1   package org.apache.turbine.services.security;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import junit.framework.Test;
20  import junit.framework.TestSuite;
21  
22  import org.apache.turbine.om.security.Group;
23  import org.apache.turbine.om.security.Role;
24  import org.apache.turbine.om.security.User;
25  import org.apache.turbine.test.BaseTurbineHsqlTest;
26  import org.apache.turbine.util.security.AccessControlList;
27  import org.apache.turbine.util.security.DataBackendException;
28  import org.apache.turbine.util.security.EntityExistsException;
29  import org.apache.turbine.util.security.PermissionSet;
30  import org.apache.turbine.util.security.RoleSet;
31  import org.apache.turbine.util.security.UnknownEntityException;
32  
33  public class TestSecurityRole
34          extends BaseTurbineHsqlTest
35  {
36      public TestSecurityRole(String name)
37              throws Exception
38      {
39          super(name, "conf/test/TurbineResources.properties");
40      }
41  
42      public static Test suite()
43      {
44          return new TestSuite(TestSecurityRole.class);
45      }
46  
47      public void testInit()
48      {
49          SecurityService ss = TurbineSecurity.getService();
50          assertTrue("Service failed to initialize", ss.getInit());
51      }
52  
53      public void testRoleByName()
54              throws Exception
55      {
56          SecurityService ss = TurbineSecurity.getService();
57  
58          Role role = ss.getRoleByName("User");
59          assertNotNull(role);
60          assertEquals(role.getName(), "User");
61      }
62  
63      public void testRoleById()
64              throws Exception
65      {
66          SecurityService ss = TurbineSecurity.getService();
67  
68          Role role = ss.getRoleById(2);
69          assertNotNull(role);
70          assertEquals(role.getName(), "Admin");
71      }
72  
73      public void testRolePermissions()
74              throws Exception
75      {
76          SecurityService ss = TurbineSecurity.getService();
77  
78          Role role = ss.getRoleByName("User");
79          assertNotNull(role);
80  
81          PermissionSet ps = ss.getPermissions(role);
82  
83          assertEquals(2, ps.size());
84      }
85  
86      public void testAllRoles()
87              throws Exception
88      {
89          SecurityService ss = TurbineSecurity.getService();
90  
91          RoleSet gs = ss.getAllRoles();
92  
93          assertEquals(2, gs.size());
94      }
95  
96  
97      public void testAddRole()
98      	throws Exception
99      {
100         SecurityService ss = TurbineSecurity.getService();
101 
102         Role newbie = ss.getRoleInstance();
103         newbie.setName("newbie");
104 
105         ss.addRole(newbie);
106 
107         assertEquals("Role was not added", 3, ss.getAllRoles().size());
108 
109         try
110         {
111             Role user = ss.getRoleByName("User");
112 
113             ss.addRole(user);
114             fail("Existing Role could be added!");
115         }
116         catch (Exception e)
117         {
118             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), EntityExistsException.class, e.getClass());
119         }
120 
121         try
122         {
123             Role empty = ss.getRoleInstance();
124 
125             ss.addRole(empty);
126             fail("Role with empty Rolename could be added!");
127         }
128         catch (Exception e)
129         {
130             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
131         }
132 
133         assertEquals("Role was not added", 3, ss.getAllRoles().size());
134     }
135 
136     public void testRemoveRole()
137     	throws Exception
138     {
139         SecurityService ss = TurbineSecurity.getService();
140 
141         assertEquals("Role was not added", 3, ss.getAllRoles().size());
142 
143         Role newbie = ss.getRoleByName("newbie");
144         assertNotNull(newbie);
145 
146         ss.removeRole(newbie);
147 
148         try
149         {
150             Role foo = ss.getRoleInstance();
151             foo.setName("foo");
152 
153             ss.removeRole(foo);
154             fail("Non Existing Role could be deleted!");
155         }
156         catch (Exception e)
157         {
158             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
159         }
160 
161         assertEquals("Role was not removed", 2, ss.getAllRoles().size());
162     }
163 
164     public void testGrantRole()
165             throws Exception
166     {
167         SecurityService ss = TurbineSecurity.getService();
168 
169         User admin = ss.getUser("admin");
170         assertNotNull(admin);
171 
172         Group global = ss.getGroupByName("global");
173         assertNotNull(global);
174 
175         Role app = ss.getRoleByName("User");
176         assertNotNull(app);
177 
178         AccessControlList acl = ss.getACL(admin);
179         assertFalse(acl.hasRole(app, global));
180 
181         ss.grant(admin, global, app);
182 
183         AccessControlList acl2 = ss.getACL(admin);
184         assertTrue(acl2.hasRole(app, global));
185 
186         // Get existing ACL modified?
