1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.layout;
18  
19  import java.io.File;
20  import java.security.PrivilegedAction;
21  import java.util.HashSet;
22  import java.util.List;
23  import java.util.Set;
24  
25  import javax.security.auth.Subject;
26  
27  import junit.framework.TestCase;
28  
29  import org.apache.jetspeed.components.ComponentManager;
30  import org.apache.jetspeed.components.SpringComponentManager;
31  import org.apache.jetspeed.components.factorybeans.ServletConfigFactoryBean;
32  import org.apache.jetspeed.layout.impl.LayoutValve;
33  import org.apache.jetspeed.mocks.ResourceLocatingServletContext;
34  import org.apache.jetspeed.om.common.SecurityConstraint;
35  import org.apache.jetspeed.om.page.PageSecurity;
36  import org.apache.jetspeed.om.page.SecurityConstraintsDef;
37  import org.apache.jetspeed.page.PageManager;
38  import org.apache.jetspeed.pipeline.PipelineException;
39  import org.apache.jetspeed.request.JetspeedRequestContext;
40  import org.apache.jetspeed.request.RequestContext;
41  import org.apache.jetspeed.security.JSSubject;
42  import org.apache.jetspeed.security.impl.RolePrincipalImpl;
43  import org.apache.jetspeed.security.impl.UserPrincipalImpl;
44  import com.mockrunner.mock.web.MockHttpServletRequest;
45  import com.mockrunner.mock.web.MockHttpServletResponse;
46  import com.mockrunner.mock.web.MockHttpSession;
47  import com.mockrunner.mock.web.MockServletConfig;
48  import com.mockrunner.mock.web.MockServletContext;
49  
50  /***
51   * Test Security Constraints Manipulation
52   *  
53   * @author <a>David Sean Taylor </a>
54   * @version $Id: $
55   */
56  public class TestConstraintsAction extends TestCase
57  {
58  
59      private ComponentManager cm;
60  
61      private LayoutValve valve;
62      
63      private PageManager pageManager;
64  
65      public static void main(String[] args)
66      {
67          junit.swingui.TestRunner.run(TestLayout.class);
68      }
69  
70      /***
71       * Setup the request context
72       */
73      protected void setUp() throws Exception
74      {
75          super.setUp();
76  
77          String appRoot =  "./"; //PortalTestConstants.JETSPEED_APPLICATION_ROOT;
78          
79          MockServletConfig servletConfig = new MockServletConfig();        
80          ResourceLocatingServletContext servletContent = new ResourceLocatingServletContext(new File(appRoot));        
81          servletConfig.setServletContext(servletContent);
82          ServletConfigFactoryBean.setServletConfig(servletConfig);
83          
84          // Load the Spring configs
85          String[] bootConfigs = null;
86          String[] appConfigs =
87          { //"src/webapp/WEB-INF/assembly/layout-api.xml",
88                  "src/test/resources/assembly/test-layout-constraints-api.xml",
89                  "src/test/resources/assembly/page-manager.xml"};
90          
91                  
92          cm = new SpringComponentManager(bootConfigs, appConfigs, servletContent, ".");
93          cm.start();
94          valve = (LayoutValve) cm.getComponent("layoutValve");
95          pageManager = (PageManager) cm.getComponent("pageManager");
96      }
97  
98      protected void tearDown() throws Exception
99      {
100         cm.stop();
101     }
102 
103     public void testUpdate()
104     throws Exception
105     {
106         String method = "update-def";
107         String defName = "users";
108         String xml =
109             "<security-constraints-def name=\"" + 
110                   defName + 
111                   "\"><security-constraint><roles>user, manager</roles><permissions>view,edit</permissions></security-constraint></security-constraints-def>";
112         runTest(xml, defName, method);
113         PageSecurity pageSecurity = pageManager.getPageSecurity();
114         SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
115         assertNotNull("definition " + defName + " not found ", def);
116         SecurityConstraint constraint =  (SecurityConstraint)def.getSecurityConstraints().get(0);
117         assertNotNull("first constraint for " + defName + " not found ", def);
118         assertEquals("update failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view, edit]");
119     }
120 
121     public void testAdd()
122     throws Exception
123     {
124         String method = "add-def";
125         String defName = "newone";
126         String xml =
127             "<security-constraints-def name=\"" + 
128                   defName + 
129                   "\"><security-constraint><roles>user, manager</roles><permissions>view,edit</permissions></security-constraint></security-constraints-def>";
130         runTest(xml, defName, method);
131         PageSecurity pageSecurity = pageManager.getPageSecurity();
132         SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
133         assertNotNull("definition " + defName + " not found ", def);
134         SecurityConstraint constraint =  (SecurityConstraint)def.getSecurityConstraints().get(0);
135         assertNotNull("first constraint for " + defName + " not found ", def);
136         assertEquals("update failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view, edit]");
137     }
138     
139     public void testAdds()
140     throws Exception
141     {
142         String method = "update-def";        
143         String defName = "users";
144         String xml =
145             "<security-constraints-def name=\"" + 
146                   defName + 
147                   "\"><security-constraint><roles>user, manager,anon</roles><permissions>view,edit,help</permissions></security-constraint>" +
148                   "<security-constraint><groups>accounting,finance</groups><permissions>view,edit,help</permissions></security-constraint>" +
149                   "<security-constraint><users>tomcat</users><permissions>view</permissions></security-constraint>" +
150                   "<security-constraint><users>manager,admin</users><permissions>view,help</permissions></security-constraint>" +
151                   "</security-constraints-def>";
152                   
153         runTest(xml, defName, method);
154         PageSecurity pageSecurity = pageManager.getPageSecurity();
155         SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
156         assertNotNull("definition " + defName + " not found ", def);
157         SecurityConstraint constraint =  (SecurityConstraint)def.getSecurityConstraints().get(0);
158         assertNotNull("first constraint for " + defName + " not found ", constraint);
