You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by jb...@apache.org on 2013/01/02 17:25:04 UTC
svn commit: r1427850 - in /syncope/trunk:
client/src/main/java/org/apache/syncope/client/to/
client/src/main/java/org/apache/syncope/services/
core/src/test/java/org/apache/syncope/core/rest/
Author: jbernhardt
Date: Wed Jan 2 16:25:04 2013
New Revision: 1427850
URL: http://svn.apache.org/viewvc?rev=1427850&view=rev
Log:
[SYNCOPE-259]
Introduces EntitlementService Interface and EntitlementServiceProxy which is used in Integration-Tests
Added:
syncope/trunk/client/src/main/java/org/apache/syncope/client/to/EntitlementTO.java
syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementService.java
syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementServiceProxy.java
syncope/trunk/client/src/main/java/org/apache/syncope/services/SpringServiceProxy.java
Modified:
syncope/trunk/client/src/main/java/org/apache/syncope/services/RoleServiceProxy.java
syncope/trunk/client/src/main/java/org/apache/syncope/services/UserServiceProxy.java
syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AbstractTest.java
syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
Added: syncope/trunk/client/src/main/java/org/apache/syncope/client/to/EntitlementTO.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/client/to/EntitlementTO.java?rev=1427850&view=auto
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/client/to/EntitlementTO.java (added)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/client/to/EntitlementTO.java Wed Jan 2 16:25:04 2013
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.to;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.XmlValue;
+
+@XmlRootElement
+@XmlType
+public class EntitlementTO implements Serializable {
+
+ private static final long serialVersionUID = 7233619557177034458L;
+
+ private String name;
+
+ public EntitlementTO() {
+ }
+
+ public EntitlementTO(String name) {
+ this.name = name;
+ }
+
+ /**
+ * @return the name
+ */
+ @XmlValue
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * @param name
+ * the name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((name == null)
+ ? 0
+ : name.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (!(obj instanceof EntitlementTO))
+ return false;
+ EntitlementTO other = (EntitlementTO) obj;
+ if (name == null) {
+ if (other.name != null)
+ return false;
+ } else if (!name.equals(other.name))
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ return "EntitlementTO [" + name + "]";
+ }
+
+}
Added: syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementService.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementService.java?rev=1427850&view=auto
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementService.java (added)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementService.java Wed Jan 2 16:25:04 2013
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.services;
+
+import java.util.Set;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+@Path("/entitlements")
+@RequestMapping("/auth")
+public interface EntitlementService {
+
+ @GET
+ @RequestMapping(method = RequestMethod.GET, value = "/allentitlements")
+ public abstract Set<String> getAllEntitlements();
+
+ @GET
+ @Path("/own")
+ @RequestMapping(method = RequestMethod.GET, value = "/entitlements")
+ public abstract Set<String> getMyEntitlements();
+
+}
\ No newline at end of file
Added: syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementServiceProxy.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementServiceProxy.java?rev=1427850&view=auto
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementServiceProxy.java (added)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/services/EntitlementServiceProxy.java Wed Jan 2 16:25:04 2013
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.services;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.springframework.web.client.RestTemplate;
+
+public class EntitlementServiceProxy extends SpringServiceProxy implements EntitlementService {
+
+ public EntitlementServiceProxy(String baseUrl, RestTemplate restTemplate) {
+ super(baseUrl, restTemplate);
+ }
+
+ @Override
+ public Set<String> getAllEntitlements() {
+ return new HashSet<String>(Arrays.asList(new RestTemplate().getForObject(
+ baseUrl + "auth/allentitlements.json", String[].class)));
+ }
+
+ @Override
+ public Set<String> getMyEntitlements() {
+ return new HashSet<String>(Arrays.asList(restTemplate.getForObject(baseUrl
+ + "auth/entitlements.json", String[].class)));
+ }
+
+}
Modified: syncope/trunk/client/src/main/java/org/apache/syncope/services/RoleServiceProxy.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/services/RoleServiceProxy.java?rev=1427850&r1=1427849&r2=1427850&view=diff
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/services/RoleServiceProxy.java (original)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/services/RoleServiceProxy.java Wed Jan 2 16:25:04 2013
@@ -26,14 +26,10 @@ import org.apache.syncope.client.search.
