TestSecurity xref


1   package org.apache.turbine.services.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import java.util.List;
23  
24  import junit.framework.Test;
25  import junit.framework.TestSuite;
26  
27  import org.apache.turbine.Turbine;
28  import org.apache.turbine.om.security.User;
29  import org.apache.turbine.services.security.torque.TorqueGroup;
30  import org.apache.turbine.services.security.torque.TorquePermission;
31  import org.apache.turbine.services.security.torque.TorqueRole;
32  import org.apache.turbine.services.security.torque.TorqueUser;
33  import org.apache.turbine.test.BaseTurbineTest;
34  import org.apache.turbine.test.HsqlDB;
35  import org.apache.turbine.util.security.GroupSet;
36  import org.apache.turbine.util.security.PasswordMismatchException;
37  import org.apache.turbine.util.security.PermissionSet;
38  import org.apache.turbine.util.security.RoleSet;
39  import org.apache.turbine.util.security.TurbineAccessControlList;
40  import org.apache.turbine.util.security.UnknownEntityException;
41  
42  public class TestSecurity
43          extends BaseTurbineTest
44  {
45      private HsqlDB hsqlDB = null;
46  
47      public TestSecurity(String name)
48              throws Exception
49      {
50          super(name, "conf/test/TurbineResources.properties");
51          hsqlDB = new HsqlDB("jdbc:hsqldb:.", Turbine.getRealPath("conf/test/create-db.sql"));
52      }
53  
54      public static Test suite()
55      {
56          return new TestSuite(TestSecurity.class);
57      }
58  
59      private void checkUserList()
60              throws Exception
61      {
62          SecurityService ss = TurbineSecurity.getService();
63          assertEquals("User added to storage!", ss.getUserList(new org.apache.torque.util.Criteria()).size(), 2);
64      }
65  
66      public void testInit()
67      {
68          SecurityService ss = TurbineSecurity.getService();
69          assertTrue("Service failed to initialize", ss.getInit());
70      }
71  
72      // Make sure that our database contains what we need
73      public void testDatabase()
74      	throws Exception
75      {
76          SecurityService ss = TurbineSecurity.getService();
77  
78          GroupSet gs = ss.getAllGroups();
79          RoleSet rs = ss.getAllRoles();
80          PermissionSet ps = ss.getAllPermissions();
81  
82          List users = ss.getUserManager().retrieveList(new org.apache.torque.util.Criteria());
83  
84          assertEquals("Group DB Wrong!", gs.size(), 2);
85          assertEquals("Role DB Wrong!", rs.size(), 2);
86          assertEquals("Permission DB Wrong!", ps.size(), 3);
87      }
88  
89      public void testClasses()
90      	throws Exception
91      {
92          SecurityService ss = TurbineSecurity.getService();
93  
94          assertEquals("Class for User Objects is wrong!",       ss.getUserClass(),       TorqueUser.class);
95          assertEquals("Class for Group Objects is wrong!",      ss.getGroupClass(),      TorqueGroup.class);
96          assertEquals("Class for Role Objects is wrong!",       ss.getRoleClass(),       TorqueRole.class);
97          assertEquals("Class for Permission Objects is wrong!", ss.getPermissionClass(), TorquePermission.class);
98  
99          assertEquals("Class for ACLs is wrong!",               ss.getAclClass(),        TurbineAccessControlList.class);
100     }
101 
102     public void testInstance()
103     	throws Exception
104     {
105         SecurityService ss = TurbineSecurity.getService();
106 
107         assertEquals("Instance for User Objects is wrong!",       ss.getUserInstance().getClass(),       TorqueUser.class);
108         assertEquals("Instance for Group Objects is wrong!",      ss.getGroupInstance().getClass(),      TorqueGroup.class);
109         assertEquals("Instance for Role Objects is wrong!",       ss.getRoleInstance().getClass(),       TorqueRole.class);
110         assertEquals("Instance for Permission Objects is wrong!", ss.getPermissionInstance().getClass(), TorquePermission.class);
111     }
112 
113     public void testUserExists()
114             throws Exception
115     {
116         SecurityService ss = TurbineSecurity.getService();
117 
118         assertTrue(ss.accountExists("admin"));
119         assertFalse(ss.accountExists("does-not-exist"));
120 
121         checkUserList();
122     }
123 
124     public void testAuthenticateUser()
125             throws Exception
126     {
