1   /*
2    * Copyright 2000-2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.test;
18  
19  // Java imports
20  import java.io.File;
21  
22  // Junit imports
23  import junit.awtui.TestRunner;
24  import junit.framework.Test;
25  import junit.framework.TestSuite;
26  
27  // Cactus imports
28  import org.apache.cactus.ServletTestCase;
29  import org.apache.cactus.WebRequest;
30  import org.apache.cactus.WebResponse;
31  
32  // Jetspeed imports
33  import org.apache.jetspeed.om.profile.Profile;
34  import org.apache.jetspeed.om.profile.ProfileLocator;
35  import org.apache.jetspeed.om.profile.Portlets;
36  import org.apache.jetspeed.om.profile.PSMLDocument;
37  import org.apache.jetspeed.om.profile.psml.PsmlController;
38  import org.apache.jetspeed.om.profile.psml.PsmlEntry;
39  import org.apache.jetspeed.om.profile.psml.PsmlPortlets;
40  import org.apache.jetspeed.om.profile.psml.PsmlSkin;
41  import org.apache.jetspeed.services.Profiler;
42  import org.apache.jetspeed.test.TurbineTestUtilities;
43  
44  // Turbine imports
45  import org.apache.turbine.util.RunData;
46  import org.apache.turbine.util.RunDataFactory;
47  
48  /***
49   * TestBasicSecurity
50   *
51   * @author <a href="paulsp@apache.org">Paul Spencer</a>
52   * @version $Id: TestBasicSecurity.java,v 1.1 2004/04/07 22:02:41 jford Exp $
53   */
54  
55  public class TestBasicSecurity extends ServletTestCase
56  {
57      private static String ADMIN_PORTLET = "GlobalAdminPortlet"; // Portlet accessable by Admin user, role = admin
58      private static String ALL_PORTLET = "HelloVelocity";  // Portlet accessable by Anonymous user
59      private static String TEST_ADMIN_PASSWORD ="jetspeed";
60      private static String TEST_ADMIN_USER = "admin";
61      private static String TEST_CONTEXT = null;
62      private static String TEST_HOST = "localhost";
63      private static String TEST_SERVLET = "/portal";
64      private static String TEST_GROUP = "Jetspeed";
65      private static String TEST_SECURITY_PAGE = "SecurityTest";
66      private static String TEST_TURBINE_PASSWORD ="turbine";
67      private static String TEST_TURBINE_USER = "turbine";
68      private static String USER_PORTLET = "SkinBrowser"; // Portlet accessable by general user, role = user
69  
70      private RunData rundata = null;
71  
72      /***
73       * Defines the testcase name for JUnit.
74       *
75       * @param name the testcase's name.
76       */
77      public TestBasicSecurity(String name)
78      {
79          super( name );
80      }
81  
82      /***
83       * Start the tests.
84       *
85       * @param args the arguments. Not used
86       */
87      public static void main(String args[])
88      {
89          TestRunner.main( new String[]
90          { TestBasicSecurity.class.getName() } );
91      }
92  
93      /***
94       * Creates the test suite.
95       *
96       * @return a test suite (<code>TestSuite</code>) that includes all methods
97       *         starting with "test"
98       */
99      public static Test suite()
100     {
101         // All methods starting with "test" will be executed in the test suite.
102         return new TestSuite( TestBasicSecurity.class );
103     }
104 
105     /***
106      * Sets up the test case.
107      *
108      */
109     protected void setUp() throws Exception
110     {
111     }
112 
113     /***
114      *  Test: PageURL
115      *  With the page URL "/page/apache"
116      *    1) A page is generated
117      *    2) The user is anonymous
118      *    3) Group is set to "apache"
119      *    4) Role is not set
120      */
121     public void beginCreateTestPSML(WebRequest theRequest)
122     {
123         System.out.println("URL = " + theRequest.getURL());
124         theRequest.setURL(TEST_HOST, TEST_CONTEXT, TEST_SERVLET
125         , null ,"action=JLoginUser&username="+  TEST_ADMIN_USER + "&password=" + TEST_ADMIN_PASSWORD);
126         System.out.println("post set URL = " + theRequest.getURL());
127     }
128 
129     /***
130      * Create a PSML in the TEST_GROUP with 3 entries.
131      *  1) ST_01.all  no role
132      *  2) ST_01.user  Role = user
133      *  3) ST_01.admin  Role = admin
134      *
135      * @throws Exception
136      */
137     public void testCreateTestPSML() throws Exception
138     {
139         Portlets rootPortletSet = null;
140         ProfileLocator currentLocator = null;
141         ProfileLocator newLocator = null;
142         PsmlController controller = null;
143         PsmlPortlets portlets = null;
144         PsmlSkin skin = null;
145 
146         // Create the RunData object to be used during testing.
