PortletPermission perm2 = new PortletPermission("testportlet", "view, minimized, maximized, secure");
- try
- {
- ums.addUser(user2.getName(), "password");
- pms.addPermission(perm1);
- pms.addPermission(perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testGrantPermission(), " + sex, false);
- }
+ User user1 = ums.newTransientUser("testgrantpermission1");
+ User user2 = ums.addUser ("testgrantpermission2");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "testportlet", "view, minimized, secure");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "testportlet2", "view, minimized, maximized, secure");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
// Test permission for new permission and new principal (does not exist).
try
{
- pms.grantPermission(user1, perm1);
+ pms.grantPermission(perm1, user1);
assertTrue("principal does not exist. should have caught exception.", false);
}
catch (SecurityException sex)
{
}
- // Test insert new permission and existing principal.
- try
- {
- pms.grantPermission(user2, perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("principal does not exist. caught exception, " + sex, false);
- }
+ // Grant permission to existing principal.
+ pms.grantPermission(perm2, user2);
+
Permissions permCol1 = pms.getPermissions(user2);
assertTrue(
"should contain permission == {name = "
@@ -445,15 +274,9 @@
+ "}, in collection of size == 1, actual size: "
+ (Collections.list(permCol1.elements())).size(),
validatePermissions(permCol1, perm2, 1));
- // Test insert duplicate permission for same principal
- try
- {
- pms.grantPermission(user2, perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("principal does not exist. caught exception, " + sex, false);
- }
+
+ // Test grant duplicate permission for same principal
+ pms.grantPermission(perm2, user2);
Permissions permCol2 = pms.getPermissions(user2);
assertTrue(
"should contain permission == {name = "
@@ -463,41 +286,21 @@
+ "}, in collection of size == 1, actual size: "
+ (Collections.list(permCol2.elements())).size(),
validatePermissions(permCol2, perm2, 1));
-
- // Cleanup test.
- try
- {
- ums.removeUser(user2.getName());
- pms.removePermission(perm1);
- pms.removePermission(perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
}
/**
* <p>Test get permissions from a principal.</p>
*/
- public void testGetPrincipalPermissions()
+ public void testGetPrincipalPermissions() throws Exception
{
// Init test.
- UserPrincipal user = new UserPrincipalImpl("anon");
- PortletPermission perm1 = new PortletPermission("anontestportlet", "view");
- PortletPermission perm2 = new PortletPermission("anontestportlet", "view, edit");
- try
- {
- ums.addUser(user.getName(), "password");
- pms.addPermission(perm1);
- pms.addPermission(perm2);
- pms.grantPermission(user, perm1);
- pms.grantPermission(user, perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testGetPrincipalPermissions(), " + sex, false);
- }
+ User user = ums.addUser("anon");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet", "view");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet2", "view, edit");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.grantPermission(perm1, user);
+ pms.grantPermission(perm2, user);
Permissions permissions = pms.getPermissions(user);
assertTrue(
@@ -516,68 +319,39 @@
+ "}, in collection of size == 2, actual size: "
+ (Collections.list(permissions.elements())).size(),
validatePermissions(permissions, perm2, 2));
-
- // Cleanup test.
- try
- {
- ums.removeUser(user.getName());
- pms.removePermission(perm1);
- pms.removePermission(perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
}
/**
* <p>Test get permissions from a collection of principals.</p>
*/
- public void testGetPermissions()
+ public void testGetPermissions() throws Exception
{
// Init test.