127         SecurityService ss = TurbineSecurity.getService();
128 
129         User admin = ss.getAuthenticatedUser("admin", "admin");
130 
131         try
132         {
133             admin = ss.getAuthenticatedUser("admin", "no such password");
134             fail("User was authenticated with wrong password");
135         }
136         catch (Exception e)
137         {
138             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
139         }
140 
141         checkUserList();
142     }
143 
144     public void testGetUser()
145     	throws Exception
146     {
147         SecurityService ss = TurbineSecurity.getService();
148 
149         User admin = ss.getUser("admin");
150 
151         try
152         {
153             User newbie = ss.getUser("newbie");
154             fail("Non Existing User could be loaded!");
155         }
156         catch (Exception e)
157         {
158             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
159         }
160 
161         checkUserList();
162     }
163 
164     public void testUserLists()
165             throws Exception
166     {
167         SecurityService ss = TurbineSecurity.getService();
168 
169         User [] users = ss.getUsers(new org.apache.torque.util.Criteria());
170         assertNotNull(users);
171         assertEquals("Wrong number of users retrieved!", users.length, 2);
172 
173 
174         List userList = ss.getUserList(new org.apache.torque.util.Criteria());
175         assertNotNull(userList);
176         assertEquals("Wrong number of users retrieved!", userList.size(), 2);
177 
178         assertEquals("Array and List have different sizes!", users.length, userList.size());
179 
180         checkUserList();
181     }
182 
183     public void testAnonymousUser()
184             throws Exception
185     {
186         SecurityService ss = TurbineSecurity.getService();
187 
188         User user = ss.getAnonymousUser();
189 
190         assertNotNull(user);
191 
192         assertTrue(ss.isAnonymousUser(user));
193 
194         user = ss.getUser("admin");
195         assertNotNull(user);
196 
197         assertFalse(ss.isAnonymousUser(user));
198     }
199 
200     public void testSaveUser()
201     	throws Exception
202     {
203         SecurityService ss = TurbineSecurity.getService();
204 
205         User admin = ss.getUser("admin");
206 
207         ss.saveUser(admin);
208 
209         try
210         {
211             User newbie = TurbineSecurity.getUserInstance();
212             newbie.setName("newbie");
213 
214             ss.saveUser(newbie);
215             fail("Non Existing User could be stored!");
216         }
217         catch (Exception e)
218         {
219             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
220         }
221 
222         checkUserList();
223     }
224 
225     public void testChangePassword()
226     	throws Exception
227     {
228         SecurityService ss = TurbineSecurity.getService();
229 
230         User admin = ss.getUser("admin");
231         assertNotNull(admin);
232 
233         ss.changePassword(admin, admin.getPassword(), "foobar");
234 
235         User admin2 = ss.getUser("admin");
236         assertEquals("Password was not changed!", "foobar", admin2.getPassword());
237 
238         try
239         {
240             admin = ss.getUser("admin");
241             ss.changePassword(admin, "admin", "foobar");
242             fail("Password could be changed without old password!");
243         }
244         catch (Exception e)
245         {
246             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
247         }
248 
249         admin2 = ss.getUser("admin");
250         assertEquals("Password was changed!", "foobar", admin2.getPassword());
251 
252         checkUserList();
253     }
254 
255     public void testForcePassword()
256     	throws Exception
257     {
258         SecurityService ss = TurbineSecurity.getService();
259 
260         User admin = ss.getUser("admin");
261         assertNotNull(admin);
262 
263         ss.forcePassword(admin, "barbaz");
264 
265         User admin2 = ss.getUser("admin");
266         assertEquals("Password was not changed!", "barbaz", admin2.getPassword());
267 
268         ss.forcePassword(admin, "admin");
269 
270         admin2 = ss.getUser("admin");
271         assertEquals("Password was not reset!", "admin", admin2.getPassword());
272 
273 
274         checkUserList();
275     }
276 }
277