View Javadoc

1   /*
2    * #%L
3    * ToPIA :: Service Security
4    * 
5    * $Id: TopiaSecurityTest.java 2691 2012-11-25 11:05:23Z tchemit $
6    * $HeadURL: http://svn.nuiton.org/svn/topia/tags/topia-2.8/topia-service-security/src/test/java/org/nuiton/topia/security/TopiaSecurityTest.java $
7    * %%
8    * Copyright (C) 2004 - 2010 CodeLutin
9    * %%
10   * This program is free software: you can redistribute it and/or modify
11   * it under the terms of the GNU Lesser General Public License as 
12   * published by the Free Software Foundation, either version 3 of the 
13   * License, or (at your option) any later version.
14   * 
15   * This program is distributed in the hope that it will be useful,
16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18   * GNU General Lesser Public License for more details.
19   * 
20   * You should have received a copy of the GNU General Lesser Public 
21   * License along with this program.  If not, see
22   * <http://www.gnu.org/licenses/lgpl-3.0.html>.
23   * #L%
24   */
25  
26  package org.nuiton.topia.security;
27  
28  import org.apache.commons.logging.Log;
29  import org.apache.commons.logging.LogFactory;
30  import org.junit.After;
31  import org.junit.AfterClass;
32  import org.junit.Assert;
33  import org.junit.Before;
34  import org.junit.BeforeClass;
35  import org.junit.Ignore;
36  import org.junit.Rule;
37  import org.junit.Test;
38  import org.junit.rules.TestName;
39  import org.nuiton.i18n.I18n;
40  import org.nuiton.topia.TestHelper;
41  import org.nuiton.topia.TopiaContext;
42  import org.nuiton.topia.TopiaContextFactory;
43  import org.nuiton.topia.TopiaException;
44  import org.nuiton.topia.TopiaSecurityDAOHelper;
45  import org.nuiton.topia.TopiaTestDAOHelper;
46  import org.nuiton.topia.security.entities.authorization.TopiaAssociationAuthorization;
47  import org.nuiton.topia.security.entities.authorization.TopiaAssociationAuthorizationDAO;
48  import org.nuiton.topia.security.entities.authorization.TopiaEntityAuthorization;
49  import org.nuiton.topia.security.entities.authorization.TopiaEntityAuthorizationDAO;
50  import org.nuiton.topia.security.entities.authorization.TopiaExpressionLink;
51  import org.nuiton.topia.security.entities.authorization.TopiaExpressionLinkDAO;
52  import org.nuiton.topia.security.entities.user.TopiaGroup;
53  import org.nuiton.topia.security.entities.user.TopiaGroupDAO;
54  import org.nuiton.topia.security.entities.user.TopiaUser;
55  import org.nuiton.topia.security.entities.user.TopiaUserDAO;
56  import org.nuiton.topia.security.jaas.TopiaCallbackHandler;
57  import org.nuiton.topia.security.util.TopiaSecurityFactoryFilter;
58  import org.nuiton.topia.test.entities.Person;
59  import org.nuiton.topia.test.entities.PersonDAO;
60  import org.nuiton.topia.test.entities.PersonImpl;
61  import org.nuiton.topia.test.entities.Pet;
62  import org.nuiton.topia.test.entities.PetDAO;
63  import org.nuiton.topia.test.entities.PetImpl;
64  import org.nuiton.topia.test.entities.RaceImpl;
65  
66  import javax.security.auth.Subject;
67  import javax.security.auth.login.LoginContext;
68  import java.io.File;
69  import java.security.PrivilegedExceptionAction;
70  import java.util.ArrayList;
71  import java.util.List;
72  import java.util.Locale;
73  import java.util.Properties;
74  
75  import static org.nuiton.topia.security.util.TopiaSecurityUtil.LOAD;
76  import static org.nuiton.topia.security.util.TopiaSecurityUtil.UPDATE;
77  
78  /**
79   * Tests unitaires. Ne pas oublier de lancer le script d'initialisation de la
80   * base données.
