1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.taglibs.velocity;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.Authentication;
21  import org.acegisecurity.GrantedAuthority;
22  import org.acegisecurity.MockAclManager;
23  
24  import org.acegisecurity.acl.AclEntry;
25  import org.acegisecurity.acl.AclManager;
26  import org.acegisecurity.acl.basic.MockAclObjectIdentity;
27  import org.acegisecurity.acl.basic.SimpleAclEntry;
28  
29  import org.acegisecurity.context.SecurityContextHolder;
30  
31  import org.acegisecurity.providers.TestingAuthenticationToken;
32  
33  import org.acegisecurity.userdetails.User;
34  
35  import org.springframework.context.ConfigurableApplicationContext;
36  import org.springframework.context.support.StaticApplicationContext;
37  
38  
39  /***
40   * DOCUMENT ME!
41   */
42  public class AuthzImplTest extends TestCase {
43      //~ Instance fields ========================================================
44  
45      private Authz authz = new AuthzImpl();
46      private ConfigurableApplicationContext ctx;
47  
48      //~ Methods ================================================================
49  
50      protected void setUp() throws Exception {
51          super.setUp();
52  
53          /*String[] paths = { "applicationEmpty.xml" };
54             ctx = new ClassPathXmlApplicationContext(paths);*/
55          ctx = new StaticApplicationContext();
56  
57          // Create an AclManager
58          AclManager aclManager = new MockAclManager("object1", "marissa",
59                  new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
60                          "marissa", new MockAclObjectIdentity(), null,
61                          SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
62                          "marissa", new MockAclObjectIdentity(), null,
63                          SimpleAclEntry.READ)});
64  
65          // Register the AclManager into our ApplicationContext
66          ctx.getBeanFactory().registerSingleton("aclManager", aclManager);
67      }
68  
69      public void testIllegalArgumentExceptionThrownIfHasPermissionNotValidFormat() {
70          Authentication auth = new TestingAuthenticationToken("john", "crow",
71                  new GrantedAuthority[] {});
72          SecurityContextHolder.getContext().setAuthentication(auth);
73  
74          authz.setAppCtx(ctx);
75  
76          String permissions = "0,5, 6"; // shouldn't be any space
77  
78          try {
79              authz.hasPermission(null, permissions);
80          } catch (IllegalArgumentException iae) {
81              assertTrue(true);
82          }
83  
84          SecurityContextHolder.getContext().setAuthentication(null);
85      }
86  
87      public void testInclusionDeniedWhenAclManagerUnawareOfObject() {
88          Authentication auth = new TestingAuthenticationToken("marissa",
89                  "koala", new GrantedAuthority[] {});
90          SecurityContextHolder.getContext().setAuthentication(auth);
91  
92          authz.setAppCtx(ctx);
93  
94          boolean result = authz.hasPermission(new Integer(54),
95                  new Long(SimpleAclEntry.ADMINISTRATION).toString());
96  
97          assertFalse(result);
98  
99          SecurityContextHolder.getContext().setAuthentication(null);
100     }
101 
102     public void testInclusionDeniedWhenNoListOfPermissionsGiven() {
103         Authentication auth = new TestingAuthenticationToken("marissa",
104                 "koala", new GrantedAuthority[] {});
105         SecurityContextHolder.getContext().setAuthentication(auth);
106         authz.setAppCtx(ctx);
107 
108         boolean result = authz.hasPermission("object1", null);
109 
110         assertFalse(result);
111 
112         SecurityContextHolder.getContext().setAuthentication(null);
113     }
114 
115     public void testInclusionDeniedWhenPrincipalDoesNotHoldAnyPermissions() {
116         Authentication auth = new TestingAuthenticationToken("john", "crow",
117                 new GrantedAuthority[] {});
118         SecurityContextHolder.getContext().setAuthentication(auth);
119 
120         authz.setAppCtx(ctx);
121 
122         String permissions = new Integer(SimpleAclEntry.ADMINISTRATION) + ","
123             + new Integer(SimpleAclEntry.READ);
124 
125         boolean result = authz.hasPermission("object1", permissions);
126 
127         assertFalse(result);
128 
129         SecurityContextHolder.getContext().setAuthentication(null);
130     }
131 
