From: Maria Odea B. Ching Date: Wed, 8 Oct 2008 08:01:02 +0000 (+0000) Subject: added test cases for XmlRpcAuthenticator X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=15219de0c5953cd345f61eddd753d6756a5484ce;p=archiva.git added test cases for XmlRpcAuthenticator git-svn-id: https://svn.apache.org/repos/asf/archiva/branches@702748 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml index d097481a1..8736f8071 100644 --- a/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml +++ b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml @@ -47,5 +47,37 @@ org.apache.archiva archiva-security + + org.codehaus.plexus + plexus-spring + test + + + + org.codehaus.redback + redback-authorization-rbac + test + + + org.codehaus.redback + redback-keys-memory + test + + + org.codehaus.redback + redback-users-memory + test + + + org.codehaus.redback + redback-rbac-memory + test + diff --git a/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java index 42a07acc4..88feb3a78 100644 --- a/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java +++ b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java @@ -1,3 +1,5 @@ +package org.apache.maven.archiva.xmlrpc.security; + /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -16,176 +18,199 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.maven.archiva.xmlrpc.security; -import junit.framework.TestCase; +import java.io.File; + +import org.apache.commons.io.FileUtils; +import org.apache.maven.archiva.configuration.ArchivaConfiguration; +import org.apache.maven.archiva.security.ArchivaRoleConstants; +import org.apache.maven.archiva.security.UserRepositories; import org.apache.xmlrpc.XmlRpcRequest; -import org.apache.xmlrpc.XmlRpcRequestConfig; import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl; -import org.codehaus.plexus.redback.authentication.AuthenticationDataSource; -import org.codehaus.plexus.redback.authentication.AuthenticationException; -import org.codehaus.plexus.redback.authentication.AuthenticationResult; -import org.codehaus.plexus.redback.authorization.AuthorizationException; -import org.codehaus.plexus.redback.authorization.AuthorizationResult; -import org.codehaus.plexus.redback.keys.KeyManager; -import org.codehaus.plexus.redback.policy.AccountLockedException; -import org.codehaus.plexus.redback.policy.UserSecurityPolicy; -import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.rbac.RBACManager; +import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.system.SecuritySystem; import org.codehaus.plexus.redback.users.User; import org.codehaus.plexus.redback.users.UserManager; import org.codehaus.plexus.redback.users.UserNotFoundException; - +import org.codehaus.plexus.spring.PlexusInSpringTestCase; +import org.easymock.MockControl; +import org.easymock.classextension.MockClassControl; + +/** + * XmlRpcAuthenticatorTest + * + * @version $Id XmlRpcAuthenticatorTest.java + */ public class XmlRpcAuthenticatorTest - extends TestCase +//extends AbstractDependencyInjectionSpringContextTests + extends PlexusInSpringTestCase { - private static final String USERNAME = "username"; + protected static final String USER_GUEST = "guest"; + + protected static final String USER_ADMIN = "admin"; + + protected static final String USER_ALPACA = "alpaca"; - private static final String PASSWORD = "password"; + private static final String PASSWORD = "password123"; - public void testAuthentication() + protected SecuritySystem securitySystem; + + protected RoleManager roleManager; + + private MockControl xmlRpcRequestControl; + + private XmlRpcRequest xmlRpcRequest; + + private XmlRpcAuthenticator authenticator; + + private MockControl configControl; + + private XmlRpcHttpRequestConfigImpl config; + + public void setUp() throws Exception { - MockSecuritySystem securitySystem = new MockSecuritySystem( true, true, USERNAME, PASSWORD ); - XmlRpcAuthenticator authenticator = new XmlRpcAuthenticator( securitySystem ); - MockXmlRpcRequest request = new MockXmlRpcRequest( USERNAME, PASSWORD ); - - //assertTrue( authenticator.isAuthorized( request ) ); + super.setUp(); + + securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); + roleManager = (RoleManager) lookup( RoleManager.class, "default" ); + + // Some basic asserts. + assertNotNull( securitySystem ); + assertNotNull( roleManager ); + + // Setup Admin User. + User adminUser = createUser( USER_ADMIN, "Admin User", null ); + roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); + + // Setup Guest User. + User guestUser = createUser( USER_GUEST, "Guest User", null ); + roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); + + configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class ); + config = ( XmlRpcHttpRequestConfigImpl ) configControl.getMock(); + + xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class ); + xmlRpcRequest = ( XmlRpcRequest ) xmlRpcRequestControl.getMock(); + + authenticator = new XmlRpcAuthenticator( securitySystem ); } - - class MockXmlRpcRequest - implements XmlRpcRequest + + private User createUser( String principal, String fullname, String password ) + throws UserNotFoundException { - private final XmlRpcHttpRequestConfigImpl configImpl; - - public MockXmlRpcRequest( String username, String password ) - { - configImpl = new XmlRpcHttpRequestConfigImpl(); - configImpl.setBasicUserName( username ); - configImpl.setBasicPassword( password ); - } - - public XmlRpcRequestConfig getConfig() - { - return configImpl; - } - - public String