1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.layout;
18
19 import java.io.File;
20 import java.security.PrivilegedAction;
21 import java.util.HashSet;
22 import java.util.List;
23 import java.util.Set;
24
25 import javax.security.auth.Subject;
26
27 import junit.framework.TestCase;
28
29 import org.apache.jetspeed.components.ComponentManager;
30 import org.apache.jetspeed.components.SpringComponentManager;
31 import org.apache.jetspeed.components.factorybeans.ServletConfigFactoryBean;
32 import org.apache.jetspeed.layout.impl.LayoutValve;
33 import org.apache.jetspeed.mocks.ResourceLocatingServletContext;
34 import org.apache.jetspeed.om.common.SecurityConstraint;
35 import org.apache.jetspeed.om.page.PageSecurity;
36 import org.apache.jetspeed.om.page.SecurityConstraintsDef;
37 import org.apache.jetspeed.page.PageManager;
38 import org.apache.jetspeed.pipeline.PipelineException;
39 import org.apache.jetspeed.request.JetspeedRequestContext;
40 import org.apache.jetspeed.request.RequestContext;
41 import org.apache.jetspeed.security.JSSubject;
42 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
43 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
44 import com.mockrunner.mock.web.MockHttpServletRequest;
45 import com.mockrunner.mock.web.MockHttpServletResponse;
46 import com.mockrunner.mock.web.MockHttpSession;
47 import com.mockrunner.mock.web.MockServletConfig;
48 import com.mockrunner.mock.web.MockServletContext;
49
50 /***
51 * Test Security Constraints Manipulation
52 *
53 * @author <a>David Sean Taylor </a>
54 * @version $Id: $
55 */
56 public class TestConstraintsAction extends TestCase
57 {
58
59 private ComponentManager cm;
60
61 private LayoutValve valve;
62
63 private PageManager pageManager;
64
65 public static void main(String[] args)
66 {
67 junit.swingui.TestRunner.run(TestLayout.class);
68 }
69
70 /***
71 * Setup the request context
72 */
73 protected void setUp() throws Exception
74 {
75 super.setUp();
76
77 String appRoot = "./";
78
79 MockServletConfig servletConfig = new MockServletConfig();
80 ResourceLocatingServletContext servletContent = new ResourceLocatingServletContext(new File(appRoot));
81 servletConfig.setServletContext(servletContent);
82 ServletConfigFactoryBean.setServletConfig(servletConfig);
83
84
85 String[] bootConfigs = null;
86 String[] appConfigs =
87 {
88 "src/test/resources/assembly/test-layout-constraints-api.xml",
89 "src/test/resources/assembly/page-manager.xml"};
90
91
92 cm = new SpringComponentManager(bootConfigs, appConfigs, servletContent, ".");
93 cm.start();
94 valve = (LayoutValve) cm.getComponent("layoutValve");
95 pageManager = (PageManager) cm.getComponent("pageManager");
96 }
97
98 protected void tearDown() throws Exception
99 {
100 cm.stop();
101 }
102
103 public void testUpdate()
104 throws Exception
105 {
106 String method = "update-def";
107 String defName = "users";
108 String xml =
109 "<security-constraints-def name=\"" +
110 defName +
111 "\"><security-constraint><roles>user, manager</roles><permissions>view,edit</permissions></security-constraint></security-constraints-def>";
112 runTest(xml, defName, method);
113 PageSecurity pageSecurity = pageManager.getPageSecurity();
114 SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
115 assertNotNull("definition " + defName + " not found ", def);
116 SecurityConstraint constraint = (SecurityConstraint)def.getSecurityConstraints().get(0);
117 assertNotNull("first constraint for " + defName + " not found ", def);
118 assertEquals("update failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view, edit]");
119 }
120
121 public void testAdd()
122 throws Exception
123 {
124 String method = "add-def";
125 String defName = "newone";
126 String xml =
127 "<security-constraints-def name=\"" +
128 defName +
129 "\"><security-constraint><roles>user, manager</roles><permissions>view,edit</permissions></security-constraint></security-constraints-def>";
130 runTest(xml, defName, method);
131 PageSecurity pageSecurity = pageManager.getPageSecurity();
132 SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
133 assertNotNull("definition " + defName + " not found ", def);
134 SecurityConstraint constraint = (SecurityConstraint)def.getSecurityConstraints().get(0);
135 assertNotNull("first constraint for " + defName + " not found ", def);
136 assertEquals("update failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view, edit]");
137 }
138
139 public void testAdds()
140 throws Exception
141 {
142 String method = "update-def";
143 String defName = "users";
144 String xml =
145 "<security-constraints-def name=\"" +
146 defName +
147 "\"><security-constraint><roles>user, manager,anon</roles><permissions>view,edit,help</permissions></security-constraint>" +
148 "<security-constraint><groups>accounting,finance</groups><permissions>view,edit,help</permissions></security-constraint>" +
149 "<security-constraint><users>tomcat</users><permissions>view</permissions></security-constraint>" +
150 "<security-constraint><users>manager,admin</users><permissions>view,help</permissions></security-constraint>" +
151 "</security-constraints-def>";
152
153 runTest(xml, defName, method);
154 PageSecurity pageSecurity = pageManager.getPageSecurity();
155 SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
156 assertNotNull("definition " + defName + " not found ", def);
157 SecurityConstraint constraint = (SecurityConstraint)def.getSecurityConstraints().get(0);
158 assertNotNull("first constraint for " + defName + " not found ", constraint);
