1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security;
18
19 import java.security.Principal;
20 import java.util.Collection;
21 import java.util.Iterator;
22 import java.util.prefs.Preferences;
23
24 import junit.framework.Test;
25 import junit.framework.TestSuite;
26
27 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
28 import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
29
30 /***
31 * <p>
32 * Unit testing for {@link RoleManager}.
33 * </p>
34 *
35 * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
36 * @version $Id: TestRoleManager.java 517719 2007-03-13 15:05:48Z ate $
37 */
38 public class TestRoleManager extends AbstractSecurityTestcase
39 {
40 /***
41 * @see junit.framework.TestCase#setUp()
42 */
43 protected void setUp() throws Exception
44 {
45 super.setUp();
46 destroyRoles();
47 }
48
49 /***
50 * @see junit.framework.TestCase#tearDown()
51 */
52 public void tearDown() throws Exception
53 {
54 destroyRoles();
55 super.tearDown();
56 }
57
58 public static Test suite()
59 {
60
61 return new TestSuite(TestRoleManager.class);
62 }
63
64 /***
65 * <p>
66 * Test add role.
67 * </p>
68 */
69 public void testAddRole()
70 {
71 try
72 {
73 rms.addRole("testrole");
74 }
75 catch (SecurityException sex)
76 {
77 assertTrue("role should not already exists. exception caught: " + sex, false);
78 }
79 try
80 {
81 rms.addRole("testrole.newrole0");
82 }
83 catch (SecurityException sex)
84 {
85 assertTrue("role should not already exists. exception caught: " + sex, false);
86 }
87
88 try
89 {
90 rms.addRole("testrole.newrole0");
91 assertTrue("role should already exists. exception not thrown.", false);
92 }
93 catch (SecurityException sex)
94 {
95 }
96
97 try
98 {
99 rms.removeRole("testrole");
100 }
101 catch (SecurityException sex)
102 {
103 assertTrue("could not remove role. exception caught: " + sex, false);
104 }
105 }
106
107 /***
108 * <p>
109 * Test add user to role.
110 * </p>
111 */
112 public void testAddRoleToUser()
113 {
114
115 try
116 {
117 ums.addUser("anonuser1", "password");
118 rms.addRole("testusertorole1");
119 rms.addRole("testusertorole1.role1");
120 rms.addRole("testusertorole1.role2");
121 }
122 catch (SecurityException sex)
123 {
124 assertTrue("failed to init testAddRoleToUser(), " + sex, false);
125 }
126
127 try
128 {
129 rms.addRoleToUser("anonuser1", "testusertorole1.role1");
130
131 Collection principals = ums.getUser("anonuser1").getSubject().getPrincipals();
132 assertTrue("anonuser1 should contain testusertorole1.role1", principals.contains(new RolePrincipalImpl(
133 "testusertorole1.role1")));
134 }
135 catch (SecurityException sex)
136 {
137 assertTrue("should add user to role. exception caught: " + sex, false);
138 }
139
140 try
141 {
142 rms.addRoleToUser("anonuser1", "testusertorole1.role2");
143 Collection principals = ums.getUser("anonuser1").getSubject().getPrincipals();
144 assertTrue("anonuser1 should contain testusertorole1.role2", principals.contains(new RolePrincipalImpl(
145 "testusertorole1.role2")));
146 }
147 catch (SecurityException sex)
148 {
149 assertTrue("should add user to role. exception caught: " + sex, false);
150 }
151
152 try
153 {
154 rms.addRoleToUser("anonuser123", "testusertorole1.role2");
155 assertTrue("should catch exception: user does not exist.", false);
156 }
157 catch (SecurityException sex)
158 {
159 }
160
161 try
162 {
163 rms.addRoleToUser("anonuser1", "testusertorole1.role123");
164 assertTrue("should catch exception: role does not exist.", false);
165 }
166 catch (SecurityException sex)
167 {
168 }
169
170
171 try
172 {
173 ums.removeUser("anonuser1");
174 rms.removeRole("testusertorole1");
175 }
176 catch (SecurityException sex)
177 {
178 assertTrue("could not remove user and role. exception caught: " + sex, false);
179 }
180 }
181
182 /***
183 * <p>
184 * Test remove role.
