source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.xmlrpc.security;\r
   2 \r
   3 /*\r
   4  * Licensed to the Apache Software Foundation (ASF) under one\r
   5  * or more contributor license agreements.  See the NOTICE file\r
   6  * distributed with this work for additional information\r
   7  * regarding copyright ownership.  The ASF licenses this file\r
   8  * to you under the Apache License, Version 2.0 (the\r
   9  * "License"); you may not use this file except in compliance\r
  10  * with the License.  You may obtain a copy of the License at\r
  11  *\r
  12  *  http://www.apache.org/licenses/LICENSE-2.0\r
  13  *\r
  14  * Unless required by applicable law or agreed to in writing,\r
  15  * software distributed under the License is distributed on an\r
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
  17  * KIND, either express or implied.  See the License for the\r
  18  * specific language governing permissions and limitations\r
  19  * under the License.\r
  20  */\r
  21 \r
  22 import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator;\r
  23 import org.apache.maven.archiva.security.ArchivaRoleConstants;\r
  24 import org.apache.xmlrpc.XmlRpcRequest;\r
  25 import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;\r
  26 import org.codehaus.plexus.redback.role.RoleManager;\r
  27 import org.codehaus.plexus.redback.system.SecuritySystem;\r
  28 import org.codehaus.plexus.redback.users.User;\r
  29 import org.codehaus.plexus.redback.users.UserManager;\r
  30 import org.codehaus.plexus.redback.users.UserNotFoundException;\r
  31 import org.codehaus.plexus.spring.PlexusInSpringTestCase;\r
  32 import org.easymock.MockControl;\r
  33 import org.easymock.classextension.MockClassControl;\r
  34 \r
  35 /**\r
  36  * XmlRpcAuthenticatorTest\r
  37  * \r
  38  * @version $Id XmlRpcAuthenticatorTest.java\r
  39  */\r
  40 public class XmlRpcAuthenticatorTest\r
  41 //extends AbstractDependencyInjectionSpringContextTests\r
  42     extends PlexusInSpringTestCase\r
  43 {\r
  44     protected static final String USER_GUEST = "guest";\r
  45 \r
  46     protected static final String USER_ADMIN = "admin";\r
  47 \r
  48     protected static final String USER_ALPACA = "alpaca";\r
  49 \r
  50     private static final String PASSWORD = "password123";\r
  51 \r
  52     protected SecuritySystem securitySystem;\r
  53 \r
  54     protected RoleManager roleManager;\r
  55     \r
  56     private MockControl xmlRpcRequestControl;\r
  57     \r
  58     private XmlRpcRequest xmlRpcRequest;\r
  59     \r
  60     private XmlRpcAuthenticator authenticator;\r
  61     \r
  62     private MockControl configControl;\r
  63     \r
  64     private XmlRpcHttpRequestConfigImpl config; \r
  65     \r
  66     public void setUp()\r
  67         throws Exception\r
  68     {\r
  69         super.setUp();\r
  70         \r
  71         securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );        \r
  72         roleManager = (RoleManager) lookup( RoleManager.class, "default" );\r
  73         \r
  74         // Some basic asserts.\r
  75         assertNotNull( securitySystem );        \r
  76         assertNotNull( roleManager );\r
  77         \r
  78         // Setup Admin User.\r
  79         User adminUser = createUser( USER_ADMIN, "Admin User", null );\r
  80         roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );\r
  81 \r
  82         // Setup Guest User.\r
  83         User guestUser = createUser( USER_GUEST, "Guest User", null );\r
  84         roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );\r
  85         \r
  86         configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class );\r
  87         config = ( XmlRpcHttpRequestConfigImpl ) configControl.getMock();\r
  88         \r
  89         xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class );\r
  90         xmlRpcRequest = ( XmlRpcRequest ) xmlRpcRequestControl.getMock();    \r
  91         \r
  92         authenticator = new XmlRpcAuthenticator( securitySystem, null );        \r
  93     }\r
  94             \r
  95     private User createUser( String principal, String fullname, String password )\r
  96         throws UserNotFoundException\r
  97     {\r
  98         UserManager userManager = securitySystem.getUserManager();\r
  99     \r
 100         User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );\r
 101         securitySystem.getPolicy().setEnabled( false );\r
 102         userManager.addUser( user );\r
 103         securitySystem.getPolicy().setEnabled( true );\r
 104         \r
 105         user.setPassword( password );        \r
 106         userManager.updateUser( user );\r
