From 62bfcbc78fcbb6d03fce64a52082f6d517c0c392 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Thu, 2 May 2013 18:29:00 +0200 Subject: [PATCH] add unit test for DefaultSecuritySystem --- .../main/java/sonia/scm/AbstractTestBase.java | 3 +- .../main/java/sonia/scm/util/MockUtil.java | 29 +- .../scm/security/DefaultSecuritySystem.java | 2 +- .../security/DefaultSecuritySystemTest.java | 333 ++++++++++++++++++ 4 files changed, 363 insertions(+), 4 deletions(-) create mode 100644 scm-webapp/src/test/java/sonia/scm/security/DefaultSecuritySystemTest.java diff --git a/scm-test/src/main/java/sonia/scm/AbstractTestBase.java b/scm-test/src/main/java/sonia/scm/AbstractTestBase.java index b991b67c4f..47ee59b075 100644 --- a/scm-test/src/main/java/sonia/scm/AbstractTestBase.java +++ b/scm-test/src/main/java/sonia/scm/AbstractTestBase.java @@ -151,6 +151,7 @@ public class AbstractTestBase try { preTearDown(); + clearSubject(); } finally { @@ -179,7 +180,7 @@ public class AbstractTestBase //~--- methods -------------------------------------------------------------- /** - * Clears Shiro's thread state, ensuring the thread remains clean for + * Clears Shiro's thread state, ensuring the thread remains clean for * future test execution. */ protected void clearSubject() diff --git a/scm-test/src/main/java/sonia/scm/util/MockUtil.java b/scm-test/src/main/java/sonia/scm/util/MockUtil.java index a53c9feaba..715ec39d71 100644 --- a/scm-test/src/main/java/sonia/scm/util/MockUtil.java +++ b/scm-test/src/main/java/sonia/scm/util/MockUtil.java @@ -41,6 +41,7 @@ import org.apache.shiro.authz.Permission; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.Subject.Builder; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; @@ -136,6 +137,20 @@ public final class MockUtil * @return */ public static Subject createUserSubject() + { + return createUserSubject(null); + } + + /** + * Method description + * + * + * + * @param securityManager + * @return + */ + public static Subject createUserSubject( + org.apache.shiro.mgt.SecurityManager securityManager) { SimplePrincipalCollection collection = new SimplePrincipalCollection(); User user = UserTestData.createTrillian(); @@ -143,8 +158,18 @@ public final class MockUtil collection.add(user.getName(), "junit"); collection.add(user, "junit"); - return new Subject.Builder().principals(collection).authenticated( - true).buildSubject(); + Builder builder; + + if (securityManager != null) + { + builder = new Subject.Builder(securityManager); + } + else + { + builder = new Subject.Builder(); + } + + return builder.principals(collection).authenticated(true).buildSubject(); } //~--- get methods ---------------------------------------------------------- diff --git a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java index 789fd698f9..2e1986d6d7 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java +++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java @@ -444,7 +444,7 @@ public class DefaultSecuritySystem implements SecuritySystem return classLoader; } - + //~--- inner classes -------------------------------------------------------- /** diff --git a/scm-webapp/src/test/java/sonia/scm/security/DefaultSecuritySystemTest.java b/scm-webapp/src/test/java/sonia/scm/security/DefaultSecuritySystemTest.java new file mode 100644 index 0000000000..516e24106c --- /dev/null +++ b/scm-webapp/src/test/java/sonia/scm/security/DefaultSecuritySystemTest.java @@ -0,0 +1,333 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.security; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.common.base.Predicate; + +import org.apache.shiro.authz.UnauthorizedException; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.apache.shiro.realm.SimpleAccountRealm; + +import org.junit.Before; +import org.junit.Test; + +import sonia.scm.AbstractTestBase; +import sonia.scm.store.JAXBConfigurationEntryStoreFactory; +import sonia.scm.util.MockUtil; + +import static org.hamcrest.Matchers.*; + +import static org.junit.Assert.