185 * </p>
186 */
187 public void testRemoveRole()
188 {
189
190 try
191 {
192 ums.addUser("anonuser2", "password");
193 rms.addRole("testrole1");
194 rms.addRole("testrole1.role1");
195 rms.addRole("testrole1.role2");
196 rms.addRole("testrole2");
197 rms.addRole("testrole2.role1");
198 rms.addRole("testrole2.role2");
199 rms.addRoleToUser("anonuser2", "testrole1.role1");
200 rms.addRoleToUser("anonuser2", "testrole1.role2");
201 rms.addRoleToUser("anonuser2", "testrole2.role1");
202 }
203 catch (SecurityException sex)
204 {
205 assertTrue("failed to init testRemoveRole(), " + sex, false);
206 }
207
208 try
209 {
210 rms.removeRole("testrole1.role1");
211 Collection principals = ums.getUser("anonuser2").getSubject().getPrincipals();
212
213 assertEquals("principal size should be == 5 after removing testrole1.role1, for principals: "
214 + principals.toString(), 5, principals.size());
215 assertFalse("anonuser2 should not contain testrole1.role1", principals.contains(new RolePrincipalImpl(
216 "testrole1.role1")));
217
218 rms.removeRole("testrole2");
219 boolean roleExists = rms.roleExists("testrole2.role1");
220 assertFalse(roleExists);
221 roleExists = rms.roleExists("testrole2.role2");
222 assertFalse(roleExists);
223 }
224 catch (SecurityException sex)
225 {
226 assertTrue("should remove role. exception caught: " + sex, false);
227 }
228
229
230 try
231 {
232 ums.removeUser("anonuser2");
233 rms.removeRole("testrole1");
234 }
235 catch (SecurityException sex)
236 {
237 assertTrue("could not remove user and role. exception caught: " + sex, false);
238 }
239 }
240
241 /***
242 * <p>
243 * Test get role.
244 * </p>
245 */
246 public void testGetRole()
247 {
248
249 try
250 {
251 rms.getRole("testroledoesnotexist");
252 assertTrue("role does not exist. should have thrown an exception.", false);
253 }
254 catch (SecurityException sex)
255 {
256 }
257
258 Role role = null;
259 try
260 {
261 rms.addRole("testgetrole");
262 role = rms.getRole("testgetrole");
263 }
264 catch (SecurityException sex)
265 {
266 assertTrue("role exists. should not have thrown an exception.", false);
267 }
268 assertNotNull("role is null", role);
269
270 Principal rolePrincipal = role.getPrincipal();
271 assertNotNull("role principal is null", rolePrincipal);
272 assertEquals("expected role principal full path name == testgetrole", "testgetrole", rolePrincipal.getName());
273
274
275 Preferences preferences = role.getPreferences();
276 assertEquals("expected role node == /role/testgetrole", SecurityHelper.getPreferencesFullPath(rolePrincipal),
277 preferences.absolutePath());
278
279
280 try
281 {
282 rms.removeRole("testgetrole");
283 }
284 catch (SecurityException sex)
285 {
286 assertTrue("could not remove role. exception caught: " + sex, false);
287 }
288 }
289
290 /***
291 * <p>
292 * Test get roles for user.
293 * </p>
294 */
295 public void testGetRolesForUser()
296 {
297
298 try
299 {
300 ums.addUser("anonuser3", "password");
301 rms.addRole("testuserrolemapping");
302 rms.addRole("testuserrolemapping.role1");
303 rms.addRole("testuserrolemapping2.role2");
304 rms.addRoleToUser("anonuser3", "testuserrolemapping");
305 rms.addRoleToUser("anonuser3", "testuserrolemapping.role1");
306 rms.addRoleToUser("anonuser3", "testuserrolemapping2.role2");
307 }
308 catch (SecurityException sex)
309 {
310 assertTrue("failed to init testGetRolesForUser(), " + sex, false);
311 }
312
313 try
314 {
315 Collection roles = rms.getRolesForUser("anonuser3");
316 assertEquals("roles size should be == 4", 4, roles.size());
317 }
318 catch (SecurityException sex)
319 {
320 assertTrue("user exists. should not have thrown an exception: " + sex, false);
321 }
322
323
324 try
325 {
326 ums.removeUser("anonuser3");
327 rms.removeRole("testuserrolemapping");
328 rms.removeRole("testuserrolemapping2");
329 }
330 catch (SecurityException sex)
331 {
332 assertTrue("could not remove user and role. exception caught: " + sex, false);
333 }
334 }
335
336 /***
337 * <p>
338 * Test get roles in group.