import org.apache.syncope.client.to.RoleTO;
import org.springframework.web.client.RestTemplate;
-public class RoleServiceProxy implements RoleService {
-
- RestTemplate restTemplate;
- private String baseUrl;
+public class RoleServiceProxy extends SpringServiceProxy implements RoleService {
public RoleServiceProxy(String baseUrl, RestTemplate restTemplate) {
- this.baseUrl = baseUrl;
- this.restTemplate = restTemplate;
+ super(baseUrl, restTemplate);
}
@Override
Added: syncope/trunk/client/src/main/java/org/apache/syncope/services/SpringServiceProxy.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/services/SpringServiceProxy.java?rev=1427850&view=auto
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/services/SpringServiceProxy.java (added)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/services/SpringServiceProxy.java Wed Jan 2 16:25:04 2013
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.services;
+
+import org.springframework.web.client.RestTemplate;
+
+public abstract class SpringServiceProxy {
+
+ protected RestTemplate restTemplate;
+
+ protected String baseUrl;
+
+ public SpringServiceProxy(String baseUrl, RestTemplate restTemplate) {
+ this.restTemplate = restTemplate;
+ this.baseUrl = baseUrl;
+ }
+}
Modified: syncope/trunk/client/src/main/java/org/apache/syncope/services/UserServiceProxy.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/services/UserServiceProxy.java?rev=1427850&r1=1427849&r2=1427850&view=diff
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/services/UserServiceProxy.java (original)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/services/UserServiceProxy.java Wed Jan 2 16:25:04 2013
@@ -35,13 +35,10 @@ import org.apache.syncope.client.to.User
import org.apache.syncope.client.to.WorkflowFormTO;
import org.springframework.web.client.RestTemplate;
-public class UserServiceProxy implements UserService {
- RestTemplate restTemplate;
- private String baseUrl;
+public class UserServiceProxy extends SpringServiceProxy implements UserService {
public UserServiceProxy(String baseUrl, RestTemplate restTemplate) {
- this.baseUrl = baseUrl;
- this.restTemplate = restTemplate;
+ super(baseUrl, restTemplate);
}
@Override
Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AbstractTest.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AbstractTest.java?rev=1427850&r1=1427849&r2=1427850&view=diff
==============================================================================
--- syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AbstractTest.java (original)
+++ syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AbstractTest.java Wed Jan 2 16:25:04 2013
@@ -25,6 +25,7 @@ import org.apache.http.impl.client.Defau
import org.apache.syncope.client.http.PreemptiveAuthHttpRequestFactory;
import org.apache.syncope.client.mod.AttributeMod;
import org.apache.syncope.client.to.AttributeTO;
+import org.apache.syncope.services.EntitlementServiceProxy;
import org.apache.syncope.services.RoleServiceProxy;
import org.apache.syncope.services.UserService;
import org.apache.syncope.services.UserServiceProxy;
@@ -74,9 +75,11 @@ public abstract class AbstractTest {
protected RestTemplate restTemplate;
protected UserService userService;
-
+
protected RoleServiceProxy roleService;
+ protected EntitlementServiceProxy entitlementService;
+
@Autowired
protected DataSource testDataSource;
@@ -99,5 +102,6 @@ public abstract class AbstractTest {
setupRestTemplate(ADMIN_UID, ADMIN_PWD);
userService = new UserServiceProxy(BASE_URL, restTemplate);
roleService = new RoleServiceProxy(BASE_URL, restTemplate);
+ entitlementService = new EntitlementServiceProxy(BASE_URL, restTemplate);
}
}
Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java?rev=1427850&r1=1427849&r2=1427850&view=diff
