--- /dev/null
+package org.apache.archiva.redback.jsecurity;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.jsecurity.authc.AuthenticationException;
+
+public class PrincipalLockedException
+ extends AuthenticationException
+{
+ public PrincipalLockedException( String message, Throwable cause )
+ {
+ super( message, cause );
+ }
+
+ public PrincipalLockedException( String message )
+ {
+ super( message );
+ }
+
+ public PrincipalLockedException( Throwable cause )
+ {
+ super( cause );
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.jsecurity;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.jsecurity.authc.AuthenticationException;
+
+public class PrincipalPasswordChangeRequiredException
+ extends AuthenticationException
+{
+ public PrincipalPasswordChangeRequiredException( String message, Throwable cause )
+ {
+ super( message, cause );
+ }
+
+ public PrincipalPasswordChangeRequiredException( String message )
+ {
+ super( message );
+ }
+
+ public PrincipalPasswordChangeRequiredException( Throwable cause )
+ {
+ super( cause );
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.jsecurity;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.policy.AccountLockedException;
+import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.RbacManagerException;
+import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserNotFoundException;
+import org.jsecurity.authc.AuthenticationException;
+import org.jsecurity.authc.AuthenticationInfo;
+import org.jsecurity.authc.AuthenticationToken;
+import org.jsecurity.authc.SimpleAuthenticationInfo;
+import org.jsecurity.authc.UsernamePasswordToken;
+import org.jsecurity.authc.credential.CredentialsMatcher;
+import org.jsecurity.authz.AuthorizationInfo;
+import org.jsecurity.authz.SimpleAuthorizationInfo;
+import org.jsecurity.realm.AuthorizingRealm;
+import org.jsecurity.subject.PrincipalCollection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+public class RedbackRealm
+ extends AuthorizingRealm
+{
+ private Logger log = LoggerFactory.getLogger( RedbackRealm.class );
+
+ private final UserManager userManager;
+
+ private final RBACManager rbacManager;
+
+ private final UserSecurityPolicy securityPolicy;
+
+ public RedbackRealm( UserManager userManager, RBACManager rbacManager, UserSecurityPolicy securityPolicy )
+ {
+ this.userManager = userManager;
+ this.rbacManager = rbacManager;
+ this.securityPolicy = securityPolicy;
+ }
+
+ @Override
+ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals )
+ {
+ final String username = (String) principals.fromRealm( getName() ).iterator().next();
+
+ try
+ {
+ final UserAssignment assignment = rbacManager.getUserAssignment( username );
+ final Set<String> roleNames = new HashSet<String>( assignment.getRoleNames() );
+ final Set<String> permissions = new HashSet<String>();
+
+ for ( Iterator<Permission> it = rbacManager.getAssignedPermissions( username ).iterator(); it.hasNext(); )
+ {
+ Permission permission = it.next();
+ permissions.add( permission.getName() );
+ }
+
+ SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo( roleNames );
+ authorizationInfo.setStringPermissions( permissions );
+
+ return authorizationInfo;
+ }
+ catch ( RbacManagerException e )
+ {
+ log.error( "Could not authenticate against data source", e );
+ }
+
+ return null;
+ }
+
+ @Override
+ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token )
+ throws AuthenticationException
+ {
+ if ( token == null )
+ {
+ throw new AuthenticationException( "AuthenticationToken cannot be null" );
+ }
+
+ final UsernamePasswordToken passwordToken = (UsernamePasswordToken) token;
+
+ User user = null;
+ try
+ {
+ user = userManager.findUser( passwordToken.getUsername() );
+ }
+ catch ( UserNotFoundException e )
+ {
+ log.error( "Could not find user " + passwordToken.getUsername() );
+ }
+
+ if ( user == null )
+ {
+ return null;
+ }
+
+ if ( user.isLocked() && !user.isPasswordChangeRequired() )
+ {