187         assertFalse(acl.hasRole(app, global));
188 
189         try
190         {
191             ss.grant(admin, global, app);
192             fail("Role could be granted twice!");
193         }
194         catch (Exception e)
195         {
196             //
197             // Ugh. DataBackendError? This means that our query actually hit the database and only the "unique key"
198             // prevented us from a double entry. This seems to be a bug
199             //
200             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), DataBackendException.class, e.getClass());
201         }
202 
203         try
204         {
205             Role unknown = ss.getRoleInstance("unknown");
206 
207             ss.grant(admin, global, unknown);
208             fail("Nonexisting Role could be granted!");
209         }
210         catch (Exception e)
211         {
212             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
213         }
214 
215         try
216         {
217             Group unknown = ss.getGroupInstance("unknown");
218 
219             ss.grant(admin, unknown, app);
220             fail("Role in non existing group could be granted!");
221         }
222         catch (Exception e)
223         {
224             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
225         }
226     }
227 
228     public void testRevokeRole()
229             throws Exception
230     {
231         SecurityService ss = TurbineSecurity.getService();
232 
233         User admin = ss.getUser("admin");
234         assertNotNull(admin);
235 
236         Group global = ss.getGroupByName("global");
237         assertNotNull(global);
238 
239         Role app = ss.getRoleByName("User");
240         assertNotNull(app);
241 
242         AccessControlList acl = ss.getACL(admin);
243         assertTrue(acl.hasRole(app, global));
244 
245         ss.revoke(admin, global, app);
246 
247         AccessControlList acl2 = ss.getACL(admin);
248         assertFalse(acl2.hasRole(app, global));
249 
250         // Get existing ACL modified?
251         assertTrue(acl.hasRole(app, global));
252 
253          try
254          {
255              Role unknown = ss.getRoleInstance("unknown");
256              ss.revoke(admin, global, unknown);
257              fail("Nonexisting Role could be revoked!");
258          }
259          catch (Exception e)
260          {
261              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
262          }
263 
264         try
265         {
266             Group unknown = ss.getGroupInstance("unknown");
267             ss.revoke(admin, unknown, app);
268             fail("Role in non existing group could be revoked!");
269         }
270         catch (Exception e)
271         {
272             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
273 
274         }
275 
276 //
277 // One can revoke an existing role in an existing group, even if this role was
278 // never granted to an user. While this is not really a bug, this might be
279 // something that should be checked in the long run.
280 //
281 //        try
282 //        {
283 //            ss.revoke(admin, global, app);
284 //            fail("Role could be revoked twice!");
285 //        }
286 //        catch (Exception e)
287 //        {
288 //            assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
289 //        }
290 //
291 //        try
292 //        {
293 //            Role adm = ss.getRole("Admin");
294 //            ss.revoke(admin, global, adm);
295 //            fail("Role could be revoked from wrong group!");
296 //        }
297 //        catch (Exception e)
298 //        {
299 //            assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
300 //        }
301 //
302 //        try
303 //        {
304 //            Group turbine = ss.getGroup("Turbine");
305 //            ss.revoke(admin, turbine, app);
306 //            fail("Non existing Role could be revoked!");
307 //        }
308 //        catch (Exception e)
309 //        {
310 //            assertEquals("Wrong Exception thrown: " + e.getClass().getName(), UnknownEntityException.class, e.getClass());
311 //        }
312     }
313 
314     public void testRevokeAll()
315             throws Exception
316     {
317         SecurityService ss = TurbineSecurity.getService();
318 
319         User admin = ss.getUser("admin");
320         assertNotNull(admin);
321 
322         Group turbine = ss.getGroupByName("Turbine");
323         assertNotNull(turbine);
324 
325         AccessControlList acl = ss.getACL(admin);
326         assertEquals(1, acl.getRoles(turbine).size());
327 
328         ss.revokeAll(admin);
329 
330         AccessControlList acl2 = ss.getACL(admin);
331         assertEquals(0, acl2.getRoles(turbine).size());
332     }
333 
334     public void testSaveRole()
335     	throws Exception
336     {
337         SecurityService ss = TurbineSecurity.getService();
338 
339         Role admin = ss.getRoleByName("Admin");
340 
341         ss.saveRole(admin);
342 
343         try
344         {
345             Role fake = ss.getRoleInstance("fake");
346 
347             ss.saveRole(fake);
348             fail("Non Existing Role could be saved!");
349         }
350         catch (Exception e)
351         {
352             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
353         }
354     }
355 
356     public void testRenameRole()
357     	throws Exception
358     {
359         SecurityService ss = TurbineSecurity.getService();
360 
361         Role newbie = ss.getRoleInstance("newbie");
362         ss.addRole(newbie);
363 
364         Role test = ss.getRoleByName("newbie");
365         assertNotNull(test);
366 
367         ss.renameRole(test, "fake");
368 
369         Role fake = ss.getRoleByName("fake");
370         assertNotNull(fake);
371 
372 //
373 // Now this is a Turbine Bug...
374 //
375 //          try
376 //          {
377 //              RoleSet gs = ss.getRoles(new org.apache.torque.util.Criteria());
378 //              assertEquals(3, gs.size());
379 
380 //              ss.renameRole(fake, "Admin");
381 
382 //              RoleSet gs2 = ss.getRoles(new org.apache.torque.util.Criteria());
383 //              assertEquals("Two roles with the same name exist!", 2, gs2.size());
384 
385 //              fail("Role could be renamed to existing Role and got lost from the database!");
386 //          }
387 //          catch (Exception e)
388 //          {
389 //              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
390 //          }
391     }
392 }