==============================================================================
--- syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java (original)
+++ syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java Wed Jan 2 16:25:04 2013
@@ -18,15 +18,16 @@
*/
package org.apache.syncope.core.rest;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
-import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
-import org.junit.Test;
-import org.springframework.http.HttpStatus;
-import org.springframework.web.client.HttpClientErrorException;
+
import org.apache.syncope.client.search.AttributeCond;
import org.apache.syncope.client.search.NodeCond;
import org.apache.syncope.client.to.AttributeTO;
@@ -39,398 +40,407 @@ import org.apache.syncope.client.validat
import org.apache.syncope.types.SchemaType;
import org.apache.syncope.types.SyncopeClientExceptionType;
import org.junit.FixMethodOrder;
+import org.junit.Test;
import org.junit.runners.MethodSorters;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.client.HttpClientErrorException;
@FixMethodOrder(MethodSorters.JVM)
public class AuthenticationTestITCase extends AbstractTest {
- @Test
- public void testAdminEntitlements() {
- // 1. as anonymous, read all available entitlements
- Set<String> allEntitlements = new HashSet<String>(Arrays.asList(anonymousRestTemplate().getForObject(
- BASE_URL + "auth/allentitlements.json", String[].class)));
- assertNotNull(allEntitlements);
- assertFalse(allEntitlements.isEmpty());
-
- // 2. as admin, read own entitlements
- super.resetRestTemplate();
-
- Set<String> adminEntitlements = new HashSet<String>(Arrays.asList(restTemplate.getForObject(BASE_URL
- + "auth/entitlements.json", String[].class)));
-
- assertEquals(allEntitlements, adminEntitlements);
- }
-
- @Test
- public void testUserSchemaAuthorization() {
- // 0. create a role that can only read schemas
- RoleTO authRoleTO = new RoleTO();
- authRoleTO.setName("authRole");
- authRoleTO.setParent(8L);
- authRoleTO.addEntitlement("SCHEMA_READ");
-
- authRoleTO = restTemplate.postForObject(BASE_URL + "role/create", authRoleTO, RoleTO.class);
- assertNotNull(authRoleTO);
-
- // 1. create a schema (as admin)
- SchemaTO schemaTO = new SchemaTO();
- schemaTO.setName("authTestSchema");
- schemaTO.setMandatoryCondition("false");
- schemaTO.setType(SchemaType.String);
-
- SchemaTO newSchemaTO = restTemplate.postForObject(BASE_URL + "schema/user/create", schemaTO, SchemaTO.class);
- assertEquals(schemaTO, newSchemaTO);
-
- // 2. create an user with the role created above (as admin)
- UserTO userTO = UserTestITCase.getSampleTO("auth@test.org");
-
- MembershipTO membershipTO = new MembershipTO();
- membershipTO.setRoleId(authRoleTO.getId());
- AttributeTO testAttributeTO = new AttributeTO();
- testAttributeTO.setSchema("testAttribute");
- testAttributeTO.addValue("a value");
- membershipTO.addAttribute(testAttributeTO);
- userTO.addMembership(membershipTO);
-
- userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
- assertNotNull(userTO);
-
- // 3. read the schema created above (as admin) - success
- schemaTO = restTemplate.getForObject(BASE_URL + "schema/user/read/authTestSchema.json", SchemaTO.class);
- assertNotNull(schemaTO);
-
- // 4. read the schema created above (as user) - success
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- schemaTO = restTemplate.getForObject(BASE_URL + "schema/user/read/authTestSchema.json", SchemaTO.class);
- assertNotNull(schemaTO);
-
- // 5. update the schema create above (as user) - failure
- HttpClientErrorException exception = null;
- try {
- restTemplate.postForObject(BASE_URL + "schema/role/update", schemaTO, SchemaTO.class);
- } catch (HttpClientErrorException e) {
- exception = e;
