1 package org.apache.archiva.security;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import com.google.common.collect.Lists;
23 import junit.framework.TestCase;
24 import net.sf.ehcache.CacheManager;
25 import org.apache.archiva.redback.rbac.RBACManager;
26 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
27 import org.apache.archiva.redback.role.RoleManager;
28 import org.apache.archiva.redback.users.User;
29 import org.apache.archiva.security.common.ArchivaRoleConstants;
30 import org.apache.commons.io.FileUtils;
31 import org.apache.archiva.configuration.ArchivaConfiguration;
32 import org.apache.archiva.configuration.ManagedRepositoryConfiguration;
33 import org.apache.archiva.redback.rbac.UserAssignment;
34 import org.codehaus.plexus.redback.system.SecuritySystem;
35 import org.apache.archiva.redback.users.UserManager;
36 import org.junit.Before;
37 import org.junit.runner.RunWith;
38 import org.slf4j.Logger;
39 import org.slf4j.LoggerFactory;
40 import org.springframework.test.context.ContextConfiguration;
41 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
43 import javax.inject.Inject;
44 import javax.inject.Named;
48 * AbstractSecurityTest
50 * @version $Id: AbstractSecurityTest
52 @RunWith( SpringJUnit4ClassRunner.class )
53 @ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
54 public abstract class AbstractSecurityTest
58 protected Logger log = LoggerFactory.getLogger( getClass() );
60 protected static final String USER_GUEST = "guest";
62 protected static final String USER_ADMIN = "admin";
64 protected static final String USER_ALPACA = "alpaca";
67 @Named( value = "securitySystem#testable" )
68 protected SecuritySystem securitySystem;
71 @Named( value = "rBACManager#memory" )
72 protected RBACManager rbacManager;
75 protected RoleManager roleManager;
78 @Named( value = "archivaConfiguration#default" )
79 private ArchivaConfiguration archivaConfiguration;
82 protected UserRepositories userRepos;
84 protected void setupRepository( String repoId )
87 // Add repo to configuration.
88 ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration();
89 repoConfig.setId( repoId );
90 repoConfig.setName( "Testable repo <" + repoId + ">" );
91 repoConfig.setLocation( new File( "./target/test-repo/" + repoId ).getPath() );
92 if ( !archivaConfiguration.getConfiguration().getManagedRepositoriesAsMap().containsKey( repoId ) )
94 archivaConfiguration.getConfiguration().addManagedRepository( repoConfig );
97 // Add repo roles to security.
98 userRepos.createMissingRepositoryRoles( repoId );
101 protected void assignRepositoryObserverRole( String principal, String repoId )
104 roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal );
107 protected User createUser( String principal, String fullname )
109 UserManager userManager = securitySystem.getUserManager();
111 User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
112 securitySystem.getPolicy().setEnabled( false );
113 userManager.addUser( user );
114 securitySystem.getPolicy().setEnabled( true );
126 File srcConfig = new File( "./src/test/resources/repository-archiva.xml" );
127 File destConfig = new File( "./target/test-conf/archiva.xml" );
129 destConfig.getParentFile().mkdirs();
132 FileUtils.copyFile( srcConfig, destConfig );
134 // Some basic asserts.
135 assertNotNull( securitySystem );
136 assertNotNull( rbacManager );
137 assertNotNull( roleManager );
138 assertNotNull( userRepos );
139 assertNotNull( archivaConfiguration );
142 User adminUser = createUser( USER_ADMIN, "Admin User" );
143 roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
146 User guestUser = createUser( USER_GUEST, "Guest User" );
147 roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
150 protected void restoreGuestInitialValues( String userId )
153 UserAssignment userAssignment = null;
156 userAssignment = rbacManager.getUserAssignment( userId );
158 catch ( RbacObjectNotFoundException e )
160 log.info( "ignore RbacObjectNotFoundException for id {} during restoreGuestInitialValues", userId );
163 userAssignment.setRoleNames( Lists.newArrayList( "Guest" ) );
164 rbacManager.saveUserAssignment( userAssignment );
165 CacheManager.getInstance().clearAll();