159 assertEquals("update failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view, edit, help]");
160 assertEquals("update failed for constraints " + constraint.getRoles().toString(), constraint.getRoles().toString(), "[user, manager, anon]");
161
162 SecurityConstraint constraint2 = (SecurityConstraint)def.getSecurityConstraints().get(1);
163 assertNotNull("second constraint for " + defName + " not found ", constraint2);
164 assertEquals("add failed for constraints " + constraint2.getPermissions().toString(), constraint2.getPermissions().toString(), "[view, edit, help]");
165 assertEquals("add failed for constraints " + constraint2.getGroups().toString(), constraint2.getGroups().toString(), "[accounting, finance]");
166
167 SecurityConstraint constraint3 = (SecurityConstraint)def.getSecurityConstraints().get(2);
168 assertNotNull("third constraint for " + defName + " not found ", constraint3);
169 assertEquals("add failed for constraints " + constraint3.getPermissions().toString(), constraint3.getPermissions().toString(), "[view]");
170 assertEquals("add failed for constraints " + constraint3.getUsers().toString(), constraint3.getUsers().toString(), "[tomcat]");
171
172 SecurityConstraint constraint4 = (SecurityConstraint)def.getSecurityConstraints().get(3);
173 assertNotNull("fourth constraint for " + defName + " not found ", constraint4);
174 assertEquals("add failed for constraints " + constraint4.getPermissions().toString(), constraint4.getPermissions().toString(), "[view, help]");
175 assertEquals("add failed for constraints " + constraint4.getUsers().toString(), constraint4.getUsers().toString(), "[manager, admin]");
176
177 }
178
179 public void testDeletes()
180 throws Exception
181 {
182 String method = "update-def";
183 String defName = "delete3";
184 String xml =
185 "<security-constraints-def name=\"" +
186 defName +
187 "\"><security-constraint><users>*</users><permissions>view</permissions></security-constraint></security-constraints-def>";
188 runTest(xml, defName, method);
189 PageSecurity pageSecurity = pageManager.getPageSecurity();
190 SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
191 assertNotNull("definition " + defName + " not found ", def);
192 SecurityConstraint constraint = (SecurityConstraint)def.getSecurityConstraints().get(0);
193 assertNotNull("first constraint for " + defName + " not found ", def);
194 assertEquals("delete merge failed for constraints " + constraint.getPermissions().toString(), constraint.getPermissions().toString(), "[view]");
195 assertEquals("delete merge failed for constraints " + constraint.getUsers().toString(), constraint.getUsers().toString(), "[*]");
196 assertTrue("constrainst size should be 1 ", def.getSecurityConstraints().size() == 1);
197 }
198
199 public void testDeleteDef()
200 throws Exception
201 {
202 String method = "remove-def";
203 String defName = "deleteme";
204 String xml = "";
205 runTest(xml, defName, method);
206 PageSecurity pageSecurity = pageManager.getPageSecurity();
207 SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(defName);
208 assertNull("definition " + defName + " should be deleted ", def);
209 }
210
211 public void testAddGlobal()
212 throws Exception
213 {
214 String method = "add-global";
215 String defName = "manager";
216 String xml = "";
217 runTest(xml, defName, method);
218 PageSecurity pageSecurity = pageManager.getPageSecurity();
219 List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
220 assertTrue("should have found new global " + defName, globals.contains(defName));
221 assertTrue("should have found old global " + defName, globals.contains("admin"));
222 }
223
224 public void testDeleteGlobal()
225 throws Exception
226 {
227 PageSecurity pageSecurity = pageManager.getPageSecurity();
228 String method = "add-global";
229 String defName = "public-edit";
230 String xml = "";
231 runTest(xml, defName, method);
232 List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
233 assertTrue("should have found new global " + defName, globals.contains(defName));
234 method = "remove-global";
235 runTest(xml, defName, method);
236 globals = pageSecurity.getGlobalSecurityConstraintsRefs();
237 assertFalse("should have not found new global " + defName, globals.contains(defName));
238 }
239
240 public void runTest(String xml, String defName, String method)
241 throws Exception
242 {
243 MockServletConfig config = new MockServletConfig();
244 MockServletContext context = new MockServletContext();
245 MockHttpSession session = new MockHttpSession();
246 session.setupServletContext(context);
247 MockHttpServletRequest request = new MockHttpServletRequest();
248 request.setupAddParameter("action", "constraints");
249 request.setupAddParameter("method", method);
250 request.setupAddParameter("xml", xml);
251 request.setupAddParameter("name", defName);
252 request.setSession(session);
253 MockHttpServletResponse response = new MockHttpServletResponse();
254
255 final RequestContext rc =
256 new JetspeedRequestContext(request, response, config, null);
257
258 Set principals = new HashSet();
259 principals.add(new UserPrincipalImpl("admin"));
260 principals.add(new RolePrincipalImpl("admin"));
261 Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
262
263 JSSubject.doAsPrivileged(subject, new PrivilegedAction()
264 {
265 public Object run()
266 {
267 try
268 {
269 valve.invoke(rc, null);
270 return null;
271 }
272 catch (PipelineException e)
273 {
274 return e;
275 }
276 }
277 }, null);
278
279
280 }
281
282
283 }