123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251 |
- package org.apache.archiva.security;
-
- /*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- import org.apache.archiva.redback.authentication.AuthenticationException;
- import org.apache.archiva.redback.authentication.AuthenticationResult;
- import org.apache.archiva.redback.authorization.UnauthorizedException;
- import org.apache.archiva.redback.system.DefaultSecuritySession;
- import org.apache.archiva.redback.system.SecuritySession;
- import org.apache.archiva.redback.users.User;
- import org.apache.archiva.redback.users.UserManager;
- import org.apache.archiva.security.common.ArchivaRoleConstants;
- import org.junit.Before;
- import org.junit.Test;
-
- import javax.inject.Inject;
- import javax.inject.Named;
- import javax.servlet.http.HttpServletRequest;
-
- import static org.mockito.Mockito.mock;
- import static org.mockito.Mockito.when;
-
- /**
- * ArchivaServletAuthenticatorTest
- */
- public class ArchivaServletAuthenticatorTest
- extends AbstractSecurityTest
- {
- @Inject
- @Named( value = "servletAuthenticator#test" )
- private ServletAuthenticator servletAuth;
-
- private HttpServletRequest request;
-
- @Before
- @Override
- public void setUp()
- throws Exception
- {
- super.setUp();
-
- request = mock( HttpServletRequest.class );
-
- setupRepository( "corporate" );
- }
-
- protected void assignRepositoryManagerRole( String principal, String repoId )
- throws Exception
- {
- roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId, principal );
- }
-
- @Test
- public void testIsAuthenticatedUserExists()
- throws Exception
- {
- AuthenticationResult result = new AuthenticationResult( true, "user", null );
- boolean isAuthenticated = servletAuth.isAuthenticated( request, result );
-
- assertTrue( isAuthenticated );
- }
-
- @Test
- public void testIsAuthenticatedUserDoesNotExist()
- throws Exception
- {
- AuthenticationResult result = new AuthenticationResult( false, "non-existing-user", null );
- try
- {
- servletAuth.isAuthenticated( request, result );
- fail( "Authentication exception should have been thrown." );
- }
- catch ( AuthenticationException e )
- {
- assertEquals( "User Credentials Invalid", e.getMessage() );
- }
- }
-
- @Test
- public void testIsAuthorizedUserHasWriteAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assignRepositoryManagerRole( USER_ALPACA, "corporate" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
- boolean isAuthorized =
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );
-
- assertTrue( isAuthorized );
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserHasNoWriteAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assignRepositoryObserverRole( USER_ALPACA, "corporate" );
-
- //httpServletRequestControl.expectAndReturn( request.getRemoteAddr(), "192.168.111.111" );
- when( request.getRemoteAddr() ).thenReturn( "192.168.111.111" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
-
- try
- {
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );
- fail( "UnauthorizedException should have been thrown." );
- }
- catch ( UnauthorizedException e )
- {
- assertEquals( "Access denied for repository corporate", e.getMessage() );
- }
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserHasReadAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assignRepositoryObserverRole( USER_ALPACA, "corporate" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
- boolean isAuthorized =
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );
-
- assertTrue( isAuthorized );
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserHasNoReadAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
- try
- {
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );
- fail( "UnauthorizedException should have been thrown." );
- }
- catch ( UnauthorizedException e )
- {
- assertEquals( "Access denied for repository corporate", e.getMessage() );
- }
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasWriteAccess()
- throws Exception
- {
- assignRepositoryManagerRole( USER_GUEST, "corporate" );
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );
-
- assertTrue( isAuthorized );
-
- // cleanup previously add karma
- restoreGuestInitialValues(USER_GUEST);
-
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasNoWriteAccess()
- throws Exception
- {
- assignRepositoryObserverRole( USER_GUEST, "corporate" );
-
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_ADD_ARTIFACT );
- assertFalse( isAuthorized );
-
- // cleanup previously add karma
- restoreGuestInitialValues(USER_GUEST);
-
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasReadAccess()
- throws Exception
- {
- assignRepositoryObserverRole( USER_GUEST, "corporate" );
-
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );
-
- assertTrue( isAuthorized );
-
- // cleanup previously add karma
- restoreGuestInitialValues(USER_GUEST);
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasNoReadAccess()
- throws Exception
- {
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_READ_REPOSITORY );
-
- assertFalse( isAuthorized );
- }
-
- }
|