339 * </p>
340 */
341 public void testGetRolesInGroup()
342 {
343
344 try
345 {
346 rms.addRole("testuserrolemapping");
347 rms.addRole("testuserrolemapping.role1");
348 rms.addRole("testuserrolemapping.role3");
349 gms.addGroup("testrolegroupmapping");
350 rms.addRoleToGroup("testuserrolemapping", "testrolegroupmapping");
351 rms.addRoleToGroup("testuserrolemapping.role1", "testrolegroupmapping");
352 rms.addRoleToGroup("testuserrolemapping.role3", "testrolegroupmapping");
353 }
354 catch (SecurityException sex)
355 {
356 assertTrue("failed to init testGetRolesForGroup(), " + sex, false);
357 }
358
359 try
360 {
361 Collection roles = rms.getRolesInGroup("testrolegroupmapping");
362 assertEquals("roles size should be == 3", 3, roles.size());
363 }
364 catch (SecurityException sex)
365 {
366 assertTrue("group exists. should not have thrown an exception: " + sex, false);
367 }
368
369
370 try
371 {
372 rms.removeRole("testuserrolemapping");
373 gms.removeGroup("testrolegroupmapping");
374 }
375 catch (SecurityException sex)
376 {
377 assertTrue("could not remove role and group. exception caught: " + sex, false);
378 }
379 }
380
381 /***
382 * <p>
383 * Test remove role from user.
384 * </p>
385 */
386 public void testRemoveRoleFromUser()
387 {
388
389 try
390 {
391 ums.addUser("anonuser5", "password");
392 rms.addRole("testrole3");
393 rms.addRoleToUser("anonuser5", "testrole3");
394 }
395 catch (SecurityException sex)
396 {
397 assertTrue("failed to init testRemoveRoleFromUser(), " + sex, false);
398 }
399
400 try
401 {
402 rms.removeRoleFromUser("anonuser5", "testrole3");
403 Collection roles = rms.getRolesForUser("anonuser5");
404 assertEquals("roles size should be == 0", 0, roles.size());
405 }
406 catch (SecurityException sex)
407 {
408 assertTrue("user exists. should not have thrown an exception: " + sex, false);
409 }
410
411
412 try
413 {
414 ums.removeUser("anonuser5");
415 rms.removeRole("testrole3");
416 }
417 catch (SecurityException sex)
418 {
419 assertTrue("could not remove user and role. exception caught: " + sex, false);
420 }
421 }
422
423 /***
424 * <p>
425 * Test is user in role.
426 * </p>
427 */
428 public void testIsUserInRole()
429 {
430
431 try
432 {
433 ums.addUser("anonuser4", "password");
434 rms.addRole("testuserrolemapping");
435 rms.addRoleToUser("anonuser4", "testuserrolemapping");
436 }
437 catch (SecurityException sex)
438 {
439 assertTrue("failed to init testIsUserInRole(), " + sex, false);
440 }
441
442 try
443 {
444 boolean isUserInRole = rms.isUserInRole("anonuser4", "testuserrolemapping");
445 assertTrue("anonuser4 should be in role testuserrolemapping", isUserInRole);
446 }
447 catch (SecurityException sex)
448 {
449 assertTrue("user and role exist. should not have thrown an exception: " + sex, false);
450 }
451
452
453 try
454 {
455 ums.removeUser("anonuser4");
456 rms.removeRole("testuserrolemapping");
457 }
458 catch (SecurityException sex)
459 {
460 assertTrue("could not remove user and role. exception caught: " + sex, false);
461 }
462 }
463
464 /***
465 * <p>
466 * Test remove role from group.