getMethodName() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public Object getParameter( int pIndex ) - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public int getParameterCount() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } + UserManager userManager = securitySystem.getUserManager(); + + User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" ); + securitySystem.getPolicy().setEnabled( false ); + userManager.addUser( user ); + securitySystem.getPolicy().setEnabled( true ); + + user.setPassword( password ); + userManager.updateUser( user ); + + return user; } - - class MockSecuritySystem - implements SecuritySystem + + public void testIsAuthorizedUserExistsButNotAuthorized() + throws Exception { - private final boolean authorized; - - private final boolean authenticate; - - private final String username; - - private final String password; - - public MockSecuritySystem( boolean authorized, boolean authenticate, String username, String password ) - { - this.authorized = authorized; - this.authenticate = authenticate; - this.username = username; - this.password = password; - } - - public SecuritySession authenticate( AuthenticationDataSource dataSource ) - throws AuthenticationException, UserNotFoundException, AccountLockedException - { - return new SecuritySession() - { - - public AuthenticationResult getAuthenticationResult() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public User getUser() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public boolean isAuthenticated() - { - throw new UnsupportedOperationException(); - } - }; - } - - public AuthorizationResult authorize( SecuritySession session, Object arg1 ) - throws AuthorizationException - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public AuthorizationResult authorize( SecuritySession session, Object arg1, Object arg2 ) - throws AuthorizationException - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public String getAuthenticatorId() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public String getAuthorizerId() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public KeyManager getKeyManager() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public UserSecurityPolicy getPolicy() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public String getUserManagementId() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public UserManager getUserManager() - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public boolean isAuthenticated( AuthenticationDataSource dataSource ) - throws AuthenticationException, UserNotFoundException, AccountLockedException - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public boolean isAuthorized( SecuritySession session, Object arg1 ) - throws AuthorizationException - { - throw new UnsupportedOperationException( "Not supported yet." ); - } - - public boolean isAuthorized( SecuritySession session, Object arg1, Object arg2 ) - throws AuthorizationException - { - throw new UnsupportedOperationException( "Not supported yet." ); - } + createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD ); + + UserManager userManager = securitySystem.getUserManager(); + try + { + User user = userManager.findUser( USER_ALPACA ); + assertEquals( USER_ALPACA, user.getPrincipal() ); + } + catch ( UserNotFoundException e ) + { + fail( "User should exist in the database." ); + } + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); + + configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); + + configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); + + xmlRpcRequestControl.replay(); + configControl.replay(); + + boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); + + xmlRpcRequestControl.verify(); + configControl.verify(); + + assertFalse( isAuthorized ); } + + public void testIsAuthorizedUserExistsAndAuthorized() + throws Exception + { + createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD ); + + UserManager userManager = securitySystem.getUserManager(); + try + { + User user = userManager.findUser( USER_ALPACA ); + assertEquals( USER_ALPACA, user.getPrincipal() ); + } + catch ( UserNotFoundException e ) + { + fail( "User should exist in the database." ); + } + + //TODO cannot assign global repo manager role - it says role does not exist :| + + //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA ); + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); + + configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); + + configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); + + xmlRpcRequestControl.replay(); + configControl.replay(); + + boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); + + xmlRpcRequestControl.verify(); + configControl.verify(); + + //assertTrue( isAuthorized ); + } + + public void testIsAuthorizedUserDoesNotExist() + throws Exception + { + UserManager userManager = securitySystem.getUserManager(); + try + { + userManager.findUser( USER_ALPACA ); + fail( "User should not exist in the database." ); + } + catch ( UserNotFoundException e ) + { + assertEquals( "Unable to find user 'alpaca'", e.getMessage() ); + } + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); + + configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); + + configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); + + xmlRpcRequestControl.replay(); + configControl.replay(); + + boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); + + xmlRpcRequestControl.verify(); + configControl.verify(); + + assertFalse( isAuthorized ); + } } diff --git