1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security;
18  
19  import java.security.AccessControlException;
20  import java.security.AccessController;
21  import java.security.PrivilegedAction;
22  
23  import javax.security.auth.login.LoginContext;
24  import javax.security.auth.login.LoginException;
25  
26  import junit.framework.Test;
27  import junit.framework.TestSuite;
28  
29  import org.apache.jetspeed.security.FolderPermission;
30  import org.apache.jetspeed.security.SecurityException;
31  import org.apache.jetspeed.security.UserPrincipal;
32  import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
33  import org.apache.jetspeed.security.impl.UserPrincipalImpl;
34  import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
35  
36  /***
37   * @author <a href="mailto:christophe.lombart@sword-technologies.com">Christophe Lombart</a>
38   * @version $Id: TestRdbmsPolicyFolder.java 517121 2007-03-12 07:45:49Z ate $
39   */
40  public class TestRdbmsPolicyFolder extends AbstractSecurityTestcase
41  {
42      /*** <p>The JAAS login context.</p> */
43      private LoginContext loginContext = null;
44  
45      /***
46       * @see junit.framework.TestCase#setUp()
47       */
48      public void setUp() throws Exception
49      {
50          super.setUp();
51  
52          initUser();
53  
54          // Let's login in.
55          try
56          {
57              System.out.println("\t\t[TestRdbmsPolicy - Folder] Creating login context.");
58              PassiveCallbackHandler pch = new PassiveCallbackHandler("anon", "password");
59              loginContext = new LoginContext("jetspeed", pch);
60              loginContext.login();
61          }
62          catch (LoginException le)
63          {
64              le.printStackTrace();
65              assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to setup test.", false);
66          }
67  
68      }
69  
70      /***
71       * @see junit.framework.TestCase#tearDown()
72       */
73      public void tearDown() throws Exception
74      {
75  
76          // Logout.
77          try
78          {
79              loginContext.logout();
80          }
81          catch (LoginException le)
82          {
83              le.printStackTrace();
84              assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to tear down test.", false);
85          }
86          destroyUser();
87          super.tearDown();
88      }
89  
90      public static Test suite()
91      {
92          // All methods starting with "test" will be executed in the test suite.
93          return new TestSuite(TestRdbmsPolicy.class);
94      }
95  
96      /***
97       * Test simple permission on one document
98       *
99       */
100     public void testSimplePermission()
101     {
102 
103         try
104         {
105             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
106             {
107                 public Object run()
108                 {
109                     FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
110                     AccessController.checkPermission(perm1);
111                     return null;
112                 }
113             });
114         }
115         catch (AccessControlException ace)
116         {
117             assertTrue("did not authorize view permission on the Folder.", false);
118         }
119 
120         // Should be denied.
121         try
122         {
123             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
124             {
125                 public Object run()
126                 {
127                     FolderPermission perm2 = new FolderPermission("/files/test.xml", "secure");
128                     AccessController.checkPermission(perm2);
129                     return null;
130                 }
131             });
132             assertTrue("did not deny update permission on the folder.", false);
133         }
134         catch (AccessControlException ace)
135         {
136         }
137     }
138 
139     /***
140      * Test permissions with wild card (eg. /file/*) & with recursive setting (eg. /files/- ) 
141      *
142      */
143     public void testAdvancedPermission()
144     {
145 
146         try
147         {
148             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
149             {
150                 public Object run()
151                 {
152                     FolderPermission perm1 = new FolderPermission("/files/subfolder1/test.xml", "view");
153                     AccessController.checkPermission(perm1);
154                     return null;
155                 }
156             });
157         }
158         catch (AccessControlException ace)
159         {
160             fail("did not authorize view permission on the Folder.");
161         }
162 
163         
164         try
165         {
166             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
167             {
168                 public Object run()
169                 {
170                     FolderPermission perm1 = new FolderPermission("/files/subfolder1/foo", "view");
171                     AccessController.checkPermission(perm1);
172                     return null;
173                 }
174             });
175         }
176         catch (AccessControlException ace)
177         {
178             fail("did not authorize view permission on the Folder.");
179         }  
180         
181         try
182         {
183             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
184             {
185                 public Object run()
186                 {
187                     FolderPermission perm1 = new FolderPermission("/files/subfolder1/foo/anotherdoc.xml", "view");
188                     AccessController.checkPermission(perm1);
189                     return null;
190                 }
191             });
192             fail("Permission error - should not view the document ");
193         }
194         catch (AccessControlException ace)
195         {
196             // Correct behavior - not authorise to view the document
197         }         
198         
199         try
200         {
201             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
202             {
203                 public Object run()
204                 {
205                     FolderPermission perm1 = new FolderPermission("/files/subfolder2/test.xml", "view");
206                     AccessController.checkPermission(perm1);
207                     return null;
208                 }
209             });
210         }
211         catch (AccessControlException ace)
212         {
213             fail("did not authorize view permission on the Folder.");
214         }
215 
216         
217         try
218         {
219             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
220             {
221                 public Object run()
222                 {
223                     FolderPermission perm1 = new FolderPermission("/files/subfolder2/foo", "view");
224                     AccessController.checkPermission(perm1);
225                     return null;
226                 }
227             });
228         }
229         catch (AccessControlException ace)
230         {
231             fail("did not authorize view permission on the Folder.");
232         }
233         
234         try
235         {
236             JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
237             {
238                 public Object run()
239                 {
240                     FolderPermission perm1 = new FolderPermission("/files/subfolder2/foo/anotherdoc.xml", "view");
241                     AccessController.checkPermission(perm1);
242                     return null;
243                 }
244             });
245         }
246         catch (AccessControlException ace)
247         {
248             fail("did not authorize view permission on the Folder.");
249         }                
250     }
251 
252 
253     /***
254      * <p>Initialize user test object.</p>
255      */
256     protected void initUser()
257     {
258         try
259         {
260             ums.addUser("anon", "password");
261         }
262         catch (SecurityException sex)
263         {
264         }
265         
266         UserPrincipal user = new UserPrincipalImpl("anon");
267 
268         FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
269         FolderPermission perm2 = new FolderPermission("/files/subfolder1/*", "view");
270         FolderPermission perm3 = new FolderPermission("/files/subfolder2/-", "view");
271         try
272         {
273             pms.addPermission(perm1);
274             pms.addPermission(perm2);
275             pms.addPermission(perm3);
276             
277             pms.grantPermission(user, perm1);
278             pms.grantPermission(user, perm2);
279             pms.grantPermission(user, perm3);
280         }
281         catch (SecurityException sex)
282         {
283             sex.printStackTrace();
284         }
285     }
286 
287     /***
288      * <p>Destroy user test object.</p>
289      */
290     protected void destroyUser() throws Exception
291     {
292         ums.removeUser("anon");
293 
294         FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
295         FolderPermission perm2 = new FolderPermission("/files/subfolder1/*", "view");
296         FolderPermission perm3 = new FolderPermission("/files/subfolder2/-", "view");
297         pms.removePermission(perm1);
298         pms.removePermission(perm2);
299         pms.removePermission(perm3);
300     }
301 
302 }