 107         \r
 108         return user;\r
 109     }\r
 110     \r
 111     public void testIsAuthorizedUserExistsButNotAuthorized()\r
 112         throws Exception\r
 113     {\r
 114         createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );\r
 115         \r
 116         UserManager userManager = securitySystem.getUserManager();\r
 117         try\r
 118         {\r
 119             User user  = userManager.findUser( USER_ALPACA );\r
 120             assertEquals( USER_ALPACA, user.getPrincipal() );\r
 121         }\r
 122         catch ( UserNotFoundException e )\r
 123         {\r
 124             fail( "User should exist in the database." );                        \r
 125         }\r
 126         \r
 127         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );\r
 128         \r
 129         configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );\r
 130         \r
 131         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );\r
 132         \r
 133         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),\r
 134                                               "AdministrationService.getAllManagedRepositories" );\r
 135         \r
 136         xmlRpcRequestControl.replay();\r
 137         configControl.replay();\r
 138         \r
 139         boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );\r
 140         \r
 141         xmlRpcRequestControl.verify();\r
 142         configControl.verify();\r
 143         \r
 144         assertFalse( isAuthorized );\r
 145     }\r
 146     \r
 147     public void testIsAuthorizedUserExistsAndAuthorized()\r
 148         throws Exception\r
 149     {\r
 150         createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );\r
 151         \r
 152         UserManager userManager = securitySystem.getUserManager();\r
 153         try\r
 154         {\r
 155             User user  = userManager.findUser( USER_ALPACA );\r
 156             assertEquals( USER_ALPACA, user.getPrincipal() );\r
 157         }\r
 158         catch ( UserNotFoundException e )\r
 159         {\r
 160             fail( "User should exist in the database." );                        \r
 161         }\r
 162         \r
 163         //TODO cannot assign global repo manager role - it says role does not exist :|\r
 164         \r
 165         //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA );\r
 166         \r
 167         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );\r
 168         \r
 169         configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );\r
 170         \r
 171         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );\r
 172         \r
 173         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),\r
 174                                               "AdministrationService.getAllManagedRepositories" );\r
 175         \r
 176         xmlRpcRequestControl.replay();\r
 177         configControl.replay();\r
 178         \r
 179         boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );\r
 180         assertTrue( isAuthorized );\r
 181         \r
 182         xmlRpcRequestControl.verify();\r
 183         configControl.verify();\r
 184         \r
 185         //assertTrue( isAuthorized );\r
 186     }\r
 187     \r
 188     public void testIsAuthorizedUserDoesNotExist()\r
 189         throws Exception\r
 190     {   \r
 191         UserManager userManager = securitySystem.getUserManager();\r
 192         try\r
 193         {\r
 194             userManager.findUser( USER_ALPACA );\r
 195             fail( "User should not exist in the database." );\r
 196         }\r
 197         catch ( UserNotFoundException e )\r
 198         {\r
 199             assertEquals( "Unable to find user 'alpaca'", e.getMessage() );            \r
 200         }\r
 201         \r
 202         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );\r
 203         \r
 204         configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );\r
 205         \r
 206         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );\r
 207         \r
 208         xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),\r
 209                                               "AdministrationService.getAllManagedRepositories" );\r
 210         \r
 211         xmlRpcRequestControl.replay();\r
 212         configControl.replay();\r
 213         \r
 214         boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );\r
 215                 \r
 216         xmlRpcRequestControl.verify();\r
 217         configControl.verify();\r
 218         \r
 219         assertFalse( isAuthorized );\r
 220     }    \r
 221 }\r