1 package org.apache.turbine.services.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.util.List;
23
24 import junit.framework.Test;
25 import junit.framework.TestSuite;
26
27 import org.apache.turbine.Turbine;
28 import org.apache.turbine.om.security.User;
29 import org.apache.turbine.services.security.torque.TorqueGroup;
30 import org.apache.turbine.services.security.torque.TorquePermission;
31 import org.apache.turbine.services.security.torque.TorqueRole;
32 import org.apache.turbine.services.security.torque.TorqueUser;
33 import org.apache.turbine.test.BaseTurbineTest;
34 import org.apache.turbine.test.HsqlDB;
35 import org.apache.turbine.util.security.GroupSet;
36 import org.apache.turbine.util.security.PasswordMismatchException;
37 import org.apache.turbine.util.security.PermissionSet;
38 import org.apache.turbine.util.security.RoleSet;
39 import org.apache.turbine.util.security.TurbineAccessControlList;
40 import org.apache.turbine.util.security.UnknownEntityException;
41
42 public class TestSecurity
43 extends BaseTurbineTest
44 {
45 private HsqlDB hsqlDB = null;
46
47 public TestSecurity(String name)
48 throws Exception
49 {
50 super(name, "conf/test/TurbineResources.properties");
51 hsqlDB = new HsqlDB("jdbc:hsqldb:.", Turbine.getRealPath("conf/test/create-db.sql"));
52 }
53
54 public static Test suite()
55 {
56 return new TestSuite(TestSecurity.class);
57 }
58
59 private void checkUserList()
60 throws Exception
61 {
62 SecurityService ss = TurbineSecurity.getService();
63 assertEquals("User added to storage!", ss.getUserList(new org.apache.torque.util.Criteria()).size(), 2);
64 }
65
66 public void testInit()
67 {
68 SecurityService ss = TurbineSecurity.getService();
69 assertTrue("Service failed to initialize", ss.getInit());
70 }
71
72
73 public void testDatabase()
74 throws Exception
75 {
76 SecurityService ss = TurbineSecurity.getService();
77
78 GroupSet gs = ss.getAllGroups();
79 RoleSet rs = ss.getAllRoles();
80 PermissionSet ps = ss.getAllPermissions();
81
82 List users = ss.getUserManager().retrieveList(new org.apache.torque.util.Criteria());
83
84 assertEquals("Group DB Wrong!", gs.size(), 2);
85 assertEquals("Role DB Wrong!", rs.size(), 2);
86 assertEquals("Permission DB Wrong!", ps.size(), 3);
87 }
88
89 public void testClasses()
90 throws Exception
91 {
92 SecurityService ss = TurbineSecurity.getService();
93
94 assertEquals("Class for User Objects is wrong!", ss.getUserClass(), TorqueUser.class);
95 assertEquals("Class for Group Objects is wrong!", ss.getGroupClass(), TorqueGroup.class);
96 assertEquals("Class for Role Objects is wrong!", ss.getRoleClass(), TorqueRole.class);
97 assertEquals("Class for Permission Objects is wrong!", ss.getPermissionClass(), TorquePermission.class);
98
99 assertEquals("Class for ACLs is wrong!", ss.getAclClass(), TurbineAccessControlList.class);
100 }
101
102 public void testInstance()
103 throws Exception
104 {
105 SecurityService ss = TurbineSecurity.getService();
106
107 assertEquals("Instance for User Objects is wrong!", ss.getUserInstance().getClass(), TorqueUser.class);
108 assertEquals("Instance for Group Objects is wrong!", ss.getGroupInstance().getClass(), TorqueGroup.class);
109 assertEquals("Instance for Role Objects is wrong!", ss.getRoleInstance().getClass(), TorqueRole.class);
110 assertEquals("Instance for Permission Objects is wrong!", ss.getPermissionInstance().getClass(), TorquePermission.class);
111 }
112
113 public void testUserExists()
114 throws Exception
115 {
116 SecurityService ss = TurbineSecurity.getService();
117
118 assertTrue(ss.accountExists("admin"));
119 assertFalse(ss.accountExists("does-not-exist"));
120