- UserPrincipal user = new UserPrincipalImpl("anon");
- RolePrincipal role1 = new RolePrincipalImpl("anonrole1");
- RolePrincipal role2 = new RolePrincipalImpl("anonrole2");
- GroupPrincipal group1 = new GroupPrincipalImpl("anongroup1");
- GroupPrincipal group2 = new GroupPrincipalImpl("anongroup2");
- PortletPermission perm1 = new PortletPermission("anontestportlet", "view");
- PortletPermission perm2 = new PortletPermission("anontestportlet", "view, edit");
- PortletPermission perm3 = new PortletPermission("anontestportlet", "view, edit, secure");
- PortletPermission perm4 = new PortletPermission("anontestportlet", "view, edit, secure, minimized");
- try
- {
- ums.addUser(user.getName(), "password");
- rms.addRole(role1.getName());
- rms.addRole(role2.getName());
- gms.addGroup(group1.getName());
- gms.addGroup(group2.getName());
- pms.addPermission(perm1);
- pms.addPermission(perm2);
- pms.addPermission(perm3);
- pms.addPermission(perm4);
- pms.grantPermission(role1, perm1);
- pms.grantPermission(role2, perm1);
- pms.grantPermission(role2, perm2);
- pms.grantPermission(role2, perm3);
- pms.grantPermission(role2, perm4);
- pms.grantPermission(group1, perm1);
- pms.grantPermission(group2, perm1);
- pms.grantPermission(group2, perm2);
- pms.grantPermission(group2, perm3);
- pms.grantPermission(group2, perm4);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testGetPrincipalPermissions(), " + sex, false);
- }
+ User user = ums.addUser("anon");
+ Role role1 = rms.addRole("anonrole1");
+ Role role2 = rms.addRole("anonrole2");
+ Group group1 = gms.addGroup("anongroup1");
+ Group group2 = gms.addGroup("anongroup2");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet", "view");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet2", "view, edit");
+ JetspeedPermission perm3 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet3", "view, edit, secure");
+ JetspeedPermission perm4 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "anontestportlet4", "view, edit, secure, minimized");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.addPermission(perm3);
+ pms.addPermission(perm4);
+ pms.grantPermission(perm1, role1);
+ pms.grantPermission(perm1, role2);
+ pms.grantPermission(perm2, role2);
+ pms.grantPermission(perm3, role2);
+ pms.grantPermission(perm4, role2);
+ pms.grantPermission(perm1, group1);
+ pms.grantPermission(perm1, group2);
+ pms.grantPermission(perm2, group2);
+ pms.grantPermission(perm3, group2);
+ pms.grantPermission(perm4, group2);
- ArrayList<Principal> principals = new ArrayList<Principal>();
- principals.add(user);
- principals.add(role1);
- principals.add(role2);
- principals.add(group1);
- principals.add(group2);
+ Principal[] principals = new Principal[]{user,role1,role2,group1,group2};
Permissions permissions = pms.getPermissions(principals);
assertTrue(
"should contain permission == {name = "
@@ -611,46 +385,24 @@
+ "}, in collection of size == 4, actual size: "
+ (Collections.list(permissions.elements())).size(),
validatePermissions(permissions, perm4, 4));
-
- // Cleanup test.
- try
- {
- ums.removeUser(user.getName());
- pms.removePermission(perm1);
- pms.removePermission(perm2);
- pms.removePermission(perm3);
- pms.removePermission(perm4);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user. exception caught: " + sex, false);
- }
}
/**
* <p>Test revoke permission.</p>
*/
- public void testRevokePermission()
+ public void testRevokePermission() throws Exception
{
// Init test.
- UserPrincipal user = new UserPrincipalImpl("revokepermission");
- PortletPermission perm1 = new PortletPermission("revokepermission1", "view, edit, minimized, maximized");
- PortletPermission perm2 = new PortletPermission("revokepermission2", "view, edit, minimized, maximized");
- try
- {
- ums.addUser(user.getName(), "password");
- pms.addPermission(perm1);
- pms.addPermission(perm2);
- pms.grantPermission(user, perm1);
- pms.grantPermission(user, perm2);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testRevokePermission(), " + sex, false);
- }
+ User user = ums.addUser("revokepermission");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "revokepermission1", "view, edit, minimized, maximized");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "revokepermission2", "view, edit, minimized, maximized");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.grantPermission(perm1, user);
+ pms.grantPermission(perm2, user);
try
{
- pms.revokePermission(user, perm2);
+ pms.revokePermission(perm2, user);
Permissions permCol = pms.getPermissions(user);
assertTrue(
"should only contain permission == {name = "
@@ -665,18 +417,29 @@
{
assertTrue("could not revoke permission. esception caught: " + sex, false);
}
- // Cleanup test.