- }
- assertNotNull(exception);
- assertEquals(HttpStatus.FORBIDDEN, exception.getStatusCode());
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
-
- userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
-
- assertNotNull(userTO);
- assertNotNull(userTO.getLastLoginDate());
- assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
- }
-
- @Test
- public void testUserRead() {
- UserTO userTO = UserTestITCase.getSampleTO("testuserread@test.org");
-
- MembershipTO membershipTO = new MembershipTO();
- membershipTO.setRoleId(7L);
- AttributeTO testAttributeTO = new AttributeTO();
- testAttributeTO.setSchema("testAttribute");
- testAttributeTO.addValue("a value");
- membershipTO.addAttribute(testAttributeTO);
- userTO.addMembership(membershipTO);
-
- userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
- assertNotNull(userTO);
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- UserTO readUserTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, 1);
- assertNotNull(readUserTO);
-
- super.setupRestTemplate("user2", "password");
-
- SyncopeClientException exception = null;
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, 1);
- fail();
- } catch (SyncopeClientCompositeErrorException e) {
- exception = e.getException(SyncopeClientExceptionType.UnauthorizedRole);
- }
- assertNotNull(exception);
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
- }
-
- @Test
- public void testUserSearch() {
- UserTO userTO = UserTestITCase.getSampleTO("testusersearch@test.org");
-
- MembershipTO membershipTO = new MembershipTO();
- membershipTO.setRoleId(7L);
- AttributeTO testAttributeTO = new AttributeTO();
- testAttributeTO.setSchema("testAttribute");
- testAttributeTO.addValue("a value");
- membershipTO.addAttribute(testAttributeTO);
- userTO.addMembership(membershipTO);
-
- userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
- assertNotNull(userTO);
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- AttributeCond isNullCond = new AttributeCond(AttributeCond.Type.ISNOTNULL);
- isNullCond.setSchema("loginDate");
- NodeCond searchCondition = NodeCond.getLeafCond(isNullCond);
-
- List<UserTO> matchedUsers = Arrays.asList(restTemplate.postForObject(BASE_URL + "user/search", searchCondition,
- UserTO[].class));
- assertNotNull(matchedUsers);
- assertFalse(matchedUsers.isEmpty());
- Set<Long> userIds = new HashSet<Long>(matchedUsers.size());
- for (UserTO user : matchedUsers) {
- userIds.add(user.getId());
- }
- assertTrue(userIds.contains(1L));
-
- super.setupRestTemplate("user2", "password");
-
- matchedUsers =
- Arrays.asList(restTemplate.postForObject(BASE_URL + "user/search", searchCondition, UserTO[].class));
-
- assertNotNull(matchedUsers);
-
- userIds = new HashSet<Long>(matchedUsers.size());
-
- for (UserTO user : matchedUsers) {
- userIds.add(user.getId());
- }
- assertFalse(userIds.contains(1L));
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
- }
-
- @Test
- public void checkFailedLogins() {
- UserTO userTO = UserTestITCase.getSampleTO("checkFailedLogin@syncope.apache.org");
-
- MembershipTO membershipTO = new MembershipTO();
- membershipTO.setRoleId(7L);
- AttributeTO testAttributeTO = new AttributeTO();
- testAttributeTO.setSchema("testAttribute");
- testAttributeTO.addValue("a value");
- membershipTO.addAttribute(testAttributeTO);
- userTO.addMembership(membershipTO);
-
- userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
- assertNotNull(userTO);
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- UserTO readUserTO =
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
-
- assertNotNull(readUserTO);
- assertNotNull(readUserTO.getFailedLogins());
- assertEquals(Integer.valueOf(0), readUserTO.getFailedLogins());
-
- // authentications failed ...