81   *
82   * @author ruchaud
83   */
84  public class TopiaSecurityTest {
85  
86      private static final Log log = LogFactory.getLog(TopiaSecurityTest.class);
87  
88     protected String dbPath;
89  
90      protected TopiaContext context;
91  
92      protected TopiaSecurityService securityManager;
93  
94      protected TopiaSecurityFactoryFilter factoryFilter;
95      // FIXME comment il trouve les autres tout seul ?
96      // The grande question !!!
97  
98  
99      protected static File tesDir;
100 
101     protected static boolean init;
102 
103     protected static String entitiesList =
104             PersonImpl.class.getName() + "," +
105             PetImpl.class.getName() + "," +
106             RaceImpl.class.getName();
107 
108     @BeforeClass
109     public static void init() throws Exception {
110         I18n.init(null, Locale.FRANCE);
111         tesDir = TestHelper.getTestBasedir(TopiaSecurityTest.class);
112 
113     }
114 
115     @AfterClass
116     public static void clean() {
117         // tchemit 2010-11-28 : no never delete data after a test...
118 //        TestUtils.clean();
119     }
120 
121     @Ignore
122     protected Properties getProperties() {
123         Properties config = new Properties();
124 //        Properties config = TestHelper.initTopiaContextConfiguration(tesDir,"topia-security");
125 
126         if (log.isDebugEnabled()) {
127             config.setProperty("hibernate.show_sql", "true");
128         }
129 
130         config.setProperty("topia.persistence.classes", entitiesList);
131 
132         config.setProperty("hibernate.dialect", "org.hibernate.dialect.H2Dialect");
133         config.setProperty("hibernate.connection.username", "sa");
134         config.setProperty("hibernate.connection.password", "");
135         config.setProperty("hibernate.connection.driver_class", "org.h2.Driver");
136 
137 //        config.setProperty("hibernate.connection.url", "jdbc:h2:" + new File(tesDir, "topia-security"));
138         config.setProperty("hibernate.connection.url", "jdbc:h2:" + dbPath);
139 
140         // add this to use security service
141         config.setProperty("topia.service.security", "org.nuiton.topia.security.TopiaSecurityServiceImpl");
142         return config;
143     }
144 
145     @Ignore
146     public void initDatabase() throws TopiaException {
147 
148         Properties config = getProperties();
149         config.setProperty("hibernate.hbm2ddl.auto", "create");
150 
151         /* Transaction */
152         TopiaContext rootContext = TopiaContextFactory.getContext(config);
153         TopiaContext childContext = rootContext.beginTransaction();
154 
155         /* DAOs */
156         PersonDAO personDAO = TopiaTestDAOHelper.getPersonDAO(childContext);
157         PetDAO petDAO = TopiaTestDAOHelper.getPetDAO(childContext);
158 
159         TopiaUserDAO topiaUserDAO = TopiaSecurityDAOHelper.getTopiaUserDAO(childContext);
160         TopiaGroupDAO topiaGroupDAO = TopiaSecurityDAOHelper.getTopiaGroupDAO(childContext);
161         TopiaEntityAuthorizationDAO topiaEntityAuthorizationDAO = TopiaSecurityDAOHelper.getTopiaEntityAuthorizationDAO(childContext);
162         TopiaExpressionLinkDAO linkDAO = TopiaSecurityDAOHelper.getTopiaExpressionLinkDAO(childContext);
163         TopiaAssociationAuthorizationDAO topiaAssociationAuthorizationDAO = TopiaSecurityDAOHelper.getTopiaAssociationAuthorizationDAO(childContext);
164 
165         /* Création d'un admin */
166         TopiaUser admin = topiaUserDAO.create();
167         admin.setLogin("admin");
168         admin.setPassword("azerty");
169         topiaUserDAO.update(admin);
170         childContext.commitTransaction();
171 
172         /* Création d'un utilisateur */
173         TopiaUser thimel = topiaUserDAO.create();
174         thimel.setLogin("thimel");
175         thimel.setPassword("zou;bi@da");
176         topiaUserDAO.update(thimel);
177         childContext.commitTransaction();
178 
