1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security;
18
19 import java.security.AccessControlException;
20 import java.security.AccessController;
21 import java.security.PrivilegedAction;
22
23 import javax.security.auth.login.LoginContext;
24 import javax.security.auth.login.LoginException;
25
26 import junit.framework.Test;
27 import junit.framework.TestSuite;
28
29 import org.apache.jetspeed.security.FolderPermission;
30 import org.apache.jetspeed.security.SecurityException;
31 import org.apache.jetspeed.security.UserPrincipal;
32 import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
33 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
34 import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
35
36 /***
37 * @author <a href="mailto:christophe.lombart@sword-technologies.com">Christophe Lombart</a>
38 * @version $Id: TestRdbmsPolicyFolder.java 517121 2007-03-12 07:45:49Z ate $
39 */
40 public class TestRdbmsPolicyFolder extends AbstractSecurityTestcase
41 {
42 /*** <p>The JAAS login context.</p> */
43 private LoginContext loginContext = null;
44
45 /***
46 * @see junit.framework.TestCase#setUp()
47 */
48 public void setUp() throws Exception
49 {
50 super.setUp();
51
52 initUser();
53
54
55 try
56 {
57 System.out.println("\t\t[TestRdbmsPolicy - Folder] Creating login context.");
58 PassiveCallbackHandler pch = new PassiveCallbackHandler("anon", "password");
59 loginContext = new LoginContext("jetspeed", pch);
60 loginContext.login();
61 }
62 catch (LoginException le)
63 {
64 le.printStackTrace();
65 assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to setup test.", false);
66 }
67
68 }
69
70 /***
71 * @see junit.framework.TestCase#tearDown()
72 */
73 public void tearDown() throws Exception
74 {
75
76
77 try
78 {
79 loginContext.logout();
80 }
81 catch (LoginException le)
82 {
83 le.printStackTrace();
84 assertTrue("\t\t[TestRdbmsPolicy - Folder] Failed to tear down test.", false);
85 }
86 destroyUser();
87 super.tearDown();
88 }
89
90 public static Test suite()
91 {
92
93 return new TestSuite(TestRdbmsPolicy.class);
94 }
95
96 /***
97 * Test simple permission on one document
98 *
99 */
100 public void testSimplePermission()
101 {
102
103 try
104 {
105 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
106 {
107 public Object run()
108 {
109 FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
110 AccessController.checkPermission(perm1);
111 return null;
112 }
113 });
114 }
115 catch (AccessControlException ace)
116 {
117 assertTrue("did not authorize view permission on the Folder.", false);
118 }
119
120
121 try
122 {
123 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
124 {
125 public Object run()
126 {
127 FolderPermission perm2 = new FolderPermission("/files/test.xml", "secure");
128 AccessController.checkPermission(perm2);
129 return null;
130 }
131 });
132 assertTrue("did not deny update permission on the folder.", false);
133 }
134 catch (AccessControlException ace)
135 {
136 }
137 }
138
139 /***
140 * Test permissions with wild card (eg. /file/*) & with recursive setting (eg. /files/- )
141 *
142 */
143 public void testAdvancedPermission()
144 {
145
146 try
147 {
148 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
149 {
150 public Object run()
151 {
152 FolderPermission perm1 = new FolderPermission("/files/subfolder1/test.xml", "view");
153 AccessController.checkPermission(perm1);
154 return null;
155 }
156 });
157 }
158 catch (AccessControlException ace)
159 {
160 fail("did not authorize view permission on the Folder.");
161 }
162
163
164 try
165 {
166 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
167 {
168 public Object run()
169 {
170 FolderPermission perm1 = new FolderPermission("/files/subfolder1/foo", "view");
171 AccessController.checkPermission(perm1);
172 return null;
173 }
174 });
175 }
176 catch (AccessControlException ace)
177 {
178 fail("did not authorize view permission on the Folder.");
179 }
180
181 try
182 {
183 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
184 {
185 public Object run()
186 {
187 FolderPermission perm1 = new FolderPermission("/files/subfolder1/foo/anotherdoc.xml", "view");
188 AccessController.checkPermission(perm1);
189 return null;
190 }
191 });
192 fail("Permission error - should not view the document ");
193 }
194 catch (AccessControlException ace)
195 {
196
197 }
198
199 try
200 {
201 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
202 {
203 public Object run()
204 {
205 FolderPermission perm1 = new FolderPermission("/files/subfolder2/test.xml", "view");
206 AccessController.checkPermission(perm1);
207 return null;
208 }
209 });
210 }
211 catch (AccessControlException ace)
212 {
213 fail("did not authorize view permission on the Folder.");
214 }
215
216
217 try
218 {
219 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
220 {
221 public Object run()
222 {
223 FolderPermission perm1 = new FolderPermission("/files/subfolder2/foo", "view");
224 AccessController.checkPermission(perm1);
225 return null;
226 }
227 });
228 }
229 catch (AccessControlException ace)
230 {
231 fail("did not authorize view permission on the Folder.");
232 }
233
234 try
235 {
236 JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
237 {
238 public Object run()
239 {
240 FolderPermission perm1 = new FolderPermission("/files/subfolder2/foo/anotherdoc.xml", "view");
241 AccessController.checkPermission(perm1);
242 return null;
243 }
244 });
245 }
246 catch (AccessControlException ace)
247 {
248 fail("did not authorize view permission on the Folder.");
249 }
250 }
251
252
253 /***
254 * <p>Initialize user test object.</p>
255 */
256 protected void initUser()
257 {
258 try
259 {
260 ums.addUser("anon", "password");
261 }
262 catch (SecurityException sex)
263 {
264 }
265
266 UserPrincipal user = new UserPrincipalImpl("anon");
267
268 FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
269 FolderPermission perm2 = new FolderPermission("/files/subfolder1/*", "view");
270 FolderPermission perm3 = new FolderPermission("/files/subfolder2/-", "view");
271 try
272 {
273 pms.addPermission(perm1);
274 pms.addPermission(perm2);
275 pms.addPermission(perm3);
276
277 pms.grantPermission(user, perm1);
278 pms.grantPermission(user, perm2);
279 pms.grantPermission(user, perm3);
280 }
281 catch (SecurityException sex)
282 {
283 sex.printStackTrace();
284 }
285 }
286
287 /***
288 * <p>Destroy user test object.</p>
289 */
290 protected void destroyUser() throws Exception
291 {
292 ums.removeUser("anon");
293
294 FolderPermission perm1 = new FolderPermission("/files/test.xml", "edit");
295 FolderPermission perm2 = new FolderPermission("/files/subfolder1/*", "view");
296 FolderPermission perm3 = new FolderPermission("/files/subfolder2/-", "view");
297 pms.removePermission(perm1);
298 pms.removePermission(perm2);
299 pms.removePermission(perm3);
300 }
301
302 }