+ }
+
+ private boolean checkPermission(Subject subject, final JetspeedPermission permission)
+ {
try
{
- ums.removeUser(user.getName());
- pms.removePermission(perm1);
- pms.removePermission(perm2);
+ JSSubject.doAsPrivileged(subject, new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ AccessController.checkPermission((Permission)permission);
+ return null;
+ }
+ }, null);
}
- catch (SecurityException sex)
+ catch (Exception e)
{
- assertTrue("could not remove user. exception caught: " + sex, false);
+ return false;
}
+ return true;
}
+
+
/**
* <p>Validate whether permission belongs to permissions and whether the permissions
@@ -686,7 +449,7 @@
* @param size The permissions expected size.
* @return
*/
- private boolean validatePermissions(Permissions permissions, Permission permission, int size)
+ private boolean validatePermissions(Permissions permissions, JetspeedPermission permission, int size)
{
Enumeration<Permission> permissionEnums = permissions.elements();
boolean hasPermission = false;
@@ -704,72 +467,34 @@
return validated;
}
- /**
- * <p>Destroy permission test objects.</p>
- */
- protected void destroyPermissions() throws Exception
- {
- this.destroyPrincipals();
- for (InternalPermission ip : pms.getInternalPermissions())
- {
- Class permissionClass = Class.forName(ip.getClassname());
- Class[] parameterTypes = { String.class, String.class };
- Constructor permissionConstructor = permissionClass.getConstructor(parameterTypes);
- Object[] initArgs = { ip.getName(), ip.getActions() };
- Permission permission = (Permission) permissionConstructor.newInstance(initArgs);
- pms.removePermission(permission);
- }
- }
-
- public void testUpdatePermission()
+ public void testUpdatePermission() throws Exception
{
// Init test.
- RolePrincipal role1 = new RolePrincipalImpl("role1");
- RolePrincipal role2 = new RolePrincipalImpl("role2");
- RolePrincipal role3 = new RolePrincipalImpl("role3");
- RolePrincipal role4 = new RolePrincipalImpl("role4");
- PortletPermission perm1 = new PortletPermission("testportlet", "view");
- try
- {
- rms.addRole(role1.getName());
- rms.addRole(role2.getName());
- rms.addRole(role3.getName());
- rms.addRole(role4.getName());
- pms.addPermission(perm1);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to init testUpdatePermission(), " + sex, false);
- }
+ Role role1 = rms.addRole("role1");
+ Role role2 = rms.addRole("role2");
+ Role role3 = rms.addRole("role3");
+ Role role4 = rms.addRole("role4");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "testportlet", "view");
+ pms.addPermission(perm1);
// Grant 1 and 2
- try
- {
- pms.grantPermission(role1, perm1);
- pms.grantPermission(role2, perm1);
- }
- catch (SecurityException sex)
- {
- assertTrue("failed to grant on testUpdatePermission. caught exception, " + sex, false);
- }
+ pms.grantPermission(perm1, role1);
+ pms.grantPermission(perm1, role2);
- Collection<Principal> principals = pms.getPrincipals(perm1);
+ List<JetspeedPrincipal> principals = pms.getPrincipals(perm1);
assertTrue("principal count should be 2 ", principals.size() == 2);
- Object [] array = principals.toArray();
- Arrays.sort(array, principalComparator);
- assertTrue("element is Principal ", array[0] instanceof Principal);
- assertTrue("first element not found ", ((Principal)array[0]).getName().equals("role1"));
- assertTrue("second element not found ", ((Principal)array[1]).getName().equals("role2"));
-
+ // PermissionManager returns a list sorted by [type,name]
+ assertTrue("first element should be [role1] but found ["+principals.get(0).getName()+"]", principals.get(0).getName().equals("role1"));
+ assertTrue("second element should be [role2] but found ["+principals.get(1).getName()+"]", principals.get(1).getName().equals("role2"));
// Try to update collection
try
{
- Collection<Principal> roles = new Vector<Principal>();
+ List<JetspeedPrincipal> roles = new ArrayList<JetspeedPrincipal>();
roles.add(role1);
roles.add(role3);
roles.add(role4);
- pms.updatePermission(perm1, roles);
+ pms.grantPermissionOnlyTo(perm1, roles);
}
catch (SecurityException sex)
{
@@ -777,25 +502,10 @@
}
principals = pms.getPrincipals(perm1);
assertTrue("principal count should be 3 ", principals.size() == 3);
- array = principals.toArray();
- Arrays.sort(array, principalComparator);
- assertTrue("first element should be [role1] but found ["+((Principal)array[0]).getName()+"]", ((Principal)array[0]).getName().equals("role1"));
- assertTrue("second element not found ", ((Principal)array[1]).getName().equals("role3"));
- assertTrue("third element not found ", ((Principal)array[2]).getName().equals("role4"));
-
- // Cleanup test.