132     public void testInclusionDeniedWhenPrincipalDoesNotHoldRequiredPermissions() {
133         Authentication auth = new TestingAuthenticationToken("marissa",
134                 "koala", new GrantedAuthority[] {});
135         SecurityContextHolder.getContext().setAuthentication(auth);
136         authz.setAppCtx(ctx);
137 
138         String permissions = new Integer(SimpleAclEntry.DELETE).toString();
139 
140         boolean result = authz.hasPermission("object1", permissions);
141 
142         assertFalse(result);
143 
144         SecurityContextHolder.getContext().setAuthentication(null);
145     }
146 
147     public void testInclusionDeniedWhenSecurityContextEmpty() {
148         SecurityContextHolder.getContext().setAuthentication(null);
149 
150         authz.setAppCtx(ctx);
151 
152         String permissions = new Long(SimpleAclEntry.ADMINISTRATION).toString();
153 
154         boolean result = authz.hasPermission("object1", permissions);
155 
156         assertFalse(result);
157 
158         SecurityContextHolder.getContext().setAuthentication(null);
159     }
160 
161     public void testInclusionPermittedWhenDomainObjectIsNull() {
162         authz.setAppCtx(ctx);
163 
164         String permissions = new Integer(SimpleAclEntry.READ).toString();
165 
166         boolean result = authz.hasPermission(null, permissions);
167 
168         assertTrue(result);
169     }
170 
171     public void testOperationWhenPrincipalHoldsPermissionOfMultipleList() {
172         Authentication auth = new TestingAuthenticationToken("marissa",
173                 "koala", new GrantedAuthority[] {});
174         SecurityContextHolder.getContext().setAuthentication(auth);
175 
176         authz.setAppCtx(ctx);
177 
178         String permissions = new Integer(SimpleAclEntry.ADMINISTRATION) + ","
179             + new Integer(SimpleAclEntry.READ);
180 
181         boolean result = authz.hasPermission("object1", permissions);
182 
183         assertTrue(result);
184 
185         SecurityContextHolder.getContext().setAuthentication(null);
186     }
187 
188     public void testOperationWhenPrincipalHoldsPermissionOfSingleList() {
189         Authentication auth = new TestingAuthenticationToken("marissa",
190                 "koala", new GrantedAuthority[] {});
191         SecurityContextHolder.getContext().setAuthentication(auth);
192 
193         authz.setAppCtx(ctx);
194 
195         String permissions = new Integer(SimpleAclEntry.READ).toString();
196 
197         boolean result = authz.hasPermission("object1", permissions);
198 
199         assertTrue(result);
200         SecurityContextHolder.getContext().setAuthentication(null);
201     }
202 
203     /*
204      * Test method for 'com.alibaba.exodus2.web.common.security.pulltool.AuthzImpl.getPrincipal()'
205      */
206     public void testOperationWhenPrincipalIsAString() {
207         Authentication auth = new TestingAuthenticationToken("marissaAsString",
208                 "koala", new GrantedAuthority[] {});
209         SecurityContextHolder.getContext().setAuthentication(auth);
210 
211         assertEquals("marissaAsString", authz.getPrincipal());
212     }
213 
214     public void testOperationWhenPrincipalIsAUserDetailsInstance() {
215         Authentication auth = new TestingAuthenticationToken(new User(
216                     "marissaUserDetails", "koala", true, true, true, true,
217                     new GrantedAuthority[] {}), "koala",
218                 new GrantedAuthority[] {});
219         SecurityContextHolder.getContext().setAuthentication(auth);
220 
221         assertEquals("marissaUserDetails", authz.getPrincipal());
222     }
223 
224     public void testOperationWhenPrincipalIsNull() {
225         Authentication auth = new TestingAuthenticationToken(null, "koala",
226                 new GrantedAuthority[] {});
227         SecurityContextHolder.getContext().setAuthentication(auth);
228 
229         assertNull(authz.getPrincipal());
230     }
231 
232     public void testOperationWhenSecurityContextIsNull() {
233         SecurityContextHolder.getContext().setAuthentication(null);
234 
235         assertEquals(null, authz.getPrincipal());
236 
237         SecurityContextHolder.getContext().setAuthentication(null);
238     }
239 
240     //~ Inner Classes ==========================================================
241 
242     private class MockAclEntry implements AclEntry {
243         private static final long serialVersionUID = 1L;
244 
245         // just so AclTag iterates some different types of AclEntrys
246     }
247 }