-
- super.setupRestTemplate(userTO.getUsername(), "wrongpwd1");
-
- Throwable t = null;
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- assertNotNull(readUserTO);
- } catch (Exception e) {
- t = e;
- }
-
- assertNotNull(t);
- t = null;
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- assertNotNull(readUserTO);
- } catch (Exception e) {
- t = e;
- }
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
-
- readUserTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- assertNotNull(readUserTO);
- assertNotNull(readUserTO.getFailedLogins());
- assertEquals(Integer.valueOf(2), readUserTO.getFailedLogins());
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- readUserTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- assertNotNull(readUserTO);
- assertNotNull(readUserTO.getFailedLogins());
- assertEquals(Integer.valueOf(0), readUserTO.getFailedLogins());
- }
-
- @Test
- public void checkUserSuspension() {
- UserTO userTO = UserTestITCase.getSampleTO("checkSuspension@syncope.apache.org");
-
- MembershipTO membershipTO = new MembershipTO();
- membershipTO.setRoleId(7L);
- AttributeTO testAttributeTO = new AttributeTO();
- testAttributeTO.setSchema("testAttribute");
- testAttributeTO.addValue("a value");
- membershipTO.addAttribute(testAttributeTO);
- userTO.addMembership(membershipTO);
-
- userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
- assertNotNull(userTO);
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
-
- assertNotNull(userTO);
- assertNotNull(userTO.getFailedLogins());
- assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
-
- // authentications failed ...
-
- super.setupRestTemplate(userTO.getUsername(), "wrongpwd1");
-
- Throwable t = null;
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- } catch (Exception e) {
- t = e;
- }
-
- assertNotNull(t);
- t = null;
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- } catch (Exception e) {
- t = e;
- }
-
- assertNotNull(t);
- t = null;
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- } catch (Exception e) {
- t = e;
- }
-
- assertNotNull(t);
- t = null;
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
-
- userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
-
- assertNotNull(userTO);
- assertNotNull(userTO.getFailedLogins());
- assertEquals(Integer.valueOf(3), userTO.getFailedLogins());
-
- // last authentication before suspension
- super.setupRestTemplate(userTO.getUsername(), "wrongpwd1");
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- } catch (Exception e) {
- t = e;
- }
-
- assertNotNull(t);
- t = null;
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
-
- userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
-
- assertNotNull(userTO);
- assertNotNull(userTO.getFailedLogins());
- assertEquals(Integer.valueOf(3), userTO.getFailedLogins());
- assertEquals("suspended", userTO.getStatus());
-
- // check for authentication
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- try {
- restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
- assertNotNull(userTO);
- } catch (Exception e) {
- t = e;
- }
-
- assertNotNull(t);
- t = null;
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
-
- userTO = restTemplate.getForObject(BASE_URL + "user/reactivate/" + userTO.getId(), UserTO.class);
-
- assertNotNull(userTO);
- assertEquals("active", userTO.getStatus());
-
- super.setupRestTemplate(userTO.getUsername(), "password123");
-
- userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class, userTO.getId());
-
- assertNotNull(userTO);
- assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
- }
-
- @Test
- public void issueSYNCOPE48() {
- // Parent role, able to create users with role 1
- RoleTO parentRole = new RoleTO();
- parentRole.setName("parentAdminRole");
- parentRole.addEntitlement("USER_CREATE");
- parentRole.addEntitlement("ROLE_1");
- parentRole.setParent(1L);
-
- parentRole = restTemplate.postForObject(BASE_URL + "role/create", parentRole, RoleTO.class);
- assertNotNull(parentRole);
-
- // Child role, with no entitlements
- RoleTO childRole = new RoleTO();
- childRole.setName("childAdminRole");
- childRole.setParent(parentRole.getId());
-
