mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8715 Commits
73 Branches
Tree: e236e7f98d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e236e7f98d'
${ noResults }
archiva/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/archiva/security/ArchivaServletAuthenticator...

ArchivaServletAuthenticatorTest.java 8.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251 
  1. package org.apache.archiva.security;

  2. 

  3. /*

  4.  * Licensed to the Apache Software Foundation (ASF) under one

  5.  * or more contributor license agreements.  See the NOTICE file

  6.  * distributed with this work for additional information

  7.  * regarding copyright ownership.  The ASF licenses this file

  8.  * to you under the Apache License, Version 2.0 (the

  9.  * "License"); you may not use this file except in compliance

  10.  * with the License.  You may obtain a copy of the License at

  11.  *

  12.  *  http://www.apache.org/licenses/LICENSE-2.0

  13.  *

  14.  * Unless required by applicable law or agreed to in writing,

  15.  * software distributed under the License is distributed on an

  16.  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  17.  * KIND, either express or implied.  See the License for the

  18.  * specific language governing permissions and limitations

  19.  * under the License.

  20.  */

  21. 

  22. import org.apache.archiva.redback.authentication.AuthenticationException;

  23. import org.apache.archiva.redback.authentication.AuthenticationResult;

  24. import org.apache.archiva.redback.authorization.UnauthorizedException;

  25. import org.apache.archiva.redback.system.DefaultSecuritySession;

  26. import org.apache.archiva.redback.system.SecuritySession;

  27. import org.apache.archiva.redback.users.User;

  28. import org.apache.archiva.redback.users.UserManager;

  29. import org.apache.archiva.security.common.ArchivaRoleConstants;

  30. import org.junit.Before;

  31. import org.junit.Test;

  32. 

  33. import javax.inject.Inject;

  34. import javax.inject.Named;

  35. import javax.servlet.http.HttpServletRequest;

  36. 

  37. import static org.mockito.Mockito.mock;

  38. import static org.mockito.Mockito.when;

  39. 

  40. /**

  41.  * ArchivaServletAuthenticatorTest

  42.  */

  43. public class ArchivaServletAuthenticatorTest

  44.     extends AbstractSecurityTest

  45. {

  46.     @Inject

  47.     @Named( value = "servletAuthenticator#test" )

  48.     private ServletAuthenticator servletAuth;

  49. 

  50.     private HttpServletRequest request;

  51. 

  52.     @Before

  53.     @Override

  54.     public void setUp()

  55.         throws Exception

  56.     {

  57.         super.setUp();

  58. 

  59.         request = mock( HttpServletRequest.class );

  60. 

  61.         setupRepository( "corporate" );

  62.     }

  63. 

  64.     protected void assignRepositoryManagerRole( String principal, String repoId )

  65.         throws Exception

  66.     {

  67.         roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId, principal );

  68.     }

  69. 

  70.     @Test

  71.     public void testIsAuthenticatedUserExists()

  72.         throws Exception

  73.     {

  74.         AuthenticationResult result = new AuthenticationResult( true, "user", null );

  75.         boolean isAuthenticated = servletAuth.isAuthenticated( request, result );

  76. 

  77.         assertTrue( isAuthenticated );

  78.     }

  79. 

  80.     @Test

  81.     public void testIsAuthenticatedUserDoesNotExist()

  82.         throws Exception

  83.     {

  84.         AuthenticationResult result = new AuthenticationResult( false, "non-existing-user", null );

  85.         try

  86.         {

  87.             servletAuth.isAuthenticated( request, result );

  88.             fail( "Authentication exception should have been thrown." );

  89.         }

  90.         catch ( AuthenticationException e )

  91.         {

  92.             assertEquals( "User Credentials Invalid", e.getMessage() );

  93.         }

  94.     }

  95. 

  96.     @Test

  97.     public void testIsAuthorizedUserHasWriteAccess()

  98.         throws Exception

  99.     {

  100.         createUser( USER_ALPACA, "Al 'Archiva' Paca" );

  101. 

  102.         assignRepositoryManagerRole( USER_ALPACA, "corporate" );

  103. 

  104.         UserManager userManager = securitySystem.getUserManager();

  105.         User user = userManager.findUser( USER_ALPACA );

  106. 

  107.         AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );

  108. 

  109.         SecuritySession session = new DefaultSecuritySession( result, user );

  110.         boolean isAuthorized =

  111.             servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );

  112. 

  113.         assertTrue( isAuthorized );

  114. 

  115.         restoreGuestInitialValues( USER_ALPACA );

  116.     }

  117. 