467 * </p>
468 */
469 public void testRemoveRoleFromGroup()
470 {
471
472 try
473 {
474 rms.addRole("testuserrolemapping");
475 rms.addRole("testuserrolemapping.role1");
476 rms.addRole("testuserrolemapping.role3");
477 gms.addGroup("testrolegroupmapping");
478 rms.addRoleToGroup("testuserrolemapping", "testrolegroupmapping");
479 rms.addRoleToGroup("testuserrolemapping.role1", "testrolegroupmapping");
480 rms.addRoleToGroup("testuserrolemapping.role3", "testrolegroupmapping");
481 }
482 catch (SecurityException sex)
483 {
484 assertTrue("failed to init testRemoveRoleFromGroup(), " + sex, false);
485 }
486
487 try
488 {
489 rms.removeRoleFromGroup("testuserrolemapping.role3", "testrolegroupmapping");
490 Collection roles = rms.getRolesInGroup("testrolegroupmapping");
491 assertEquals("roles size should be == 2", 2, roles.size());
492 }
493 catch (SecurityException sex)
494 {
495 assertTrue("group exists. should not have thrown an exception: " + sex, false);
496 }
497
498
499 try
500 {
501 rms.removeRole("testuserrolemapping");
502 gms.removeGroup("testrolegroupmapping");
503 }
504 catch (SecurityException sex)
505 {
506 assertTrue("could not remove group and role. exception caught: " + sex, false);
507 }
508 }
509
510 /***
511 * <p>
512 * Test is user in role.
513 * </p>
514 */
515 public void testIsGroupInRole()
516 {
517
518 try
519 {
520 rms.addRole("testuserrolemapping");
521 gms.addGroup("testrolegroupmapping");
522 rms.addRoleToGroup("testuserrolemapping", "testrolegroupmapping");
523 }
524 catch (SecurityException sex)
525 {
526 assertTrue("failed to init testIsGroupInRole(), " + sex, false);
527 }
528 try
529 {
530 boolean isGroupInRole = rms.isGroupInRole("testrolegroupmapping", "testuserrolemapping");
531 assertTrue("testrolegroupmapping should be in role testuserrolemapping", isGroupInRole);
532 }
533 catch (SecurityException sex)
534 {
535 assertTrue("group and role exist. should not have thrown an exception: " + sex, false);
536 }
537
538
539 try
540 {
541 rms.removeRole("testuserrolemapping");
542 gms.removeGroup("testrolegroupmapping");
543 }
544 catch (SecurityException sex)
545 {
546 assertTrue("could not remove role and group. exception caught: " + sex, false);
547 }
548 }
549
550 /***
551 * <p>
552 * Destroy role test objects.
553 * </p>
554 */
555 protected void destroyRoles()
556 {
557 final String[] users = new String[] { "anonuser1", "anonuser2", "anonuser3", "anonuser4", "anonuser5", };
558 final String[] roles = new String[] { "testrole", "testrole1", "testrole2", "testrole3", "testgetrole",
559 "testusertorole1", "testuserrolemapping.role1", "testuserrolemapping2.role2", "testuserrolemapping","testuserrolemapping2" };
560 final String[] groups = new String[] { "testusertorole1" };
561
562 for (int i = 0; i < users.length; i++)
563 {
564 try
565 {
566 ums.removeUser(users[i]);
567 }
568 catch (SecurityException e)
569 {
570 System.err.println(e.toString());
571 }
572 }
573
574 for (int i = 0; i < roles.length; i++)
575 {
576 try
577 {
578 rms.removeRole(roles[i]);
579 }
580 catch (SecurityException e)
581 {
582 System.err.println(e.toString());
583 }
584 }
585
586 for (int i = 0; i < groups.length; i++)
587 {
588 try
589 {
590 gms.removeGroup(groups[i]);
591 }
592 catch (SecurityException e)
593 {
594 System.err.println(e.toString());
595 }
596 }
597 }
598
599 /***
600 * <p>
601 * Test get roles.
602 * </p>
603 *
604 * @throws Exception Throws an exception.
605 */
606 public void testGetRoles() throws Exception
607 {
608 int roleCount = 0;
609 int rolesAdded = 0;
610 Iterator it = rms.getRoles("");
611 while (it.hasNext())
612 {
613 it.next();
614 roleCount++;
615 }
616 ums.addUser("notme", "one-pw");
617 gms.addGroup("g1");
618 rms.addRole("r1");
619 rms.addRole("r2");
620 rms.addRole("r3");
621 rolesAdded = 3;
622
623 int count = 0;
624
625 it = rms.getRoles("");
626 while (it.hasNext())
627 {
628 it.next();
629 count++;
630 }
631 ums.removeUser("notme");
632 gms.removeGroup("g1");
633 rms.removeRole("r1");
634 rms.removeRole("r2");
635 rms.removeRole("r3");
636 assertTrue("role count should be " + (rolesAdded + roleCount), count == (rolesAdded + roleCount));
637
638 }
639
640 }