1   package org.apache.turbine.services.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import junit.framework.Test;
23  import junit.framework.TestSuite;
24  
25  import org.apache.turbine.om.security.Group;
26  import org.apache.turbine.om.security.Role;
27  import org.apache.turbine.om.security.User;
28  import org.apache.turbine.test.BaseTurbineHsqlTest;
29  import org.apache.turbine.util.security.AccessControlList;
30  import org.apache.turbine.util.security.DataBackendException;
31  import org.apache.turbine.util.security.EntityExistsException;
32  import org.apache.turbine.util.security.PermissionSet;
33  import org.apache.turbine.util.security.RoleSet;
34  import org.apache.turbine.util.security.UnknownEntityException;
35  
36  public class TestSecurityRole
37          extends BaseTurbineHsqlTest
38  {
39      public TestSecurityRole(String name)
40              throws Exception
41      {
42          super(name, "conf/test/TurbineResources.properties");
43      }
44  
45      public static Test suite()
46      {
47          return new TestSuite(TestSecurityRole.class);
48      }
49  
50      public void testInit()
51      {
52          SecurityService ss = TurbineSecurity.getService();
53          assertTrue("Service failed to initialize", ss.getInit());
54      }
55  
56      public void testRoleByName()
57              throws Exception
58      {
59          SecurityService ss = TurbineSecurity.getService();
60  
61          Role role = ss.getRoleByName("User");
62          assertNotNull(role);
63          assertEquals(role.getName(), "User");
64      }
65  
66      public void testRoleById()
67              throws Exception
68      {
69          SecurityService ss = TurbineSecurity.getService();
70  
71          Role role = ss.getRoleById(2);
72          assertNotNull(role);
73          assertEquals(role.getName(), "Admin");
74      }
75  
76      public void testRolePermissions()
77              throws Exception
78      {
79          SecurityService ss = TurbineSecurity.getService();
80  
81          Role role = ss.getRoleByName("User");
82          assertNotNull(role);
83  
84          PermissionSet ps = ss.getPermissions(role);
85  
86          assertEquals(2, ps.size());
87      }
88  
89      public void testAllRoles()
90              throws Exception
91      {
92          SecurityService ss = TurbineSecurity.getService();
93  
94          RoleSet gs = ss.getAllRoles();
95  
96          assertEquals(2, gs.size());
97      }
98  
99  
100     public void testAddRole()
101     	throws Exception
102     {
103         SecurityService ss = TurbineSecurity.getService();
104 
105         Role newbie = ss.getRoleInstance();
106         newbie.setName("newbie");
107 
108         ss.addRole(newbie);
109 
110         assertEquals("Role was not added", 3, ss.getAllRoles().size());
111 
112         try
113         {
114             Role user = ss.getRoleByName("User");
115 
116             ss.addRole(user);
117             fail("Existing Role could be added!");
118         }
119         catch (Exception e)
120         {
121             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), EntityExistsException.class, e.getClass());
122         }
123 
124         try
125         {
126             Role empty = ss.getRoleInstance();
127 
128             ss.addRole(empty);
129             fail("Role with empty Rolename could be added!");
130         }
131         catch (Exception e)
132         {
133             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
134         }
135 
136         assertEquals("Role was not added", 3, ss.getAllRoles().size());
137     }
138 
139     public void testRemoveRole()
140     	throws Exception
141     {
142         SecurityService ss = TurbineSecurity.getService();
143 
144         assertEquals("Role was not added", 3, ss.getAllRoles().size());
145 
146         Role newbie = ss.getRoleByName("newbie");
147         assertNotNull(newbie);
148 
149         ss.removeRole(newbie);
150 
151         try
152         {
153             Role foo = ss.getRoleInstance();
154             foo.setName("foo");
155 
156             ss.removeRole(foo);
157             fail("Non Existing Role could be deleted!");
158         }
159         catch (Exception e)
160         {
161             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
162         }
163 
164         assertEquals("Role was not removed", 2, ss.getAllRoles().size());
165     }
166 
167     public void testGrantRole()
168             throws Exception
169     {
170         SecurityService ss = TurbineSecurity.getService();
171 
172         User admin = ss.getUser("admin");
173         assertNotNull(admin);
174 
175         Group global = ss.getGroupByName("global");
176         assertNotNull(global);
177 
178         Role app = ss.getRoleByName("User");
179         assertNotNull(app);
180 
181         AccessControlList acl = ss.getACL(admin);
182         assertFalse(acl.hasRole(app, global));
183 
184         ss.grant(admin, global, app);
185 
186         AccessControlList acl2 = ss.getACL(admin);
187         assertTrue(acl2.hasRole(app, global));
188 
189         // Get existing ACL modified?