159         assertEquals("update failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view, edit, help]");
160         assertEquals("update failed for constraints " + constraint.getRoles().toString(), constraint.getRoles().toString(), "[user, manager, anon]");
161         
162         SecurityConstraint constraint2 =  (SecurityConstraint)def.getSecurityConstraints().get(1);
163         assertNotNull("second constraint for " + defName + " not found ", constraint2);
164         assertEquals("add failed for constraints " + constraint2.getPermissions().toString(), constraint2.getPermissions().toString(), "[view, edit, help]");
165         assertEquals("add failed for constraints " + constraint2.getGroups().toString(), constraint2.getGroups().toString(), "[accounting, finance]");
166 
167         SecurityConstraint constraint3 =  (SecurityConstraint)def.getSecurityConstraints().get(2);
168         assertNotNull("third constraint for " + defName + " not found ", constraint3);
169         assertEquals("add failed for constraints " + constraint3.getPermissions().toString(), constraint3.getPermissions().toString(), "[view]");
170         assertEquals("add failed for constraints " + constraint3.getUsers().toString(), constraint3.getUsers().toString(), "[tomcat]");
171 
172         SecurityConstraint constraint4 =  (SecurityConstraint)def.getSecurityConstraints().get(3);
173         assertNotNull("fourth constraint for " + defName + " not found ", constraint4);
174         assertEquals("add failed for constraints " + constraint4.getPermissions().toString(), constraint4.getPermissions().toString(), "[view, help]");
175         assertEquals("add failed for constraints " + constraint4.getUsers().toString(), constraint4.getUsers().toString(), "[manager, admin]");
176         
177     }
178 
179     public void testDeletes()
180     throws Exception
181     {
182         String method = "update-def";        
183         String defName = "delete3";
184         String xml =
185             "<security-constraints-def name=\"" + 
186                   defName + 
187                   "\"><security-constraint><users>*</users><permissions>view</permissions></security-constraint></security-constraints-def>";
188         runTest(xml, defName, method);
189         PageSecurity pageSecurity = pageManager.getPageSecurity();
190         SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
191         assertNotNull("definition " + defName + " not found ", def);
192         SecurityConstraint constraint =  (SecurityConstraint)def.getSecurityConstraints().get(0);
193         assertNotNull("first constraint for " + defName + " not found ", def);
194         assertEquals("delete merge failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view]");
195         assertEquals("delete merge failed for constraints " + constraint.getUsers().toString(), constraint.getUsers().toString(), "[*]");        
196         assertTrue("constrainst size should be 1 ", def.getSecurityConstraints().size() == 1);        
197     }
198 
199     public void testDeleteDef()
200     throws Exception
201     {
202         String method = "remove-def";        
203         String defName = "deleteme";
204         String xml = "";
205         runTest(xml, defName, method);
206         PageSecurity pageSecurity = pageManager.getPageSecurity();
207         SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
208         assertNull("definition " + defName + " should be deleted ", def);
209     }
210 
211     public void testAddGlobal()
212     throws Exception
213     {
214         String method = "add-global";        
215         String defName = "manager";
216         String xml = "";
217         runTest(xml, defName, method);
218         PageSecurity pageSecurity = pageManager.getPageSecurity();
219         List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
220         assertTrue("should have found new global " + defName,  globals.contains(defName));
221         assertTrue("should have found old global " + defName,  globals.contains("admin"));
222     }
223 
224     public void testDeleteGlobal()
225     throws Exception
226     {
227         PageSecurity pageSecurity = pageManager.getPageSecurity();        
228         String method = "add-global";        
229         String defName = "public-edit";
230         String xml = "";        
231         runTest(xml, defName, method);
232         List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
233         assertTrue("should have found new global " + defName,  globals.contains(defName));
234         method = "remove-global";        
235         runTest(xml, defName, method);
236         globals = pageSecurity.getGlobalSecurityConstraintsRefs();
237         assertFalse("should have not found new global " + defName,  globals.contains(defName));
238     }
239     
240     public void runTest(String xml, String defName, String method)
241     throws Exception
242     {
243         MockServletConfig config = new MockServletConfig();
244         MockServletContext context = new MockServletContext();
245         MockHttpSession session = new MockHttpSession();
246         session.setupServletContext(context);
247         MockHttpServletRequest request = new MockHttpServletRequest();
248         request.setupAddParameter("action", "constraints");
249         request.setupAddParameter("method", method);
250         request.setupAddParameter("xml", xml);
251         request.setupAddParameter("name", defName);
252         request.setSession(session);
253         MockHttpServletResponse response = new MockHttpServletResponse();
254 
255         final RequestContext rc = 
256             new JetspeedRequestContext(request, response, config, null);
257         
258         Set principals = new HashSet();
259         principals.add(new UserPrincipalImpl("admin"));
260         principals.add(new RolePrincipalImpl("admin"));
261         Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
262         
263         JSSubject.doAsPrivileged(subject, new PrivilegedAction()
264                 {
265                     public Object run() 
266                     {
267                          try
268                         {
269                              valve.invoke(rc, null);                 
270                             return null;
271                         }
272                         catch (PipelineException e)
273                         {
274                             return e;
275                         }                    
276                     }
277                 }, null);
278      
279         
280     }
281     
282 
283 }