*; + +//~--- JDK imports ------------------------------------------------------------ + +import java.util.List; + +/** + * + * @author Sebastian Sdorra + */ +public class DefaultSecuritySystemTest extends AbstractTestBase +{ + + /** + * Method description + * + */ + @Before + public void createSecuritySystem() + { + JAXBConfigurationEntryStoreFactory factory = + new JAXBConfigurationEntryStoreFactory(new UUIDKeyGenerator(), + contextProvider); + + securitySystem = new DefaultSecuritySystem(factory); + + // ScmEventBus.getInstance().register(listener); + } + + /** + * Method description + * + */ + @Test + public void testAddPermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + + assertEquals("trillian", sap.getName()); + assertEquals("repository:*:READ", sap.getPermission()); + assertEquals(false, sap.isGroupPermission()); + } + + /** + * Method description + * + */ + @Test + public void testAvailablePermissions() + { + setAdminSubject(); + + List list = securitySystem.getAvailablePermissions(); + + assertNotNull(list); + assertThat(list.size(), greaterThan(0)); + } + + /** + * Method description + * + */ + @Test + public void testDeletePermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + + securitySystem.deletePermission(sap); + + assertNull(securitySystem.getPermission(sap.getId())); + } + + /** + * Method description + * + */ + @Test + public void testGetAllPermissions() + { + setAdminSubject(); + + StoredAssignedPermission trillian = createPermission("trillian", false, + "repository:*:READ"); + StoredAssignedPermission dent = createPermission("dent", false, + "repository:*:READ"); + StoredAssignedPermission marvin = createPermission("marvin", false, + "repository:*:READ"); + + List all = securitySystem.getAllPermissions(); + + assertEquals(3, all.size()); + assertThat(all, containsInAnyOrder(trillian, dent, marvin)); + } + + /** + * Method description + * + */ + @Test + public void testGetPermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + + StoredAssignedPermission other = securitySystem.getPermission(sap.getId()); + + assertEquals(sap.getId(), other.getId()); + assertEquals(sap, other); + } + + /** + * Method description + * + */ + @Test + public void testGetPermissionsWithPredicate() + { + setAdminSubject(); + + StoredAssignedPermission trillian = createPermission("trillian", false, + "repository:*:READ"); + StoredAssignedPermission dent = createPermission("dent", false, + "repository:*:READ"); + + createPermission("hitchhiker", true, "repository:*:READ"); + + List filtered = + securitySystem.getPermissions(new Predicate() + { + + @Override + public boolean apply(AssignedPermission input) + { + return !input.isGroupPermission(); + } + }); + + assertEquals(2, filtered.size()); + assertThat(filtered, containsInAnyOrder(trillian, dent)); + } + + /** + * Method description + * + */ + @Test + public void testModifyPermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + StoredAssignedPermission modified = + new StoredAssignedPermission(sap.getId(), + new AssignedPermission("trillian", "repository:*:WRITE")); + + securitySystem.modifyPermission(modified); + + sap = securitySystem.getPermission(modified.getId()); + + assertEquals(modified.getId(), sap.getId()); + assertEquals(modified, sap); + } + + /** + * Method description + * + */ + @Test(expected = UnauthorizedException.class) + public void testUnauthorizedAddPermission() + { + setUserSubject(); + createPermission("trillian", false, "repository:*:READ"); + } + + /** + * Method description + * + */ + @Test(expected = UnauthorizedException.class) + public void testUnauthorizedDeletePermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + + setUserSubject(); + securitySystem.deletePermission(sap); + } + + /** + * Method description + * + */ + @Test(expected = UnauthorizedException.class) + public void testUnauthorizedGetPermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + + setUserSubject(); + securitySystem.getPermission(sap.getId()); + } + + /** + * Method description + * + */ + @Test(expected = UnauthorizedException.class) + public void testUnauthorizedModifyPermission() + { + setAdminSubject(); + + StoredAssignedPermission sap = createPermission("trillian", false, + "repository:*:READ"); + + setUserSubject(); + + securitySystem.modifyPermission(sap); + } + + /** + * Method description + * + * + * @param name + * @param groupPermission + * @param value + * + * @return + */ + private StoredAssignedPermission createPermission(String name, + boolean groupPermission, String value) + { + AssignedPermission ap = new AssignedPermission(name, groupPermission, + value); + StoredAssignedPermission sap = securitySystem.addPermission(ap); + + assertNotNull(sap); + assertNotNull(sap.getId()); + + return sap; + } + + //~--- set methods ---------------------------------------------------------- + + /** + * Method description + * + */ + private void setAdminSubject() + { + setSubject(MockUtil.createAdminSubject()); + } + + /** + * Method description + * + */ + private void setUserSubject() + { + org.apache.shiro.mgt.SecurityManager sm = + new DefaultSecurityManager(new SimpleAccountRealm()); + + setSubject(MockUtil.createUserSubject(sm)); + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private DefaultSecuritySystem securitySystem; +}