190         assertFalse(acl.hasRole(app, global));
191 
192         try
193         {
194             ss.grant(admin, global, app);
195             fail("Role could be granted twice!");
196         }
197         catch (Exception e)
198         {
199             //
200             // Ugh. DataBackendError? This means that our query actually hit the database and only the "unique key"
201             // prevented us from a double entry. This seems to be a bug
202             //
203             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
204         }
205 
206         try
207         {
208             Role unknown = ss.getRoleInstance("unknown");
209 
210             ss.grant(admin, global, unknown);
211             fail("Nonexisting Role could be granted!");
212         }
213         catch (Exception e)
214         {
215             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
216         }
217 
218         try
219         {
220             Group unknown = ss.getGroupInstance("unknown");
221 
222             ss.grant(admin, unknown, app);
223             fail("Role in non existing group could be granted!");
224         }
225         catch (Exception e)
226         {
227             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
228         }
229     }
230 
231     public void testRevokeRole()
232             throws Exception
233     {
234         SecurityService ss = TurbineSecurity.getService();
235 
236         User admin = ss.getUser("admin");
237         assertNotNull(admin);
238 
239         Group global = ss.getGroupByName("global");
240         assertNotNull(global);
241 
242         Role app = ss.getRoleByName("User");
243         assertNotNull(app);
244 
245         AccessControlList acl = ss.getACL(admin);
246         assertTrue(acl.hasRole(app, global));
247 
248         ss.revoke(admin, global, app);
249 
250         AccessControlList acl2 = ss.getACL(admin);
251         assertFalse(acl2.hasRole(app, global));
252 
253         // Get existing ACL modified?
254         assertTrue(acl.hasRole(app, global));
255 
256          try
257          {
258              Role unknown = ss.getRoleInstance("unknown");
259              ss.revoke(admin, global, unknown);
260              fail("Nonexisting Role could be revoked!");
261          }
262          catch (Exception e)
263          {
264              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
265          }
266 
267         try
268         {
269             Group unknown = ss.getGroupInstance("unknown");
270             ss.revoke(admin, unknown, app);
271             fail("Role in non existing group could be revoked!");
272         }
273         catch (Exception e)
274         {
275             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
276 
277         }
278 
279 //
280 // One can revoke an existing role in an existing group, even if this role was
281 // never granted to an user. While this is not really a bug, this might be
282 // something that should be checked in the long run.
283 //
284 //        try
285 //        {
286 //            ss.revoke(admin, global, app);
287 //            fail("Role could be revoked twice!");
288 //        }
289 //        catch (Exception e)
290 //        {
291 //            assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
292 //        }
293 //
294 //        try
295 //        {
296 //            Role adm = ss.getRole("Admin");
297 //            ss.revoke(admin, global, adm);
298 //            fail("Role could be revoked from wrong group!");
299 //        }
300 //        catch (Exception e)
301 //        {
302 //            assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
303 //        }
304 //
305 //        try
306 //        {
307 //            Group turbine = ss.getGroup("Turbine");
308 //            ss.revoke(admin, turbine, app);
309 //            fail("Non existing Role could be revoked!");
310 //        }
311 //        catch (Exception e)
312 //        {
313 //            assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
314 //        }
315     }
316 
317     public void testRevokeAll()
318             throws Exception
319     {
320         SecurityService ss = TurbineSecurity.getService();
321 
322         User admin = ss.getUser("admin");
323         assertNotNull(admin);
324 
325         Group turbine = ss.getGroupByName("Turbine");
326         assertNotNull(turbine);
327 
328         AccessControlList acl = ss.getACL(admin);
329         assertEquals(1, acl.getRoles(turbine).size());
330 
331         ss.revokeAll(admin);
332 
333         AccessControlList acl2 = ss.getACL(admin);
334         assertEquals(0, acl2.getRoles(turbine).size());
335     }
336 
337     public void testSaveRole()
338     	throws Exception
339     {
340         SecurityService ss = TurbineSecurity.getService();
341 
342         Role admin = ss.getRoleByName("Admin");
343 
344         ss.saveRole(admin);
345 
346         try
347         {
348             Role fake = ss.getRoleInstance("fake");
349 
350             ss.saveRole(fake);
351             fail("Non Existing Role could be saved!");
352         }
353         catch (Exception e)
354         {
355             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
356         }
357     }
358 
359     public void testRenameRole()
360     	throws Exception
361     {
362         SecurityService ss = TurbineSecurity.getService();
363 
364         Role newbie = ss.getRoleInstance("newbie");
365         ss.addRole(newbie);
366 
367         Role test = ss.getRoleByName("newbie");
368         assertNotNull(test);
369 
370         ss.renameRole(test, "fake");
371 
372         Role fake = ss.getRoleByName("fake");
373         assertNotNull(fake);
374 
375 //
376 // Now this is a Turbine Bug...
377 //
378 //          try
379 //          {
380 //              RoleSet gs = ss.getRoles(new org.apache.torque.util.Criteria());
381 //              assertEquals(3, gs.size());
382 
383 //              ss.renameRole(fake, "Admin");
384 
385 //              RoleSet gs2 = ss.getRoles(new org.apache.torque.util.Criteria());
386 //              assertEquals("Two roles with the same name exist!", 2, gs2.size());
387 
388 //              fail("Role could be renamed to existing Role and got lost from the database!");
389 //          }
390 //          catch (Exception e)
391 //          {
392 //              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
393 //          }
394     }
395 }