+ throw new PrincipalLockedException( "User " + user.getPrincipal() + " is locked." );
+ }
+
+ if ( user.isPasswordChangeRequired() )
+ {
+ throw new PrincipalPasswordChangeRequiredException(
+ "Password change is required for user " + user.getPrincipal() );
+ }
+
+ return new RedbackAuthenticationInfo( user, getName() );
+ }
+
+ @Override
+ public CredentialsMatcher getCredentialsMatcher()
+ {
+ return new CredentialsMatcher()
+ {
+ public boolean doCredentialsMatch( AuthenticationToken token, AuthenticationInfo info )
+ {
+ final String credentials = new String( (char[]) token.getCredentials() );
+ final boolean match = securityPolicy.getPasswordEncoder().encodePassword( credentials ).equals(
+ (String) info.getCredentials() );
+ if ( !match )
+ {
+ User user = ( (RedbackAuthenticationInfo) info ).getUser();
+ try
+ {
+ securityPolicy.extensionExcessiveLoginAttempts( user );
+ }
+ catch ( AccountLockedException e )
+ {
+ log.info( "User{} has been locked", user.getUsername(), e );
+ }
+ finally
+ {
+ try
+ {
+ userManager.updateUser( user );
+ }
+ catch ( UserNotFoundException e )
+ {
+ log.error( "The user to be updated could not be found", e );
+ }
+ }
+ }
+ return match;
+ }
+ };
+ }
+
+ final class RedbackAuthenticationInfo
+ extends SimpleAuthenticationInfo
+ {
+ private final User user;
+
+ public RedbackAuthenticationInfo( User user, String realmName )
+ {
+ super( user.getPrincipal(), user.getEncodedPassword(), realmName );
+ this.user = user;
+ }
+
+ public User getUser()
+ {
+ return user;
+ }
+ }
+}
+++ /dev/null
-package org.codehaus.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.jsecurity.authc.AuthenticationException;
-
-public class PrincipalLockedException
- extends AuthenticationException
-{
- public PrincipalLockedException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public PrincipalLockedException( String message )
- {
- super( message );
- }
-
- public PrincipalLockedException( Throwable cause )
- {
- super( cause );
- }
-}
+++ /dev/null
-package org.codehaus.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.jsecurity.authc.AuthenticationException;
-
-public class PrincipalPasswordChangeRequiredException
- extends AuthenticationException
-{
- public PrincipalPasswordChangeRequiredException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public PrincipalPasswordChangeRequiredException( String message )
- {
- super( message );
- }
-
- public PrincipalPasswordChangeRequiredException( Throwable cause )
- {
- super( cause );
- }
-}
+++ /dev/null
-package org.codehaus.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.policy.AccountLockedException;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.RbacManagerException;
-import org.apache.archiva.redback.rbac.UserAssignment;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.apache.archiva.redback.users.UserNotFoundException;
-import org.jsecurity.authc.AuthenticationException;
-import org.jsecurity.authc.AuthenticationInfo;
-import org.jsecurity.authc.AuthenticationToken;
-import org.jsecurity.authc.SimpleAuthenticationInfo;
-import org.jsecurity.authc.UsernamePasswordToken;
-import org.jsecurity.authc.credential.CredentialsMatcher;
-import org.jsecurity.authz.AuthorizationInfo;
-import org.jsecurity.authz.SimpleAuthorizationInfo;
-import org.jsecurity.realm.AuthorizingRealm;
-import org.jsecurity.subject.PrincipalCollection;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-public class RedbackRealm
- extends AuthorizingRealm
-{
- private Logger log = LoggerFactory.getLogger( RedbackRealm.class );
-
- private final UserManager userManager;
-
- private final RBACManager rbacManager;
-
- private final UserSecurityPolicy securityPolicy;
-
- public RedbackRealm( UserManager userManager, RBACManager rbacManager, UserSecurityPolicy securityPolicy )
- {
- this.userManager = userManager;
- this.rbacManager = rbacManager;
- this.securityPolicy = securityPolicy;
- }
-
- @Override
- protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals )
- {
- final String username = (String) principals.fromRealm( getName() ).iterator().next();
-
- try
- {
- final UserAssignment assignment = rbacManager.getUserAssignment( username );
- final Set<String> roleNames = new HashSet<String>( assignment.getRoleNames() );
- final Set<String> permissions = new HashSet<String>();
-
- for ( Iterator<Permission> it = rbacManager.getAssignedPermissions( username ).iterator(); it.hasNext(); )
- {
- Permission permission = it.next();
- permissions.add( permission.getName() );
- }
-
- SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo( roleNames );
- authorizationInfo.setStringPermissions( permissions );
-
- return authorizationInfo;
- }
- catch ( RbacManagerException e )
- {
- log.error( "Could not authenticate against data source", e );
- }
-
- return null;
- }
-
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token )
- throws AuthenticationException
- {
- if ( token == null )
- {
- throw new AuthenticationException( "AuthenticationToken cannot be null" );
- }
-
- final UsernamePasswordToken passwordToken = (UsernamePasswordToken) token;
-
- User user = null;
- try
- {
- user = userManager.findUser( passwordToken.getUsername() );
- }
- catch ( UserNotFoundException e )
- {
- log.error( "Could not find user " + passwordToken.getUsername() );
- }
-
- if ( user == null )
- {
- return null;
- }
-
- if ( user.isLocked() && !user.isPasswordChangeRequired() )
- {
- throw new PrincipalLockedException( "User " + user.getPrincipal() + " is locked." );
- }
-
- if ( user.isPasswordChangeRequired() )
- {
- throw new PrincipalPasswordChangeRequiredException(
- "Password change is required for user " + user.getPrincipal() );
- }
-
- return new RedbackAuthenticationInfo( user, getName() );
- }
-
- @Override
- public CredentialsMatcher getCredentialsMatcher()
- {
- return new CredentialsMatcher()
- {
- public boolean doCredentialsMatch( AuthenticationToken token, AuthenticationInfo info )
- {
- final String credentials = new String( (char[]) token.getCredentials() );
- final boolean match = securityPolicy.getPasswordEncoder().encodePassword( credentials ).equals(
- (String) info.getCredentials() );
- if ( !match )
- {
- User user = ( (RedbackAuthenticationInfo) info ).getUser();
- try
- {
- securityPolicy.extensionExcessiveLoginAttempts( user );
- }
- catch ( AccountLockedException e )
- {
- log.info( "User{} has been locked", user.getUsername(), e );
- }
- finally
- {
- try
- {
- userManager.updateUser( user );
- }
- catch ( UserNotFoundException e )
- {
- log.error( "The user to be updated could not be found", e );
- }
- }
- }
- return match;
- }
- };
- }
-
- final class RedbackAuthenticationInfo
- extends SimpleAuthenticationInfo
- {
- private final User user;
-
- public RedbackAuthenticationInfo( User user, String realmName )
- {
- super( user.getPrincipal(), user.getEncodedPassword(), realmName );
- this.user = user;
- }
-
- public User getUser()
- {
- return user;
- }
- }
-}
--- /dev/null
+package org.apache.archiva.redback.jsecurity;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.jsecurity.PrincipalLockedException;
+import org.apache.archiva.redback.jsecurity.PrincipalPasswordChangeRequiredException;
+import org.apache.archiva.redback.jsecurity.RedbackRealm;
+import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.apache.archiva.redback.rbac.Operation;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.Resource;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.jsecurity.authc.IncorrectCredentialsException;
+import org.jsecurity.authc.UsernamePasswordToken;
+import org.jsecurity.mgt.DefaultSecurityManager;
+import org.jsecurity.subject.PrincipalCollection;
+import org.jsecurity.subject.SimplePrincipalCollection;
+import org.jsecurity.subject.Subject;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class RedbackRealmTest
+ extends TestCase
+{