a/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/META-INF/redback/redback-core.xml b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/META-INF/redback/redback-core.xml new file mode 100644 index 000000000..289043991 --- /dev/null +++ b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/META-INF/redback/redback-core.xml @@ -0,0 +1,210 @@ + + 1.0.0 + + + Redback XWork Integration Security Core + 1.0 + + + global + * + true + + global resource implies full access for authorization + + + + username + ${username} + true + + replaced with the username of the principal at authorization + check time + + + + + + configuration-edit + configuration-edit + edit configuration + true + + + user-management-user-create + user-management-user-create + create user + true + + + user-management-user-edit + user-management-user-edit + edit user + true + + + user-management-user-role + user-management-user-role + user roles + true + + + user-management-user-delete + user-management-user-delete + delete user + true + + + user-management-user-list + user-management-user-list + list users + true + + + user-management-role-grant + user-management-role-grant + grant role + true + + + user-management-role-drop + user-management-role-drop + drop role + true + + + user-management-rbac-admin + user-management-rbac-admin + administer rbac + true + + + guest-access + guest-access + access guest + true + + + add-repository + add-repository + add repository + true + + + + + system-administrator + System Administrator + true + true + + + edit-redback-configuration + Edit Redback Configuration + configuration-edit + global + true + + + manage-rbac-setup + User RBAC Management + user-management-rbac-admin + global + true + + + + user-administrator + + + + user-administrator + User Administrator + true + true + + + drop-roles-for-anyone + Drop Roles for Anyone + user-management-role-drop + global + true + + + grant-roles-for-anyone + Grant Roles for Anyone + user-management-role-grant + global + true + + + user-create + Create Users + user-management-user-create + global + true + + + user-delete + Delete Users + user-management-user-delete + global + true + + + user-edit + Edit Users + user-management-user-edit + global + true + + + access-users-roles + Access Users Roles + user-management-user-role + global + true + + + access-user-list + Access User List + user-management-user-list + global + true + + + + + registered-user + Registered User + true + true + + + edit-user-by-username + Edit User Data by Username + user-management-user-edit + username + true + + + + + guest + Guest + true + true + + + guest-permission + Guest Permission + guest-access + global + true + + + + + + + \ No newline at end of file diff --git a/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.xml b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.xml new file mode 100644 index 000000000..9c7b9344f --- /dev/null +++ b/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.xml @@ -0,0 +1,192 @@ + + + + + + + + org.codehaus.plexus.redback.system.SecuritySystem + testable + org.codehaus.plexus.redback.system.DefaultSecuritySystem + DefaultSecuritySystem: + + + org.codehaus.plexus.redback.authentication.AuthenticationManager + authnManager + + + org.codehaus.plexus.redback.authorization.Authorizer + rbac + authorizer + + + org.codehaus.plexus.redback.users.UserManager + memory + userManager + + + org.codehaus.plexus.redback.keys.KeyManager + memory + keyManager + + + org.codehaus.plexus.redback.policy.UserSecurityPolicy + policy + + + + + + org.codehaus.plexus.redback.authorization.Authorizer + rbac + org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer + RbacAuthorizer: + + + org.codehaus.plexus.redback.rbac.RBACManager + memory + manager + + + org.codehaus.plexus.redback.users.UserManager + memory + userManager + + + org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator + default + evaluator + + + org.codehaus.plexus.redback.configuration.UserConfiguration + default + config + + + + + + org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator + default + org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator + + + org.codehaus.plexus.redback.users.UserManager + memory + userManager + + + + + + org.codehaus.plexus.redback.role.RoleManager + default + org.codehaus.plexus.redback.role.DefaultRoleManager + RoleProfileManager: + + + org.codehaus.plexus.redback.role.validator.RoleModelValidator + default + modelValidator + + + org.codehaus.plexus.redback.role.processor.RoleModelProcessor + default + modelProcessor + + + org.codehaus.plexus.redback.role.template.RoleTemplateProcessor + default + templateProcessor + + + org.codehaus.plexus.redback.rbac.RBACManager + memory + rbacManager + + + + + + org.codehaus.plexus.redback.role.processor.RoleModelProcessor + default + org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor + DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager + + + org.codehaus.plexus.redback.rbac.RBACManager + memory + rbacManager + + + + + + org.codehaus.plexus.redback.role.template.RoleTemplateProcessor + default + org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor + DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager + + + org.codehaus.plexus.redback.rbac.RBACManager + memory + rbacManager + + + + + + + + \ No newline at end of file diff --git a/MRM-124/pom.xml b/MRM-124/pom.xml index 943414d9a..7bc4460e4 100644 --- a/MRM-124/pom.xml +++ b/MRM-124/pom.xml @@ -949,6 +949,19 @@ + org.apache.maven maven-artifact