179         /* Création d'un groupe avec un utilisateur */
180         TopiaUser ruchaud = topiaUserDAO.create();
181         ruchaud.setLogin("ruchaud");
182         ruchaud.setPassword("mdp");
183         TopiaGroup groupRuchaud = topiaGroupDAO.create();
184         groupRuchaud.setName("essai");
185 
186         groupRuchaud.setTopiaUser(new ArrayList<TopiaUser>());
187         ruchaud.addTopiaGroup(groupRuchaud);
188 
189         topiaGroupDAO.update(groupRuchaud);
190         topiaUserDAO.update(ruchaud);
191         childContext.commitTransaction();
192 
193         /* Création des personnes */
194         Person benjamin = personDAO.create();
195         benjamin.setName("poussin");
196         benjamin.setFirstname("benjamin");
197         personDAO.update(benjamin);
198         childContext.commitTransaction();
199 
200         Person jacques = personDAO.create();
201         jacques.setName("poussin");
202         jacques.setFirstname("jacques");
203         personDAO.update(jacques);
204         childContext.commitTransaction();
205 
206         Person mylene = personDAO.create();
207         mylene.setName("poussin");
208         mylene.setFirstname("mylene");
209         personDAO.update(mylene);
210         childContext.commitTransaction();
211 
212         /* Création des annimaux */
213         Pet debux = petDAO.create();
214         debux.setName("debux");
215         debux.setType("chat");
216         debux.setPerson(jacques);
217         petDAO.update(debux);
218         childContext.commitTransaction();
219 
220         Pet pluto = petDAO.create();
221         pluto.setName("pluto");
222         pluto.setType("chien");
223         pluto.setPerson(jacques);
224         petDAO.update(pluto);
225         childContext.commitTransaction();
226 
227         Pet fliper = petDAO.create();
228         fliper.setName("fliper");
229         fliper.setType("dauphin");
230         fliper.setPerson(mylene);
231         petDAO.update(fliper);
232         childContext.commitTransaction();
233 
234         /* Création des autorisations Entity */
235         TopiaEntityAuthorization authorizationForAdmin = topiaEntityAuthorizationDAO.create();
236         authorizationForAdmin.setExpression("*");
237         authorizationForAdmin.setActions(15);
238         authorizationForAdmin.setPrincipals(admin.getTopiaId());
239         topiaEntityAuthorizationDAO.update(authorizationForAdmin);
240         childContext.commitTransaction();
241 
242         TopiaEntityAuthorization authorizationForRuchaud = topiaEntityAuthorizationDAO.create();
243         authorizationForRuchaud.setExpression(Person.class.getName() + "#*");
244         authorizationForRuchaud.setActions(LOAD);
245         authorizationForRuchaud.setPrincipals(groupRuchaud.getTopiaId());
246         topiaEntityAuthorizationDAO.update(authorizationForRuchaud);
247         childContext.commitTransaction();
248 
249         TopiaEntityAuthorization authorizationForThimel = topiaEntityAuthorizationDAO.create();
250         authorizationForThimel.setExpression(jacques.getTopiaId());
251         authorizationForThimel.setActions(LOAD);
252         authorizationForThimel.setPrincipals(thimel.getTopiaId());
253         topiaEntityAuthorizationDAO.update(authorizationForThimel);
254         childContext.commitTransaction();
255 
256         /* Création d'une autorisation Link */
257         TopiaExpressionLink link = linkDAO.create();
258         link.setReplace(mylene.getTopiaId());
259         link.setBy(jacques.getTopiaId());
260         linkDAO.update(link);
261         childContext.commitTransaction();
262 
263         /* Création d'une authorisation association */
264         TopiaAssociationAuthorization associationAuthorization = topiaAssociationAuthorizationDAO.create();
265         associationAuthorization.setIdBeginAssociation(jacques.getTopiaId());
266         associationAuthorization.setNameAssociation("pet");
267         associationAuthorization.setActions(LOAD);