+ private DefaultSecurityManager securityManager;
+
+ private RedbackRealm realm;
+
+ @Inject
+ @Named( value = "userManager#memory" )
+ private UserManager userManager;
+
+ @Inject
+ @Named( value = "rBACManager#memory" )
+ private RBACManager rbacManager;
+
+ @Inject
+ private UserSecurityPolicy userSecurityPolicy;
+
+ private User user;
+
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+ securityManager = new DefaultSecurityManager();
+
+ realm = new RedbackRealm( userManager, rbacManager, userSecurityPolicy );
+ securityManager.setRealm( realm );
+
+ user = userManager.createUser( "test1", "John Tester", "jtester@redback.codehaus.org" );
+ user.setPassword( "password1" );
+ userManager.addUser( user );
+ userManager.updateUser( user );
+ }
+
+ @After
+ public void tearDown()
+ throws Exception
+ {
+ super.tearDown();
+ securityManager.destroy();
+ securityManager = null;
+ realm = null;
+ }
+
+ protected String getPlexusConfigLocation()
+ {
+ return "plexus.xml";
+ }
+
+ public void testThrowsExceptionIfUserAccountLocked()
+ throws Exception
+ {
+ user.setLocked( true );
+ userManager.updateUser( user );
+ try
+ {
+ securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
+ fail( "Should not be able to login" );
+ }
+ catch ( PrincipalLockedException e )
+ {
+ assertTrue( true );
+ }
+ }
+
+ @Test
+ public void testThrowsExceptionIfUserAccountNeedsPasswordChange()
+ throws Exception
+ {
+ user.setPasswordChangeRequired( true );
+ userManager.updateUser( user );
+ try
+ {
+ securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
+ fail( "Should not be able to login" );
+ }
+ catch ( PrincipalPasswordChangeRequiredException e )
+ {
+ assertTrue( true );
+ }
+ }
+
+ @Test
+ public void testUnsuccessfullAuthAttemptsLockAccount()
+ throws Exception
+ {
+ assertFalse( user.isLocked() );
+ userSecurityPolicy.setLoginAttemptCount( 2 );
+ try
+ {
+ securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
+ fail( "password should be incorrect" );
+ }
+ catch ( IncorrectCredentialsException e )
+ {
+ assertFalse( user.isLocked() );
+ }
+
+ try
+ {
+ securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
+ fail( "password should be incorrect" );
+ }
+ catch ( IncorrectCredentialsException e )
+ {
+ assertTrue( user.isLocked() );
+ }
+ }
+
+ @Test
+ public void testBasic()
+ throws Exception
+ {
+ assertEquals( 1, userManager.getUsers().size() );
+
+ Role role1 = rbacManager.createRole( "role1" );
+ Permission permission = rbacManager.createPermission( "Allowed to write to repository" );
+ Operation operation = rbacManager.createOperation( "myop" );
+ Resource resource = rbacManager.createResource( "filesystem" );
+
+ permission.setOperation( operation );
+ permission.setPermanent( false );
+ permission.setResource( resource );
+
+ role1.addPermission( permission );
+ rbacManager.savePermission( permission );
+ rbacManager.saveRole( role1 );
+
+ Role role2 = rbacManager.createRole( "role2" );
+
+ UserAssignment assignment = rbacManager.createUserAssignment( user.getUsername() );
+ assignment.addRoleName( "role1" );
+ rbacManager.saveUserAssignment( assignment );
+
+ Subject subject = securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
+ assertTrue( subject.isAuthenticated() );
+ assertTrue( subject.hasRole( "role1" ) );
+ assertFalse( subject.hasRole( "role2" ) );
+
+ PrincipalCollection principals = new SimplePrincipalCollection( "test1", realm.getName() );
+
+ assertTrue( securityManager.isPermitted( principals, "Allowed to write to repository" ) );
+ }
+}
+++ /dev/null
-package org.codehaus.redback.jsecurity;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.apache.archiva.redback.rbac.Operation;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.Resource;
-import org.apache.archiva.redback.rbac.Role;
-import org.apache.archiva.redback.rbac.UserAssignment;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.jsecurity.authc.IncorrectCredentialsException;
