source.dussan.org Git - archiva.git/blob

   1 package org.codehaus.redback.jsecurity;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *     http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import junit.framework.TestCase;
  23 import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
  24 import org.codehaus.plexus.redback.rbac.Operation;
  25 import org.codehaus.plexus.redback.rbac.Permission;
  26 import org.codehaus.plexus.redback.rbac.RBACManager;
  27 import org.codehaus.plexus.redback.rbac.Resource;
  28 import org.codehaus.plexus.redback.rbac.Role;
  29 import org.codehaus.plexus.redback.rbac.UserAssignment;
  30 import org.codehaus.plexus.redback.users.User;
  31 import org.codehaus.plexus.redback.users.UserManager;
  32 import org.jsecurity.authc.IncorrectCredentialsException;
  33 import org.jsecurity.authc.UsernamePasswordToken;
  34 import org.jsecurity.mgt.DefaultSecurityManager;
  35 import org.jsecurity.subject.PrincipalCollection;
  36 import org.jsecurity.subject.SimplePrincipalCollection;
  37 import org.jsecurity.subject.Subject;
  38 import org.junit.After;
  39 import org.junit.Before;
  40 import org.junit.Test;
  41 import org.junit.runner.RunWith;
  42 import org.springframework.test.context.ContextConfiguration;
  43 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
  44
  45 import javax.inject.Inject;
  46 import javax.inject.Named;
  47
  48
  49 @RunWith( SpringJUnit4ClassRunner.class )
  50 @ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
  51 public class RedbackRealmTest
  52     extends TestCase
  53 {
  54     private DefaultSecurityManager securityManager;
  55
  56     private RedbackRealm realm;
  57
  58     @Inject
  59     @Named( value = "userManager#memory" )
  60     private UserManager userManager;
  61
  62     @Inject
  63     @Named( value = "rBACManager#memory" )
  64     private RBACManager rbacManager;
  65
  66     @Inject
  67     private UserSecurityPolicy userSecurityPolicy;
  68
  69     private User user;
  70
  71     @Before
  72     public void setUp()
  73         throws Exception
  74     {
  75         super.setUp();
  76         securityManager = new DefaultSecurityManager();
  77
  78
  79
  80         realm = new RedbackRealm( userManager, rbacManager, userSecurityPolicy );
  81         securityManager.setRealm( realm );
  82
  83         user = userManager.createUser( "test1", "John Tester", "jtester@redback.codehaus.org" );
  84         user.setPassword( "password1" );
  85         userManager.addUser( user );
  86         userManager.updateUser( user );
  87     }
  88
  89     @After
  90     public void tearDown()
  91         throws Exception
  92     {
  93         super.tearDown();
  94         securityManager.destroy();
  95         securityManager = null;
  96         realm = null;
  97     }
  98
  99     protected String getPlexusConfigLocation()
 100     {
 101         return "plexus.xml";
 102     }
 103
 104     public void testThrowsExceptionIfUserAccountLocked()
 105         throws Exception
 106     {
 107         user.setLocked( true );
 108         userManager.updateUser( user );
 109         try
 110         {
 111             securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
 112             fail( "Should not be able to login" );
 113         }
 114         catch ( PrincipalLockedException e )
 115         {
 116             assertTrue( true );
 117         }
 118     }
 119
 120     @Test
 121     public void testThrowsExceptionIfUserAccountNeedsPasswordChange()
 122         throws Exception
 123     {
 124         user.setPasswordChangeRequired( true );
 125         userManager.updateUser( user );
 126         try
 127         {
 128             securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
 129             fail( "Should not be able to login" );
 130         }
 131         catch ( PrincipalPasswordChangeRequiredException e )
 132         {
 133             assertTrue( true );
 134         }
 135     }
 136
 137     @Test
 138     public void testUnsuccessfullAuthAttemptsLockAccount()
 139         throws Exception
 140     {
 141         assertFalse( user.isLocked() );
 142         userSecurityPolicy.setLoginAttemptCount( 2 );
 143         try
 144         {
 145             securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
 146             fail( "password should be incorrect" );
 147         }
 148         catch ( IncorrectCredentialsException e )
 149         {
 150             assertFalse( user.isLocked() );
 151         }
 152
 153         try
 154         {
 155             securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
 156             fail( "password should be incorrect" );
 157         }
 158         catch ( IncorrectCredentialsException e )
 159         {
 160             assertTrue( user.isLocked() );
 161         }
 162     }
 163
 164     @Test
 165     public void testBasic()
 166         throws Exception
 167     {
 168         assertEquals( 1, userManager.getUsers().size() );
 169
 170         Role role1 = rbacManager.createRole( "role1" );
 171         Permission permission = rbacManager.createPermission( "Allowed to write to repository" );
 172         Operation operation = rbacManager.createOperation( "myop" );
 173         Resource resource = rbacManager.createResource( "filesystem" );
 174
 175         permission.setOperation( operation );
 176         permission.setPermanent( false );
 177         permission.setResource( resource );
 178
 179         role1.addPermission( permission );
 180         rbacManager.savePermission( permission );
 181         rbacManager.saveRole( role1 );
 182
 183         Role role2 = rbacManager.createRole( "role2" );
 184
 185         UserAssignment assignment = rbacManager.createUserAssignment( user.getUsername() );
 186         assignment.addRoleName( "role1" );
 187         rbacManager.saveUserAssignment( assignment );
 188
 189         Subject subject = securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
 190         assertTrue( subject.isAuthenticated() );
 191         assertTrue( subject.hasRole( "role1" ) );
 192         assertFalse( subject.hasRole( "role2" ) );
 193
 194         PrincipalCollection principals = new SimplePrincipalCollection( "test1", realm.getName() );
 195
 196         assertTrue( securityManager.isPermitted( principals, "Allowed to write to repository" ) );
 197     }
 198 }