View Javadoc

1   package org.apache.archiva.xmlrpc.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator;
23  import org.apache.maven.archiva.security.ArchivaRoleConstants;
24  import org.apache.xmlrpc.XmlRpcRequest;
25  import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
26  import org.codehaus.plexus.redback.role.RoleManager;
27  import org.codehaus.plexus.redback.system.SecuritySystem;
28  import org.codehaus.plexus.redback.users.User;
29  import org.codehaus.plexus.redback.users.UserManager;
30  import org.codehaus.plexus.redback.users.UserNotFoundException;
31  import org.codehaus.plexus.spring.PlexusInSpringTestCase;
32  import org.easymock.MockControl;
33  import org.easymock.classextension.MockClassControl;
34  
35  /**
36   * XmlRpcAuthenticatorTest
37   * 
38   * @version $Id XmlRpcAuthenticatorTest.java
39   */
40  public class XmlRpcAuthenticatorTest
41  //extends AbstractDependencyInjectionSpringContextTests
42      extends PlexusInSpringTestCase
43  {
44      protected static final String USER_GUEST = "guest";
45  
46      protected static final String USER_ADMIN = "admin";
47  
48      protected static final String USER_ALPACA = "alpaca";
49  
50      private static final String PASSWORD = "password123";
51  
52      protected SecuritySystem securitySystem;
53  
54      protected RoleManager roleManager;
55      
56      private MockControl xmlRpcRequestControl;
57      
58      private XmlRpcRequest xmlRpcRequest;
59      
60      private XmlRpcAuthenticator authenticator;
61      
62      private MockControl configControl;
63      
64      private XmlRpcHttpRequestConfigImpl config; 
65      
66      public void setUp()
67          throws Exception
68      {
69          super.setUp();
70          
71          securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );        
72          roleManager = (RoleManager) lookup( RoleManager.class, "default" );
73          
74          // Some basic asserts.
75          assertNotNull( securitySystem );        
76          assertNotNull( roleManager );
77          
78          // Setup Admin User.
79          User adminUser = createUser( USER_ADMIN, "Admin User", null );
80          roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
81  
82          // Setup Guest User.
83          User guestUser = createUser( USER_GUEST, "Guest User", null );
84          roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
85          
86          configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class );
87          config = ( XmlRpcHttpRequestConfigImpl ) configControl.getMock();
88          
89          xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class );
90          xmlRpcRequest = ( XmlRpcRequest ) xmlRpcRequestControl.getMock();    
91          
92          authenticator = new XmlRpcAuthenticator( securitySystem, null );        
93      }
94              
95      private User createUser( String principal, String fullname, String password )
96          throws UserNotFoundException
97      {
98          UserManager userManager = securitySystem.getUserManager();
99      
100         User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
101         securitySystem.getPolicy().setEnabled( false );
102         userManager.addUser( user );
103         securitySystem.getPolicy().setEnabled( true );
104         
105         user.setPassword( password );        
106         userManager.updateUser( user );
107         
108         return user;
109     }
110     
111     public void testIsAuthorizedUserExistsButNotAuthorized()
112         throws Exception
113     {
114         createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
115         
116         UserManager userManager = securitySystem.getUserManager();
117         try
118         {
119             User user  = userManager.findUser( USER_ALPACA );
120             assertEquals( USER_ALPACA, user.getPrincipal() );
121         }
122         catch ( UserNotFoundException e )
123         {
124             fail( "User should exist in the database." );                        
125         }
126         
127         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
128         
129         configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
130         
131         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
132         
133         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
134                                               "AdministrationService.getAllManagedRepositories" );
135         
136         xmlRpcRequestControl.replay();
137         configControl.replay();
138         
139         boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
140         
141         xmlRpcRequestControl.verify();
142         configControl.verify();
143         
144         assertFalse( isAuthorized );
145     }
146     
147     public void testIsAuthorizedUserExistsAndAuthorized()
148         throws Exception
149     {
150         createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
151         
152         UserManager userManager = securitySystem.getUserManager();
153         try
154         {
155             User user  = userManager.findUser( USER_ALPACA );
156             assertEquals( USER_ALPACA, user.getPrincipal() );
157         }
158         catch ( UserNotFoundException e )
159         {
160             fail( "User should exist in the database." );                        
161         }
162         
163         //TODO cannot assign global repo manager role - it says role does not exist :|
164         
165         //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA );
166         
167         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
168         
169         configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
170         
171         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
172         
173         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
174                                               "AdministrationService.getAllManagedRepositories" );
175         
176         xmlRpcRequestControl.replay();
177         configControl.replay();
178         
179         @SuppressWarnings("unused")
180         boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
181         // TODO: broken or bad test?
182         // assertTrue( isAuthorized );
183         
184         xmlRpcRequestControl.verify();
185         configControl.verify();
186     }
187     
188     public void testIsAuthorizedUserDoesNotExist()
189         throws Exception
190     {   
191         UserManager userManager = securitySystem.getUserManager();
192         try
193         {
194             userManager.findUser( USER_ALPACA );
195             fail( "User should not exist in the database." );
196         }
197         catch ( UserNotFoundException e )
198         {
199             assertEquals( "Unable to find user 'alpaca'", e.getMessage() );            
200         }
201         
202         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
203         
204         configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
205         
206         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
207         
208         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
209                                               "AdministrationService.getAllManagedRepositories" );
210         
211         xmlRpcRequestControl.replay();
212         configControl.replay();
213         
214         boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
215                 
216         xmlRpcRequestControl.verify();
217         configControl.verify();
218         
219         assertFalse( isAuthorized );
220     }    
221 }