source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.jsecurity;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *     http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import junit.framework.TestCase;
  23 import org.apache.archiva.redback.jsecurity.PrincipalLockedException;
  24 import org.apache.archiva.redback.jsecurity.PrincipalPasswordChangeRequiredException;
  25 import org.apache.archiva.redback.jsecurity.RedbackRealm;
  26 import org.apache.archiva.redback.policy.UserSecurityPolicy;
  27 import org.apache.archiva.redback.rbac.Operation;
  28 import org.apache.archiva.redback.rbac.Permission;
  29 import org.apache.archiva.redback.rbac.RBACManager;
  30 import org.apache.archiva.redback.rbac.Resource;
  31 import org.apache.archiva.redback.rbac.Role;
  32 import org.apache.archiva.redback.rbac.UserAssignment;
  33 import org.apache.archiva.redback.users.User;
  34 import org.apache.archiva.redback.users.UserManager;
  35 import org.jsecurity.authc.IncorrectCredentialsException;
  36 import org.jsecurity.authc.UsernamePasswordToken;
  37 import org.jsecurity.mgt.DefaultSecurityManager;
  38 import org.jsecurity.subject.PrincipalCollection;
  39 import org.jsecurity.subject.SimplePrincipalCollection;
  40 import org.jsecurity.subject.Subject;
  41 import org.junit.After;
  42 import org.junit.Before;
  43 import org.junit.Test;
  44 import org.junit.runner.RunWith;
  45 import org.springframework.test.context.ContextConfiguration;
  46 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
  47
  48 import javax.inject.Inject;
  49 import javax.inject.Named;
  50
  51
  52 @RunWith( SpringJUnit4ClassRunner.class )
  53 @ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
  54 public class RedbackRealmTest
  55     extends TestCase
  56 {
  57     private DefaultSecurityManager securityManager;
  58
  59     private RedbackRealm realm;
  60
  61     @Inject
  62     @Named( value = "userManager#memory" )
  63     private UserManager userManager;
  64
  65     @Inject
  66     @Named( value = "rBACManager#memory" )
  67     private RBACManager rbacManager;
  68
  69     @Inject
  70     private UserSecurityPolicy userSecurityPolicy;
  71
  72     private User user;
  73
  74     @Before
  75     public void setUp()
  76         throws Exception
  77     {
  78         super.setUp();
  79         securityManager = new DefaultSecurityManager();
  80
  81         realm = new RedbackRealm( userManager, rbacManager, userSecurityPolicy );
  82         securityManager.setRealm( realm );
  83
  84         user = userManager.createUser( "test1", "John Tester", "jtester@redback.codehaus.org" );
  85         user.setPassword( "password1" );
  86         userManager.addUser( user );
  87         userManager.updateUser( user );
  88     }
  89
  90     @After
  91     public void tearDown()
  92         throws Exception
  93     {
  94         super.tearDown();
  95         securityManager.destroy();
  96         securityManager = null;
  97         realm = null;
  98     }
  99
 100     protected String getPlexusConfigLocation()
 101     {
 102         return "plexus.xml";
 103     }
 104
 105     public void testThrowsExceptionIfUserAccountLocked()
 106         throws Exception
 107     {
 108         user.setLocked( true );
 109         userManager.updateUser( user );
 110         try
 111         {
 112             securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
 113             fail( "Should not be able to login" );
 114         }
 115         catch ( PrincipalLockedException e )
 116         {
 117             assertTrue( true );
 118         }
 119     }
 120
 121     @Test
 122     public void testThrowsExceptionIfUserAccountNeedsPasswordChange()
 123         throws Exception
 124     {
 125         user.setPasswordChangeRequired( true );
 126         userManager.updateUser( user );
 127         try
 128         {
 129             securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
 130             fail( "Should not be able to login" );
 131         }
 132         catch ( PrincipalPasswordChangeRequiredException e )
 133         {
 134             assertTrue( true );
 135         }
 136     }
 137
 138     @Test
 139     public void testUnsuccessfullAuthAttemptsLockAccount()
 140         throws Exception
 141     {
 142         assertFalse( user.isLocked() );
 143         userSecurityPolicy.setLoginAttemptCount( 2 );
 144         try
 145         {
 146             securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
 147             fail( "password should be incorrect" );
 148         }
 149         catch ( IncorrectCredentialsException e )
 150         {
 151             assertFalse( user.isLocked() );
 152         }
 153
 154         try
 155         {
 156             securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
 157             fail( "password should be incorrect" );
 158         }
 159         catch ( IncorrectCredentialsException e )
 160         {
 161             assertTrue( user.isLocked() );
 162         }
 163     }
 164
 165     @Test
 166     public void testBasic()
 167         throws Exception
 168     {
 169         assertEquals( 1, userManager.getUsers().size() );
 170
 171         Role role1 = rbacManager.createRole( "role1" );
 172         Permission permission = rbacManager.createPermission( "Allowed to write to repository" );
 173         Operation operation = rbacManager.createOperation( "myop" );
 174         Resource resource = rbacManager.createResource( "filesystem" );
 175
 176         permission.setOperation( operation );
 177         permission.setPermanent( false );
 178         permission.setResource( resource );
 179
 180         role1.addPermission( permission );
 181         rbacManager.savePermission( permission );
 182         rbacManager.saveRole( role1 );
 183
 184         Role role2 = rbacManager.createRole( "role2" );
 185
 186         UserAssignment assignment = rbacManager.createUserAssignment( user.getUsername() );
 187         assignment.addRoleName( "role1" );
 188         rbacManager.saveUserAssignment( assignment );
 189
 190         Subject subject = securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
 191         assertTrue( subject.isAuthenticated() );
 192         assertTrue( subject.hasRole( "role1" ) );
 193         assertFalse( subject.hasRole( "role2" ) );
 194
 195         PrincipalCollection principals = new SimplePrincipalCollection( "test1", realm.getName() );
 196
 197         assertTrue( securityManager.isPermitted( principals, "Allowed to write to repository" ) );
 198     }
 199 }