268         associationAuthorization.setPrincipals(ruchaud.getTopiaId());
269         topiaAssociationAuthorizationDAO.update(associationAuthorization);
270         childContext.commitTransaction();
271 
272         associationAuthorization = topiaAssociationAuthorizationDAO.create();
273         associationAuthorization.setIdBeginAssociation(mylene.getTopiaId());
274         associationAuthorization.setNameAssociation("pet");
275         associationAuthorization.setActions(UPDATE);
276         associationAuthorization.setPrincipals(ruchaud.getTopiaId());
277         topiaAssociationAuthorizationDAO.update(associationAuthorization);
278         childContext.commitTransaction();
279 
280         childContext.closeContext();
281     }
282 
283     @Before
284     public void setUp() throws TopiaException {
285         dbPath = new File(tesDir, "topia-security").getAbsolutePath();
286         if (!init) {
287 
288             initDatabase();
289             init = true;
290         }
291         context = TopiaContextFactory.getContext(getProperties());
292         securityManager = context.getService(TopiaSecurityService.class);
293         factoryFilter = new TopiaSecurityFactoryFilter(securityManager);
294     }
295 
296     @After
297     public void tearDown() throws TopiaException {
298         if (context != null) {
299             context.closeContext();
300         }
301     }
302     @Test
303     public void testLoginThimel() throws Exception {
304         /* Authentification de l'utilisateur Thimel */
305         LoginContext loginContext = new LoginContext("topia", new TopiaCallbackHandler(
306                 "thimel", "zou;bi@da"));
307         loginContext.login();
308         Subject subject = loginContext.getSubject();
309 
310         /* Test */
311         Assert.assertEquals(subject.getPrincipals().size(), 1);
312 
313         loginContext.logout();
314     }
315 
316     @Test
317     public void testLoginRuchaud() throws Exception {
318         /* Authentification de l'utilisateur Ruchaud */
319         LoginContext loginContext = new LoginContext("topia", new TopiaCallbackHandler(
320                 "ruchaud", "mdp"));
321         loginContext.login();
322         Subject subject = loginContext.getSubject();
323 
324         /* Test */
325         Assert.assertEquals(subject.getPrincipals().size(), 2);
326 
327         loginContext.logout();
328     }
329 
330     @Test
331     public void testAuthorizationThimel() throws Exception {
332         /* Authentification de l'utilisateur Thimel */
333         LoginContext loginContext = new LoginContext("topia", new TopiaCallbackHandler(
334                 "thimel", "zou;bi@da"));
335         loginContext.login();
336         Subject subject = loginContext.getSubject();
337 
338         /* Tests */
339         Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Object>() {
340 
341             @Override
342             public Object run() throws Exception {
343                 TopiaContext childContext = context.beginTransaction();
344 
345                 /* Personnes */
346                 PersonDAO personDAO = TopiaTestDAOHelper.getPersonDAO(childContext);
347                 List<Person> findAllPerson = personDAO.findAll();
348 
349                 List<Person> personsLOAD = factoryFilter.filter(findAllPerson, LOAD);
350                 Assert.assertEquals(2, personsLOAD.size());
351 
352                 List<Person> personsUPDATE = factoryFilter.filter(findAllPerson, UPDATE);
353                 Assert.assertEquals(0, personsUPDATE.size());
354 
355                 /* Annimaux */
356                 PetDAO petDAO = TopiaTestDAOHelper.getPetDAO(childContext);
357                 List<Pet> findAllPet = petDAO.findAll();
358 
359                 List<Pet> petLOAD = factoryFilter.filter(findAllPet, LOAD);
360                 Assert.assertEquals(0, petLOAD.size());
361 
362                 List<Pet> petUPDATE = factoryFilter.filter(findAllPet, UPDATE);
363                 Assert.assertEquals(0, petUPDATE.size());