- childRole = restTemplate.postForObject(BASE_URL + "role/create", childRole, RoleTO.class);
- assertNotNull(childRole);
-
- // User with child role, created by admin
- UserTO role1Admin = UserTestITCase.getSampleTO("syncope48admin@apache.org");
- role1Admin.setPassword("password");
- MembershipTO membershipTO = new MembershipTO();
- membershipTO.setRoleId(childRole.getId());
- role1Admin.addMembership(membershipTO);
-
- role1Admin = restTemplate.postForObject(BASE_URL + "user/create", role1Admin, UserTO.class);
- assertNotNull(role1Admin);
-
- super.setupRestTemplate(role1Admin.getUsername(), "password");
-
- // User with role 1, created by user with child role created above
- UserTO role1User = UserTestITCase.getSampleTO("syncope48user@apache.org");
- membershipTO = new MembershipTO();
- membershipTO.setRoleId(1L);
- role1User.addMembership(membershipTO);
-
- role1User = restTemplate.postForObject(BASE_URL + "user/create", role1User, UserTO.class);
- assertNotNull(role1User);
-
- // reset admin credentials for restTemplate
- super.resetRestTemplate();
- }
+ @Test
+ public void testAdminEntitlements() {
+ // 1. as anonymous, read all available entitlements
+ Set<String> allEntitlements = entitlementService.getAllEntitlements();
+ assertNotNull(allEntitlements);
+ assertFalse(allEntitlements.isEmpty());
+
+ // 2. as admin, read own entitlements
+ super.resetRestTemplate();
+
+ Set<String> adminEntitlements = entitlementService.getMyEntitlements();
+
+ assertEquals(allEntitlements, adminEntitlements);
+ }
+
+ @Test
+ public void testUserSchemaAuthorization() {
+ // 0. create a role that can only read schemas
+ RoleTO authRoleTO = new RoleTO();
+ authRoleTO.setName("authRole");
+ authRoleTO.setParent(8L);
+ authRoleTO.addEntitlement("SCHEMA_READ");
+
+ authRoleTO = roleService.create(authRoleTO);
+ assertNotNull(authRoleTO);
+
+ // 1. create a schema (as admin)
+ SchemaTO schemaTO = new SchemaTO();
+ schemaTO.setName("authTestSchema");
+ schemaTO.setMandatoryCondition("false");
+ schemaTO.setType(SchemaType.String);
+
+ SchemaTO newSchemaTO = restTemplate.postForObject(BASE_URL
+ + "schema/user/create", schemaTO, SchemaTO.class);
+ assertEquals(schemaTO, newSchemaTO);
+
+ // 2. create an user with the role created above (as admin)
+ UserTO userTO = UserTestITCase.getSampleTO("auth@test.org");
+
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(authRoleTO.getId());
+ AttributeTO testAttributeTO = new AttributeTO();
+ testAttributeTO.setSchema("testAttribute");
+ testAttributeTO.addValue("a value");
+ membershipTO.addAttribute(testAttributeTO);
+ userTO.addMembership(membershipTO);
+
+ userTO = userService.create(userTO);
+ assertNotNull(userTO);
+
+ // 3. read the schema created above (as admin) - success
+ schemaTO = restTemplate.getForObject(BASE_URL
+ + "schema/user/read/authTestSchema.json", SchemaTO.class);
+ assertNotNull(schemaTO);
+
+ // 4. read the schema created above (as user) - success
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ schemaTO = restTemplate.getForObject(BASE_URL
+ + "schema/user/read/authTestSchema.json", SchemaTO.class);
+ assertNotNull(schemaTO);
+
+ // 5. update the schema create above (as user) - failure
+ HttpClientErrorException exception = null;
+ try {
+ restTemplate.postForObject(BASE_URL + "schema/role/update",
+ schemaTO, SchemaTO.class);
+ } catch (HttpClientErrorException e) {
+ exception = e;
+ }
+ assertNotNull(exception);
+ assertEquals(HttpStatus.FORBIDDEN, exception.getStatusCode());
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+
+ userTO = userService.read(userTO.getId());
+
+ assertNotNull(userTO);
+ assertNotNull(userTO.getLastLoginDate());
+ assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
+ }
+
+ @Test
+ public void testUserRead() {
+ UserTO userTO = UserTestITCase.getSampleTO("testuserread@test.org");
+
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(7L);
+ AttributeTO testAttributeTO = new AttributeTO();
+ testAttributeTO.setSchema("testAttribute");
+ testAttributeTO.addValue("a value");
+ membershipTO.addAttribute(testAttributeTO);
+ userTO.addMembership(membershipTO);
+
+ userTO = userService.create(userTO);
+ assertNotNull(userTO);