121 checkUserList();
122 }
123
124 public void testAuthenticateUser()
125 throws Exception
126 {
127 SecurityService ss = TurbineSecurity.getService();
128
129 User admin = ss.getAuthenticatedUser("admin", "admin");
130
131 try
132 {
133 admin = ss.getAuthenticatedUser("admin", "no such password");
134 fail("User was authenticated with wrong password");
135 }
136 catch (Exception e)
137 {
138 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
139 }
140
141 checkUserList();
142 }
143
144 public void testGetUser()
145 throws Exception
146 {
147 SecurityService ss = TurbineSecurity.getService();
148
149 User admin = ss.getUser("admin");
150
151 try
152 {
153 User newbie = ss.getUser("newbie");
154 fail("Non Existing User could be loaded!");
155 }
156 catch (Exception e)
157 {
158 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
159 }
160
161 checkUserList();
162 }
163
164 public void testUserLists()
165 throws Exception
166 {
167 SecurityService ss = TurbineSecurity.getService();
168
169 User [] users = ss.getUsers(new org.apache.torque.util.Criteria());
170 assertNotNull(users);
171 assertEquals("Wrong number of users retrieved!", users.length, 2);
172
173
174 List userList = ss.getUserList(new org.apache.torque.util.Criteria());
175 assertNotNull(userList);
176 assertEquals("Wrong number of users retrieved!", userList.size(), 2);
177
178 assertEquals("Array and List have different sizes!", users.length, userList.size());
179
180 checkUserList();
181 }
182
183 public void testAnonymousUser()
184 throws Exception
185 {
186 SecurityService ss = TurbineSecurity.getService();
187
188 User user = ss.getAnonymousUser();
189
190 assertNotNull(user);
191
192 assertTrue(ss.isAnonymousUser(user));
193
194 user = ss.getUser("admin");
195 assertNotNull(user);
196
197 assertFalse(ss.isAnonymousUser(user));
198 }
199
200 public void testSaveUser()
201 throws Exception
202 {
203 SecurityService ss = TurbineSecurity.getService();
204
205 User admin = ss.getUser("admin");
206
207 ss.saveUser(admin);
208
209 try
210 {
211 User newbie = TurbineSecurity.getUserInstance();
212 newbie.setName("newbie");
213
214 ss.saveUser(newbie);
215 fail("Non Existing User could be stored!");
216 }
217 catch (Exception e)
218 {
219 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
220 }
221
222 checkUserList();
223 }
224
225 public void testChangePassword()
226 throws Exception
227 {
228 SecurityService ss = TurbineSecurity.getService();
229
230 User admin = ss.getUser("admin");
231 assertNotNull(admin);
232
233 ss.changePassword(admin, admin.getPassword(), "foobar");
234
235 User admin2 = ss.getUser("admin");
236 assertEquals("Password was not changed!", "foobar", admin2.getPassword());
237
238 try
239 {
240 admin = ss.getUser("admin");
241 ss.changePassword(admin, "admin", "foobar");
242 fail("Password could be changed without old password!");
243 }
244 catch (Exception e)
245 {
246 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
247 }
248
249 admin2 = ss.getUser("admin");
250 assertEquals("Password was changed!", "foobar", admin2.getPassword());
251
252 checkUserList();
253 }
254
255 public void testForcePassword()
256 throws Exception
257 {
258 SecurityService ss = TurbineSecurity.getService();
259
260 User admin = ss.getUser("admin");
261 assertNotNull(admin);
262
263 ss.forcePassword(admin, "barbaz");
264
265 User admin2 = ss.getUser("admin");
266 assertEquals("Password was not changed!", "barbaz", admin2.getPassword());
267
268 ss.forcePassword(admin, "admin");
269
270 admin2 = ss.getUser("admin");
271 assertEquals("Password was not reset!", "admin", admin2.getPassword());
272
273
274 checkUserList();
275 }
276 }
277