  118.     @Test

  119.     public void testIsAuthorizedUserHasNoWriteAccess()

  120.         throws Exception

  121.     {

  122.         createUser( USER_ALPACA, "Al 'Archiva' Paca" );

  123. 

  124.         assignRepositoryObserverRole( USER_ALPACA, "corporate" );

  125. 

  126.         //httpServletRequestControl.expectAndReturn( request.getRemoteAddr(), "192.168.111.111" );

  127.         when( request.getRemoteAddr() ).thenReturn( "192.168.111.111" );

  128. 

  129.         UserManager userManager = securitySystem.getUserManager();

  130.         User user = userManager.findUser( USER_ALPACA );

  131. 

  132.         AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );

  133. 

  134.         SecuritySession session = new DefaultSecuritySession( result, user );

  135. 

  136.         try

  137.         {

  138.             servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );

  139.             fail( "UnauthorizedException should have been thrown." );

  140.         }

  141.         catch ( UnauthorizedException e )

  142.         {

  143.             assertEquals( "Access denied for repository corporate", e.getMessage() );

  144.         }

  145. 

  146.         restoreGuestInitialValues( USER_ALPACA );

  147.     }

  148. 

  149.     @Test

  150.     public void testIsAuthorizedUserHasReadAccess()

  151.         throws Exception

  152.     {

  153.         createUser( USER_ALPACA, "Al 'Archiva' Paca" );

  154. 

  155.         assignRepositoryObserverRole( USER_ALPACA, "corporate" );

  156. 

  157.         UserManager userManager = securitySystem.getUserManager();

  158.         User user = userManager.findUser( USER_ALPACA );

  159. 

  160.         AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );

  161. 

  162.         SecuritySession session = new DefaultSecuritySession( result, user );

  163.         boolean isAuthorized =

  164.             servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );

  165. 

  166.         assertTrue( isAuthorized );

  167. 

  168.         restoreGuestInitialValues( USER_ALPACA );

  169.     }

  170. 

  171.     @Test

  172.     public void testIsAuthorizedUserHasNoReadAccess()

  173.         throws Exception

  174.     {

  175.         createUser( USER_ALPACA, "Al 'Archiva' Paca" );

  176. 

  177.         UserManager userManager = securitySystem.getUserManager();

  178.         User user = userManager.findUser( USER_ALPACA );

  179. 

  180.         AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );

  181. 

  182.         SecuritySession session = new DefaultSecuritySession( result, user );

  183.         try

  184.         {

  185.             servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );

  186.             fail( "UnauthorizedException should have been thrown." );

  187.         }

  188.         catch ( UnauthorizedException e )

  189.         {

  190.             assertEquals( "Access denied for repository corporate", e.getMessage() );

  191.         }

  192. 

  193.         restoreGuestInitialValues( USER_ALPACA );

  194.     }

  195. 

  196.     @Test

  197.     public void testIsAuthorizedGuestUserHasWriteAccess()

  198.         throws Exception

  199.     {

  200.         assignRepositoryManagerRole( USER_GUEST, "corporate" );

  201.         boolean isAuthorized =

  202.             servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );

  203. 

  204.         assertTrue( isAuthorized );

  205. 

  206.         // cleanup previously add karma

  207.         restoreGuestInitialValues(USER_GUEST);

  208. 

  209.     }

  210. 

  211.     @Test

  212.     public void testIsAuthorizedGuestUserHasNoWriteAccess()

  213.         throws Exception

  214.     {

  215.         assignRepositoryObserverRole( USER_GUEST, "corporate" );

  216. 

  217.         boolean isAuthorized =

  218.             servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );

  219.         assertFalse( isAuthorized );

  220. 

  221.         // cleanup previously add karma

  222.         restoreGuestInitialValues(USER_GUEST);

  223. 

  224.     }

  225. 

  226.     @Test

  227.     public void testIsAuthorizedGuestUserHasReadAccess()

  228.         throws Exception

  229.     {

  230.         assignRepositoryObserverRole( USER_GUEST, "corporate" );

  231. 

  232.         boolean isAuthorized =

  233.             servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );

  234. 

  235.         assertTrue( isAuthorized );

  236. 

  237.         // cleanup previously add karma

  238.         restoreGuestInitialValues(USER_GUEST);

  239.     }

  240. 

  241.     @Test

  242.     public void testIsAuthorizedGuestUserHasNoReadAccess()

  243.         throws Exception

  244.     {

  245.         boolean isAuthorized =

  246.             servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );

  247. 

  248.         assertFalse( isAuthorized );

  249.     }

  250. 

  251. }