- try
- {
- rms.removeRole(role1.getName());
- rms.removeRole(role2.getName());
- rms.removeRole(role3.getName());
- rms.removeRole(role4.getName());
- pms.removePermission(perm1);
- }
- catch (SecurityException sex)
- {
- assertTrue("could not remove user and permission. exception caught: " + sex, false);
- }
+ // PermissionManager returns a list sorted by [type,name]
+ assertTrue("first element should be [role1] but found ["+principals.get(0).getName()+"]", principals.get(0).getName().equals("role1"));
+ assertTrue("second element should be [role3] but found ["+principals.get(1).getName()+"]", principals.get(1).getName().equals("role3"));
+ assertTrue("third element should be [role4] but found ["+principals.get(2).getName()+"]", principals.get(2).getName().equals("role4"));
}
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicy.java?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicy.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicy.java Mon Oct 6 04:16:06 2008
@@ -18,6 +18,7 @@
import java.security.AccessControlException;
import java.security.AccessController;
+import java.security.Permission;
import java.security.Policy;
import java.security.PrivilegedAction;
@@ -28,8 +29,6 @@
import junit.framework.TestSuite;
import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
-import org.apache.jetspeed.security.impl.UserPrincipalImpl;
-import org.apache.jetspeed.security.spi.impl.PortletPermission;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
@@ -84,7 +83,6 @@
le.printStackTrace();
assertTrue("\t\t[TestRdbmsPolicy] Failed to tear down test.", false);
}
- destroyUser();
super.tearDown();
}
@@ -162,11 +160,11 @@
// InternalPermission should be granted.
try
{
- JSSubject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- PortletPermission perm1 = new PortletPermission("myportlet", "view");
+ Permission perm1 = (Permission)pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "myportlet", "view");
System.out.println("\t\t[TestRdbmsPolicy] Check access control for permission: [myportlet, view]");
System.out.println("\t\t with policy: " + Policy.getPolicy().getClass().getName());
AccessController.checkPermission(perm1);
@@ -182,11 +180,11 @@
// Should be denied.
try
{
- JSSubject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- PortletPermission perm2 = new PortletPermission("myportlet", "secure");
+ Permission perm2 = (Permission)pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "myportlet", "secure");
System.out.println("\t\t[TestRdbmsPolicy] Check access control for permission: [myportlet, secure]");
System.out.println("\t\t with policy: " + Policy.getPolicy().getClass().getName());
AccessController.checkPermission(perm2);
@@ -218,45 +216,16 @@
* Initialize user test object.
* </p>
*/
- protected void initUser()
+ protected void initUser() throws SecurityException
{
- try
- {
- ums.addUser("anon", "password");
- }
- catch (SecurityException sex)
- {
- }
- UserPrincipal user = new UserPrincipalImpl("anon");
- PortletPermission perm1 = new PortletPermission("myportlet", "view");
- PortletPermission perm2 = new PortletPermission("myportlet", "view, edit");
- try
- {
- pms.addPermission(perm1);
- pms.addPermission(perm2);
-
- pms.grantPermission(user, perm1);
- pms.grantPermission(user, perm2);
- }
- catch (SecurityException sex)
- {
- sex.printStackTrace();
- }
- }
+
+ User user = addUser("anon", "password");
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "myportlet", "view");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.PORTLET_PERMISSION, "myportlet2", "view, edit");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
- /**
- * <p>
- * Destroy user test object.
- * </p>
- */
- protected void destroyUser() throws Exception
- {
- ums.removeUser("anon");
- // Remove permissions.