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ UserTO readUserTO = userService.read(1L);
+ assertNotNull(readUserTO);
+
+ super.setupRestTemplate("user2", "password");
+
+ SyncopeClientException exception = null;
+ try {
+ userService.read(1L);
+ fail();
+ } catch (SyncopeClientCompositeErrorException e) {
+ exception = e
+ .getException(SyncopeClientExceptionType.UnauthorizedRole);
+ }
+ assertNotNull(exception);
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+ }
+
+ @Test
+ public void testUserSearch() {
+ UserTO userTO = UserTestITCase.getSampleTO("testusersearch@test.org");
+
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(7L);
+ AttributeTO testAttributeTO = new AttributeTO();
+ testAttributeTO.setSchema("testAttribute");
+ testAttributeTO.addValue("a value");
+ membershipTO.addAttribute(testAttributeTO);
+ userTO.addMembership(membershipTO);
+
+ userTO = userService.create(userTO);
+ assertNotNull(userTO);
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ AttributeCond isNullCond = new AttributeCond(
+ AttributeCond.Type.ISNOTNULL);
+ isNullCond.setSchema("loginDate");
+ NodeCond searchCondition = NodeCond.getLeafCond(isNullCond);
+
+ List<UserTO> matchedUsers = userService.search(searchCondition);
+ assertNotNull(matchedUsers);
+ assertFalse(matchedUsers.isEmpty());
+ Set<Long> userIds = new HashSet<Long>(matchedUsers.size());
+ for (UserTO user : matchedUsers) {
+ userIds.add(user.getId());
+ }
+ assertTrue(userIds.contains(1L));
+
+ super.setupRestTemplate("user2", "password");
+
+ matchedUsers = userService.search(searchCondition);
+
+ assertNotNull(matchedUsers);
+
+ userIds = new HashSet<Long>(matchedUsers.size());
+
+ for (UserTO user : matchedUsers) {
+ userIds.add(user.getId());
+ }
+ assertFalse(userIds.contains(1L));
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+ }
+
+ @Test
+ public void checkFailedLogins() {
+ UserTO userTO = UserTestITCase
+ .getSampleTO("checkFailedLogin@syncope.apache.org");
+
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(7L);
+ AttributeTO testAttributeTO = new AttributeTO();
+ testAttributeTO.setSchema("testAttribute");
+ testAttributeTO.addValue("a value");
+ membershipTO.addAttribute(testAttributeTO);
+ userTO.addMembership(membershipTO);
+
+ userTO = userService.create(userTO);
+ assertNotNull(userTO);
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ UserTO readUserTO = userService.read(userTO.getId());
+
+ assertNotNull(readUserTO);
+ assertNotNull(readUserTO.getFailedLogins());
+ assertEquals(Integer.valueOf(0), readUserTO.getFailedLogins());
+
+ // authentications failed ...
+
+ super.setupRestTemplate(userTO.getUsername(), "wrongpwd1");
+
+ Throwable t = null;
+
+ try {
+ userService.read(userTO.getId());
+ assertNotNull(readUserTO);
+ } catch (Exception e) {
+ t = e;
+ }
+
+ assertNotNull(t);
+ t = null;
+
+ try {
+ userService.read(userTO.getId());
+ assertNotNull(readUserTO);
+ } catch (Exception e) {
+ t = e;
+ }
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+
+ readUserTO = userService.read(userTO.getId());
+ assertNotNull(readUserTO);
+ assertNotNull(readUserTO.getFailedLogins());
+ assertEquals(Integer.valueOf(2), readUserTO.getFailedLogins());
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ readUserTO = userService.read(userTO.getId());
+ assertNotNull(readUserTO);
+ assertNotNull(readUserTO.getFailedLogins());
+ assertEquals(Integer.valueOf(0), readUserTO.getFailedLogins());
+ }
+
+ @Test
+ public void checkUserSuspension() {
+ UserTO userTO = UserTestITCase
+ .getSampleTO("checkSuspension@syncope.apache.org");
+
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(7L);
+ AttributeTO testAttributeTO = new AttributeTO();
+ testAttributeTO.setSchema("testAttribute");
+ testAttributeTO.addValue("a value");
+ membershipTO.addAttribute(testAttributeTO);
+ userTO.addMembership(membershipTO);
+
+ userTO = userService.create(userTO);
+ assertNotNull(userTO);
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ userTO = userService.read(userTO.getId());
+
+ assertNotNull(userTO);
+ assertNotNull(userTO.getFailedLogins());
+ assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
+
+ // authentications failed ...
