1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.vote;
17  
18  import java.util.List;
19  import java.util.Vector;
20  
21  import junit.framework.TestCase;
22  
23  import org.acegisecurity.AccessDeniedException;
24  import org.acegisecurity.ConfigAttributeDefinition;
25  import org.acegisecurity.GrantedAuthority;
26  import org.acegisecurity.GrantedAuthorityImpl;
27  import org.acegisecurity.SecurityConfig;
28  import org.acegisecurity.providers.TestingAuthenticationToken;
29  
30  
31  /***
32   * Tests {@link ConsensusBased}.
33   *
34   * @author Ben Alex
35   * @version $Id: ConsensusBasedTests.java,v 1.5 2005/11/30 01:23:34 benalex Exp $
36   */
37  public class ConsensusBasedTests extends TestCase {
38      //~ Constructors ===========================================================
39  
40      public ConsensusBasedTests() {
41          super();
42      }
43  
44      public ConsensusBasedTests(String arg0) {
45          super(arg0);
46      }
47  
48      //~ Methods ================================================================
49  
50      public final void setUp() throws Exception {
51          super.setUp();
52      }
53  
54      public static void main(String[] args) {
55          junit.textui.TestRunner.run(ConsensusBasedTests.class);
56      }
57  
58      public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault()
59          throws Exception {
60          TestingAuthenticationToken auth = makeTestToken();
61          ConsensusBased mgr = makeDecisionManager();
62          mgr.setAllowIfEqualGrantedDeniedDecisions(false);
63          assertTrue(!mgr.isAllowIfEqualGrantedDeniedDecisions()); // check changed
64  
65          ConfigAttributeDefinition config = new ConfigAttributeDefinition();
66          config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
67          config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
68  
69          try {
70              mgr.decide(auth, new Object(), config);
71              fail("Should have thrown AccessDeniedException");
72          } catch (AccessDeniedException expected) {
73              assertTrue(true);
74          }
75      }
76  
77      public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault()
78          throws Exception {
79          TestingAuthenticationToken auth = makeTestToken();
80          ConsensusBased mgr = makeDecisionManager();
81  
82          assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
83  
84          ConfigAttributeDefinition config = new ConfigAttributeDefinition();
85          config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
86          config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
87  
88          mgr.decide(auth, new Object(), config);
89          assertTrue(true);
90      }
91  
92      public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
93          throws Exception {
94          TestingAuthenticationToken auth = makeTestToken();
95          ConsensusBased mgr = makeDecisionManager();
96  
97          ConfigAttributeDefinition config = new ConfigAttributeDefinition();
98          config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
99  
100         mgr.decide(auth, new Object(), config);
101         assertTrue(true);
102     }
103 
104     public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
105         throws Exception {
106         TestingAuthenticationToken auth = makeTestToken();
107         ConsensusBased mgr = makeDecisionManager();
108 
109         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
110         config.addConfigAttribute(new SecurityConfig("ROLE_WE_DO_NOT_HAVE")); // deny
111 
112         try {
113             mgr.decide(auth, new Object(), config);
114             fail("Should have thrown AccessDeniedException");
115         } catch (AccessDeniedException expected) {
116             assertTrue(true);
117         }
118     }
119 
120     public void testThreeAbstainVotesDeniesAccessWithDefault()
121         throws Exception {
122         TestingAuthenticationToken auth = makeTestToken();
123         ConsensusBased mgr = makeDecisionManager();
124 
125         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
126 
127         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
128         config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
129 
130         try {
131             mgr.decide(auth, new Object(), config);
132             fail("Should have thrown AccessDeniedException");
133         } catch (AccessDeniedException expected) {
134             assertTrue(true);
135         }
136     }
137 
138     public void testThreeAbstainVotesGrantsAccessWithoutDefault()
139         throws Exception {
140         TestingAuthenticationToken auth = makeTestToken();
141         ConsensusBased mgr = makeDecisionManager();
142         mgr.setAllowIfAllAbstainDecisions(true);
143         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
144 
145         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
146         config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
147 
148         mgr.decide(auth, new Object(), config);
149         assertTrue(true);
150     }
151 
152     public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
153         throws Exception {
154         TestingAuthenticationToken auth = makeTestToken();
155         ConsensusBased mgr = makeDecisionManager();
156 
157         ConfigAttributeDefinition config = new ConfigAttributeDefinition();
158         config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
159         config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
160 
161         mgr.decide(auth, new Object(), config);
162         assertTrue(true);
163     }
164 
165     private ConsensusBased makeDecisionManager() {
166         ConsensusBased decisionManager = new ConsensusBased();
167         RoleVoter roleVoter = new RoleVoter();
168         DenyVoter denyForSureVoter = new DenyVoter();
169         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
170         List voters = new Vector();
171         voters.add(roleVoter);
172         voters.add(denyForSureVoter);
173         voters.add(denyAgainForSureVoter);
174         decisionManager.setDecisionVoters(voters);
175 
176         return decisionManager;
177     }
178 
179     private TestingAuthenticationToken makeTestToken() {
180         return new TestingAuthenticationToken("somebody", "password",
181             new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
182                     "ROLE_2")});
183     }
184 }