- PortletPermission perm1 = new PortletPermission("myportlet", "view");
- PortletPermission perm2 = new PortletPermission("myportlet", "view, edit");
- pms.removePermission(perm1);
- pms.removePermission(perm2);
+ pms.grantPermission(perm1, user);
+ pms.grantPermission(perm2, user);
}
-
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java?rev=702100&r1=702099&r2=702100&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java Mon Oct 6 04:16:06 2008
@@ -18,6 +18,7 @@
import java.security.AccessControlException;
import java.security.AccessController;
+import java.security.Permission;
import java.security.PrivilegedAction;
import javax.security.auth.login.LoginContext;
@@ -28,8 +29,6 @@
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
-import org.apache.jetspeed.security.spi.impl.BaseJetspeedPermission;
-import org.apache.jetspeed.security.spi.impl.FolderPermission;
import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
/**
@@ -82,7 +81,6 @@
le.printStackTrace();
assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to tear down test.", false);
}
- destroyUser();
super.tearDown();
}
@@ -101,12 +99,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/test.xml", "edit");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/test.xml", "edit");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -119,12 +117,12 @@
// Should be denied.
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm2 = new FolderPermission.Factory().newPermission("/files/test.xml", "secure");
- AccessController.checkPermission(perm2);
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/test.xml", "secure");
+ AccessController.checkPermission((Permission)perm2);
return null;
}
});
@@ -144,12 +142,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/subfolder1/test.xml", "view");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder1/test.xml", "view");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -162,12 +160,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/subfolder1/foo", "view");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder1/foo", "view");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -179,12 +177,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/subfolder1/foo/anotherdoc.xml", "view");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder1/foo/anotherdoc.xml", "view");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -197,12 +195,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/subfolder2/test.xml", "view");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder2/test.xml", "view");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -215,12 +213,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/subfolder2/foo", "view");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder2/foo", "view");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -232,12 +230,12 @@
try
{
- JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction<Object>()
{
public Object run()
{
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/subfolder2/foo/anotherdoc.xml", "view");
- AccessController.checkPermission(perm1);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder2/foo/anotherdoc.xml", "view");
+ AccessController.checkPermission((Permission)perm1);
return null;
}
});
@@ -252,53 +250,19 @@
/**
* <p>Initialize user test object.</p>
*/
- protected void initUser()
+ protected void initUser() throws SecurityException
{
- User user = null;
- try
- {
- user = ums.addUser("anon", false);
- PasswordCredential pwc = ums.getPasswordCredential(user);
- pwc.setPassword(null, "password");
- ums.storePasswordCredential(pwc);
- }
- catch (SecurityException sex)
- {
- sex.printStackTrace();
- }
+ User user = addUser("anon","password");
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/test.xml", "edit");
- BaseJetspeedPermission perm2 = new FolderPermission.Factory().newPermission("/files/subfolder1/*", "view");
- BaseJetspeedPermission perm3 = new FolderPermission.Factory().newPermission("/files/subfolder2/-", "view");
- try
- {
- pms.addPermission(perm1);
- pms.addPermission(perm2);
- pms.addPermission(perm3);
-
- pms.grantPermission(user, perm1);
- pms.grantPermission(user, perm2);
- pms.grantPermission(user, perm3);
- }
- catch (SecurityException sex)
- {
- sex.printStackTrace();
- }
- }
-
- /**
- * <p>Destroy user test object.</p>
- */
- protected void destroyUser() throws Exception
- {
- ums.removeUser("anon");
-
- BaseJetspeedPermission perm1 = new FolderPermission.Factory().newPermission("/files/test.xml", "edit");
- BaseJetspeedPermission perm2 = new FolderPermission.Factory().newPermission("/files/subfolder1/*", "view");
- BaseJetspeedPermission perm3 = new FolderPermission.Factory().newPermission("/files/subfolder2/-", "view");
- pms.removePermission(perm1);
- pms.removePermission(perm2);
- pms.removePermission(perm3);
+ JetspeedPermission perm1 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/test.xml", "edit");
+ JetspeedPermission perm2 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder1/*", "view");
+ JetspeedPermission perm3 = pms.newPermission(PermissionFactory.FOLDER_PERMISSION, "/files/subfolder2/-", "view");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.addPermission(perm3);
+
+ pms.grantPermission(perm1, user);
+ pms.grantPermission(perm2, user);
+ pms.grantPermission(perm3, user);
}
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org