/** * Copyright (c) 2010, Sebastian Sdorra * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * 3. Neither the name of SCM-Manager; nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * http://bitbucket.org/sdorra/scm-manager * */ package sonia.scm.security; //~--- non-JDK imports -------------------------------------------------------- import org.apache.shiro.authz.UnauthorizedException; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.realm.SimpleAccountRealm; import org.junit.Before; import org.junit.Test; import sonia.scm.AbstractTestBase; import sonia.scm.store.JAXBConfigurationEntryStoreFactory; import sonia.scm.util.MockUtil; import java.util.List; import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.greaterThan; import static org.junit.Assert.*; //~--- JDK imports ------------------------------------------------------------ /** * * @author Sebastian Sdorra */ public class DefaultSecuritySystemTest extends AbstractTestBase { /** * Method description * */ @Before public void createSecuritySystem() { JAXBConfigurationEntryStoreFactory factory = new JAXBConfigurationEntryStoreFactory(new UUIDKeyGenerator(), contextProvider); securitySystem = new DefaultSecuritySystem(factory); // ScmEventBus.getInstance().register(listener); } /** * Method description * */ @Test public void testAddPermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); assertEquals("trillian", sap.getName()); assertEquals("repository:*:READ", sap.getPermission()); assertEquals(false, sap.isGroupPermission()); } /** * Method description * */ @Test public void testAvailablePermissions() { setAdminSubject(); List list = securitySystem.getAvailablePermissions(); assertNotNull(list); assertThat(list.size(), greaterThan(0)); } /** * Method description * */ @Test public void testDeletePermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); securitySystem.deletePermission(sap); assertNull(securitySystem.getPermission(sap.getId())); } /** * Method description * */ @Test public void testGetAllPermissions() { setAdminSubject(); StoredAssignedPermission trillian = createPermission("trillian", false, "repository:*:READ"); StoredAssignedPermission dent = createPermission("dent", false, "repository:*:READ"); StoredAssignedPermission marvin = createPermission("marvin", false, "repository:*:READ"); List all = securitySystem.getAllPermissions(); assertEquals(3, all.size()); assertThat(all, containsInAnyOrder(trillian, dent, marvin)); } /** * Method description * */ @Test public void testGetPermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); StoredAssignedPermission other = securitySystem.getPermission(sap.getId()); assertEquals(sap.getId(), other.getId()); assertEquals(sap, other); } /** * Method description * */ @Test public void testGetPermissionsWithPredicate() { setAdminSubject(); StoredAssignedPermission trillian = createPermission("trillian", false, "repository:*:READ"); StoredAssignedPermission dent = createPermission("dent", false, "repository:*:READ"); createPermission("hitchhiker", true, "repository:*:READ"); List filtered = securitySystem.getPermissions(input -> !(input != null && input.isGroupPermission())); assertEquals(2, filtered.size()); assertThat(filtered, containsInAnyOrder(trillian, dent)); } /** * Method description * */ @Test public void testModifyPermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); StoredAssignedPermission modified = new StoredAssignedPermission(sap.getId(), new AssignedPermission("trillian", "repository:*:WRITE")); securitySystem.modifyPermission(modified); sap = securitySystem.getPermission(modified.getId()); assertEquals(modified.getId(), sap.getId()); assertEquals(modified, sap); } /** * Method description * */ @Test(expected = UnauthorizedException.class) public void testUnauthorizedAddPermission() { setUserSubject(); createPermission("trillian", false, "repository:*:READ"); } /** * Method description * */ @Test(expected = UnauthorizedException.class) public void testUnauthorizedDeletePermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); setUserSubject(); securitySystem.deletePermission(sap); } /** * Method description * */ @Test(expected = UnauthorizedException.class) public void testUnauthorizedGetPermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); setUserSubject(); securitySystem.getPermission(sap.getId()); } /** * Method description * */ @Test(expected = UnauthorizedException.class) public void testUnauthorizedModifyPermission() { setAdminSubject(); StoredAssignedPermission sap = createPermission("trillian", false, "repository:*:READ"); setUserSubject(); securitySystem.modifyPermission(sap); } /** * Method description * * * @param name * @param groupPermission * @param value * * @return */ private StoredAssignedPermission createPermission(String name, boolean groupPermission, String value) { AssignedPermission ap = new AssignedPermission(name, groupPermission, value); StoredAssignedPermission sap = securitySystem.addPermission(ap); assertNotNull(sap); assertNotNull(sap.getId()); return sap; } //~--- set methods ---------------------------------------------------------- /** * Method description * */ private void setAdminSubject() { setSubject(MockUtil.createAdminSubject()); } /** * Method description * */ private void setUserSubject() { org.apache.shiro.mgt.SecurityManager sm = new DefaultSecurityManager(new SimpleAccountRealm()); setSubject(MockUtil.createUserSubject(sm)); } //~--- fields --------------------------------------------------------------- /** Field description */ private DefaultSecuritySystem securitySystem; }