+
+ super.setupRestTemplate(userTO.getUsername(), "wrongpwd1");
+
+ Throwable t = null;
+
+ try {
+ userService.read(userTO.getId());
+ fail();
+ } catch (Exception e) {
+ t = e;
+ }
+
+ assertNotNull(t);
+ t = null;
+
+ try {
+ userService.read(userTO.getId());
+ } catch (Exception e) {
+ t = e;
+ }
+
+ assertNotNull(t);
+ t = null;
+
+ try {
+ userService.read(userTO.getId());
+ } catch (Exception e) {
+ t = e;
+ }
+
+ assertNotNull(t);
+ t = null;
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+
+ userTO = userService.read(userTO.getId());
+
+ assertNotNull(userTO);
+ assertNotNull(userTO.getFailedLogins());
+ assertEquals(Integer.valueOf(3), userTO.getFailedLogins());
+
+ // last authentication before suspension
+ super.setupRestTemplate(userTO.getUsername(), "wrongpwd1");
+
+ try {
+ userService.read(userTO.getId());
+ } catch (Exception e) {
+ t = e;
+ }
+
+ assertNotNull(t);
+ t = null;
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+
+ userTO = userService.read(userTO.getId());
+
+ assertNotNull(userTO);
+ assertNotNull(userTO.getFailedLogins());
+ assertEquals(Integer.valueOf(3), userTO.getFailedLogins());
+ assertEquals("suspended", userTO.getStatus());
+
+ // check for authentication
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ try {
+ userService.read(userTO.getId());
+ assertNotNull(userTO);
+ } catch (Exception e) {
+ t = e;
+ }
+
+ assertNotNull(t);
+ t = null;
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+
+ userTO = userService.reactivate(userTO.getId());
+
+ assertNotNull(userTO);
+ assertEquals("active", userTO.getStatus());
+
+ super.setupRestTemplate(userTO.getUsername(), "password123");
+
+ userTO = userService.read(userTO.getId());
+
+ assertNotNull(userTO);
+ assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
+ }
+
+ @Test
+ public void issueSYNCOPE48() {
+ // Parent role, able to create users with role 1
+ RoleTO parentRole = new RoleTO();
+ parentRole.setName("parentAdminRole");
+ parentRole.addEntitlement("USER_CREATE");
+ parentRole.addEntitlement("ROLE_1");
+ parentRole.setParent(1L);
+
+ parentRole = roleService.create(parentRole);
+ assertNotNull(parentRole);
+
+ // Child role, with no entitlements
+ RoleTO childRole = new RoleTO();
+ childRole.setName("childAdminRole");
+ childRole.setParent(parentRole.getId());
+
+ childRole = roleService.create(childRole);
+ assertNotNull(childRole);
+
+ // User with child role, created by admin
+ UserTO role1Admin = UserTestITCase
+ .getSampleTO("syncope48admin@apache.org");
+ role1Admin.setPassword("password");
+ MembershipTO membershipTO = new MembershipTO();
+ membershipTO.setRoleId(childRole.getId());
+ role1Admin.addMembership(membershipTO);
+
+ role1Admin = userService.create(role1Admin);
+ assertNotNull(role1Admin);
+
+ super.setupRestTemplate(role1Admin.getUsername(), "password");
+
+ // User with role 1, created by user with child role created above
+ UserTO role1User = UserTestITCase
+ .getSampleTO("syncope48user@apache.org");
+ membershipTO = new MembershipTO();
+ membershipTO.setRoleId(1L);
+ role1User.addMembership(membershipTO);
+
+ role1User = userService.create(role1User);
+ assertNotNull(role1User);
+
+ // reset admin credentials for restTemplate
+ super.resetRestTemplate();
+ }
}