147         rundata = RunDataFactory.getRunData( request, response, config );
148         assertNotNull( "Got rundata", rundata);
149 
150         TurbineTestUtilities.setupRunData(rundata);
151         // Verify we have a profile
152         Profile profile = Profiler.getProfile(rundata);
153         assertNotNull( "Got profile from Profiler", profile);
154 
155         // Verify the profile location information in the profile
156         if (profile instanceof ProfileLocator)
157         {
158             currentLocator = (ProfileLocator) profile;
159         }
160 
161         newLocator = Profiler.createLocator();
162         newLocator.setGroupByName(TEST_GROUP);
163         newLocator.setMediaType(currentLocator.getMediaType());
164         newLocator.setName(TEST_SECURITY_PAGE);
165 
166         // Create portlet set
167         portlets = new PsmlPortlets();
168         controller = new PsmlController();
169         controller.setName("RowController");
170         portlets.setController(controller);
171         skin = new PsmlSkin();
172         skin.setName("orange-red");
173         portlets.setSkin(skin);
174         rootPortletSet = portlets;
175 
176         portlets = new PsmlPortlets();
177         // Add entries
178         portlets.addEntry( createEntry(ALL_PORTLET, "ST_01.all"));
179         portlets.addEntry( createEntry(USER_PORTLET, "ST_01.user"));
180         portlets.addEntry( createEntry(ADMIN_PORTLET, "ST_01.admin"));
181         rootPortletSet.addPortlets(portlets);
182 
183         Profile newProfile = Profiler.createProfile(newLocator, rootPortletSet);
184         PSMLDocument doc = newProfile.getDocument();
185         System.out.println("doc = " + doc.getName());
186 
187         // this only works with the default configuration (Castor/Filebased)
188         File file = new File(doc.getName());
189         assertTrue(file.exists());
190         //file.delete();
191 
192         TurbineTestUtilities.generatePage(rundata);
193         TurbineTestUtilities.outputPage(rundata);
194 
195         // Return the used RunData to the factory for recycling.
196         RunDataFactory.putRunData(rundata);
197     }
198 
199     public void endCreateTestPSML(WebResponse theResponse)
200     {
201         System.out.println("text length = " + theResponse.getText().length());
202         //        System.out.println("text length = " + theResponse.getText());
203     }
204 
205     /***
206      * This test verifies that no "Actions" like minimize are displayed for
207      * the anonymous user.  The ID is used to determine if an action is on
208      * the page for an entry.
209      */
210     public void beginAnonymousUser(WebRequest theRequest)
211     {
212         System.out.println("URL = " + theRequest.getURL());
213         theRequest.setURL(TEST_HOST, TEST_CONTEXT, TEST_SERVLET
214         , "/group/" + TEST_GROUP + "/page/" + TEST_SECURITY_PAGE , null );
215         System.out.println("post set URL = " + theRequest.getURL());
216     }
217 
218     public void testAnonymousUser() throws Exception
219     {
220         // Create the RunData object to be used during testing.
221         rundata = RunDataFactory.getRunData( request, response, config );
222         assertNotNull( "Got rundata", rundata);
223 
224         TurbineTestUtilities.setupRunData(rundata);
225 
226         // Verify we have a profile
227         Profile profile = Profiler.getProfile(rundata);
228         assertNotNull( "Got profile from Profiler", profile);
229 
230         // Verify the profile location information in the profile
231         if (profile instanceof ProfileLocator)
232         {
233             ProfileLocator profileLocator = (ProfileLocator) profile;
234             assertTrue("Verify the 'anonymous' is not set", !profileLocator.getAnonymous());
235             assertNull("Verify the user is null", profileLocator.getUser());
236             assertNull("Verify the role is null", profileLocator.getRole());
237             assertEquals("Verify the page name", profileLocator.getName(), TEST_SECURITY_PAGE + ".psml");
238         } else
239         {
240             assertTrue( "profile does not implement ProfileLocator", false);
241         }
242         TurbineTestUtilities.generatePage(rundata);
243         TurbineTestUtilities.outputPage(rundata);
244 
245         // Return the used RunData to the factory for recycling.
246         RunDataFactory.putRunData(rundata);
247     }
248 
249     public void endAnonymousUser(WebResponse theResponse)
250     {
251         assertEquals("Verify resulting page does not contain 'ST_01.all'", theResponse.getText().indexOf("ST_01.all"),-1);
252         assertEquals("Verify resulting page does not contain 'ST_01.user'", theResponse.getText().indexOf("ST_01.user"),-1);
253         assertEquals("Verify resulting page does not contain 'ST_01.admin'", theResponse.getText().indexOf("ST_01.admin"), -1);
254         System.out.println("text length = " + theResponse.getText().length());
255         //        System.out.println("text length = " + theResponse.getText());
256     }
257 
258     /***
259      * This test verifies that only protlets with a role of User has "Actions"
260      * like minimize are displayed a logged in user with a role = user.  The
261      * ID is used to determine if an action is on the page for an entry.
262      */
263     public void beginTurbineUser(WebRequest theRequest)
264     {
265         System.out.println("URL = " + theRequest.getURL());
266         theRequest.setURL(TEST_HOST, TEST_CONTEXT, TEST_SERVLET
267         , "/group/" + TEST_GROUP + "/page/" + TEST_SECURITY_PAGE , "action=JLoginUser&username="+  TEST_TURBINE_USER + "&password=" + TEST_TURBINE_PASSWORD);
268         System.out.println("post set URL = " + theRequest.getURL());
269     }
270 
271     public void testTurbineUser() throws Exception
272     {
273         // Create the RunData object to be used during testing.