-import org.jsecurity.authc.UsernamePasswordToken;
-import org.jsecurity.mgt.DefaultSecurityManager;
-import org.jsecurity.subject.PrincipalCollection;
-import org.jsecurity.subject.SimplePrincipalCollection;
-import org.jsecurity.subject.Subject;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
-
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class RedbackRealmTest
- extends TestCase
-{
- private DefaultSecurityManager securityManager;
-
- private RedbackRealm realm;
-
- @Inject
- @Named( value = "userManager#memory" )
- private UserManager userManager;
-
- @Inject
- @Named( value = "rBACManager#memory" )
- private RBACManager rbacManager;
-
- @Inject
- private UserSecurityPolicy userSecurityPolicy;
-
- private User user;
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
- securityManager = new DefaultSecurityManager();
-
- realm = new RedbackRealm( userManager, rbacManager, userSecurityPolicy );
- securityManager.setRealm( realm );
-
- user = userManager.createUser( "test1", "John Tester", "jtester@redback.codehaus.org" );
- user.setPassword( "password1" );
- userManager.addUser( user );
- userManager.updateUser( user );
- }
-
- @After
- public void tearDown()
- throws Exception
- {
- super.tearDown();
- securityManager.destroy();
- securityManager = null;
- realm = null;
- }
-
- protected String getPlexusConfigLocation()
- {
- return "plexus.xml";
- }
-
- public void testThrowsExceptionIfUserAccountLocked()
- throws Exception
- {
- user.setLocked( true );
- userManager.updateUser( user );
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
- fail( "Should not be able to login" );
- }
- catch ( PrincipalLockedException e )
- {
- assertTrue( true );
- }
- }
-
- @Test
- public void testThrowsExceptionIfUserAccountNeedsPasswordChange()
- throws Exception
- {
- user.setPasswordChangeRequired( true );
- userManager.updateUser( user );
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
- fail( "Should not be able to login" );
- }
- catch ( PrincipalPasswordChangeRequiredException e )
- {
- assertTrue( true );
- }
- }
-
- @Test
- public void testUnsuccessfullAuthAttemptsLockAccount()
- throws Exception
- {
- assertFalse( user.isLocked() );
- userSecurityPolicy.setLoginAttemptCount( 2 );
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
- fail( "password should be incorrect" );
- }
- catch ( IncorrectCredentialsException e )
- {
- assertFalse( user.isLocked() );
- }
-
- try
- {
- securityManager.login( new UsernamePasswordToken( "test1", "incorrectpassowrd" ) );
- fail( "password should be incorrect" );
- }
- catch ( IncorrectCredentialsException e )
- {
- assertTrue( user.isLocked() );
- }
- }
-
- @Test
- public void testBasic()
- throws Exception
- {
- assertEquals( 1, userManager.getUsers().size() );
-
- Role role1 = rbacManager.createRole( "role1" );
- Permission permission = rbacManager.createPermission( "Allowed to write to repository" );
- Operation operation = rbacManager.createOperation( "myop" );
- Resource resource = rbacManager.createResource( "filesystem" );
-
- permission.setOperation( operation );
- permission.setPermanent( false );
- permission.setResource( resource );
-
- role1.addPermission( permission );
- rbacManager.savePermission( permission );
- rbacManager.saveRole( role1 );
-
- Role role2 = rbacManager.createRole( "role2" );
-
- UserAssignment assignment = rbacManager.createUserAssignment( user.getUsername() );
- assignment.addRoleName( "role1" );
- rbacManager.saveUserAssignment( assignment );
-
- Subject subject = securityManager.login( new UsernamePasswordToken( "test1", "password1" ) );
- assertTrue( subject.isAuthenticated() );
- assertTrue( subject.hasRole( "role1" ) );
- assertFalse( subject.hasRole( "role2" ) );
-
- PrincipalCollection principals = new SimplePrincipalCollection( "test1", realm.getName() );
-
- assertTrue( securityManager.isPermitted( principals, "Allowed to write to repository" ) );
- }
-}
projects / archiva.git / commitdiff