364                 return null;
365             }
366         }, null);
367 
368         loginContext.logout();
369     }
370 
371     @Test
372     public void testAuthorizationRuchaud() throws Exception {
373         /* Authentification de l'utilisateur Admin */
374         LoginContext loginContext = new LoginContext("topia", new TopiaCallbackHandler(
375                 "ruchaud", "mdp"));
376         loginContext.login();
377         Subject subject = loginContext.getSubject();
378 
379         /* Tests */
380         Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Object>() {
381 
382             @Override
383             public Object run() throws Exception {
384                 TopiaContext childContext = context.beginTransaction();
385 
386                 /* Personnes */
387                 PersonDAO personDAO = TopiaTestDAOHelper.getPersonDAO(childContext);
388                 List<Person> findAllPerson = personDAO.findAll();
389 
390                 List<Person> personsLOAD = factoryFilter.filter(findAllPerson, LOAD);
391                 Assert.assertEquals(3, personsLOAD.size());
392 //                Assert.assertEquals(12, personsLOAD.size());
393 
394                 List<Person> personsUPDATE = factoryFilter.filter(findAllPerson, UPDATE);
395                 Assert.assertEquals(0, personsUPDATE.size());
396 
397                 /* Annimaux */
398                 PetDAO petDAO = TopiaTestDAOHelper.getPetDAO(childContext);
399                 List<Pet> findAllPet = petDAO.findAll();
400 
401                 List<Pet> petLOAD = factoryFilter.filter(findAllPet, LOAD);
402                 Assert.assertEquals(2, petLOAD.size());
403 
404                 List<Pet> petUPDATE = factoryFilter.filter(findAllPet, UPDATE);
405                 Assert.assertEquals(1, petUPDATE.size());
406                 return null;
407             }
408         }, null);
409 
410         loginContext.logout();
411     }
412 
413     @Test
414     public void testAuthorizationAdmin() throws Exception {
415         /* Authentification de l'utilisateur Ruchaud */
416         LoginContext loginContext = new LoginContext("topia", new TopiaCallbackHandler(
417                 "admin", "azerty"));
418         loginContext.login();
419         Subject subject = loginContext.getSubject();
420 
421         /* Tests */
422         Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Object>() {
423 
424             @Override
425             public Object run() throws Exception {
426                 TopiaContext childContext = context.beginTransaction();
427 
428                 /* Personnes */
429                 PersonDAO personDAO = TopiaTestDAOHelper.getPersonDAO(childContext);
430                 List<Person> findAllPerson = personDAO.findAll();
431 
432                 List<Person> personsLOAD = factoryFilter.filter(findAllPerson, LOAD);
433                 Assert.assertEquals(3, personsLOAD.size());
434 //                Assert.assertEquals(15, personsLOAD.size());
435 
436                 List<Person> personsUPDATE = factoryFilter.filter(findAllPerson, UPDATE);
437                 Assert.assertEquals(3, personsUPDATE.size());
438 //                Assert.assertEquals(15, personsUPDATE.size());
439 
440                 /* Annimaux */
441                 PetDAO petDAO = TopiaTestDAOHelper.getPetDAO(childContext);
442                 List<Pet> findAllPet = petDAO.findAll();
443 
444                 List<Pet> petLOAD = factoryFilter.filter(findAllPet, LOAD);
445                 Assert.assertEquals(3, petLOAD.size());
446 //                Assert.assertEquals(15, petLOAD.size());
447 
448                 List<Pet> petUPDATE = factoryFilter.filter(findAllPet, UPDATE);
449                 Assert.assertEquals(3, petUPDATE.size());
450 //                Assert.assertEquals(15, petUPDATE.size());
451                 return null;
452             }
453         }, null);
454 
455         loginContext.logout();
456     }
457 }