274         rundata = RunDataFactory.getRunData( request, response, config );
275         assertNotNull( "Got rundata", rundata);
276 
277         TurbineTestUtilities.setupRunData(rundata);
278 
279         // Verify we have a profile
280         Profile profile = Profiler.getProfile(rundata);
281         assertNotNull( "Got profile from Profiler", profile);
282 
283         // Verify the profile location information in the profile
284         if (profile instanceof ProfileLocator)
285         {
286             ProfileLocator profileLocator = (ProfileLocator) profile;
287             assertTrue("Verify the 'anonymous' is not set", !profileLocator.getAnonymous());
288             assertNull("Verify the user is null", profileLocator.getUser());
289             assertNull("Verify the role is null", profileLocator.getRole());
290             assertEquals("Verify the page name", profileLocator.getName(), TEST_SECURITY_PAGE + ".psml");
291         } else
292         {
293             assertTrue( "profile does not implement ProfileLocator", false);
294         }
295         TurbineTestUtilities.generatePage(rundata);
296         TurbineTestUtilities.outputPage(rundata);
297 
298         // Return the used RunData to the factory for recycling.
299         RunDataFactory.putRunData(rundata);
300     }
301 
302     public void endTurbineUser(WebResponse theResponse)
303     {
304         assertTrue("Verify resulting page contains 'ST_01.all'", theResponse.getText().indexOf("ST_01.all") > -1);
305         assertTrue("Verify resulting page contains 'ST_01.user'", theResponse.getText().indexOf("ST_01.user") > -1);
306         assertEquals("Verify resulting page does not contain 'ST_01.admin'", theResponse.getText().indexOf("ST_01.admin"), -1);
307         System.out.println("text length = " + theResponse.getText().length());
308         //        System.out.println("text length = " + theResponse.getText());
309     }
310 
311     /***
312      * This test verifies that only protlets with a role of User or admin have
313      * "Actions" like minimize are displayed a logged in user with a
314      * role = user and admin.  The ID is used to determine if an action is on
315      * the page for an entry.
316      */
317     public void beginAdminUser(WebRequest theRequest)
318     {
319         System.out.println("URL = " + theRequest.getURL());
320         theRequest.setURL(TEST_HOST, TEST_CONTEXT, TEST_SERVLET
321         , "/group/" + TEST_GROUP + "/page/" + TEST_SECURITY_PAGE , "action=JLoginUser&username="+  TEST_ADMIN_USER + "&password=" + TEST_ADMIN_PASSWORD);
322         System.out.println("post set URL = " + theRequest.getURL());
323     }
324 
325     public void testAdminUser() throws Exception
326     {
327         // Create the RunData object to be used during testing.
328         rundata = RunDataFactory.getRunData( request, response, config );
329         assertNotNull( "Got rundata", rundata);
330 
331         TurbineTestUtilities.setupRunData(rundata);
332 
333         // Verify we have a profile
334         Profile profile = Profiler.getProfile(rundata);
335         assertNotNull( "Got profile from Profiler", profile);
336 
337         // Verify the profile location information in the profile
338         if (profile instanceof ProfileLocator)
339         {
340             ProfileLocator profileLocator = (ProfileLocator) profile;
341             assertTrue("Verify the 'anonymous' is not set", !profileLocator.getAnonymous());
342             assertNull("Verify the user is null", profileLocator.getUser());
343             assertNull("Verify the role is null", profileLocator.getRole());
344             assertEquals("Verify the page name", profileLocator.getName(), TEST_SECURITY_PAGE + ".psml");
345         } else
346         {
347             assertTrue( "profile does not implement ProfileLocator", false);
348         }
349         TurbineTestUtilities.generatePage(rundata);
350         TurbineTestUtilities.outputPage(rundata);
351 
352         // Return the used RunData to the factory for recycling.
353         RunDataFactory.putRunData(rundata);
354     }
355 
356     public void endAdminUser(WebResponse theResponse)
357     {
358         assertTrue("Verify resulting page contains 'ST_01.all'", theResponse.getText().indexOf("ST_01.all") > -1);
359         assertTrue("Verify resulting page contains 'ST_01.user'", theResponse.getText().indexOf("ST_01.user") > -1);
360         assertTrue("Verify resulting page contains 'ST_01.admin'", theResponse.getText().indexOf("ST_01.admin")> -1);
361         System.out.println("text length = " + theResponse.getText().length());
362         //        System.out.println("text length = " + theResponse.getText());
363     }
364 
365     private PsmlEntry createEntry(java.lang.String parent, java.lang.String id)
366     {
367         PsmlEntry entry = new PsmlEntry();
368         entry.setParent( parent);
369         if (id != null)
370             entry.setId( id);
371         return entry;
372     }
373 
374 }