1   package org.apache.turbine.services.security;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import java.util.List;
20  
21  import junit.framework.Test;
22  import junit.framework.TestSuite;
23  
24  import org.apache.turbine.Turbine;
25  import org.apache.turbine.om.security.User;
26  import org.apache.turbine.services.security.torque.TorqueGroup;
27  import org.apache.turbine.services.security.torque.TorquePermission;
28  import org.apache.turbine.services.security.torque.TorqueRole;
29  import org.apache.turbine.services.security.torque.TorqueUser;
30  import org.apache.turbine.test.BaseTurbineTest;
31  import org.apache.turbine.test.HsqlDB;
32  import org.apache.turbine.util.security.GroupSet;
33  import org.apache.turbine.util.security.PasswordMismatchException;
34  import org.apache.turbine.util.security.PermissionSet;
35  import org.apache.turbine.util.security.RoleSet;
36  import org.apache.turbine.util.security.TurbineAccessControlList;
37  import org.apache.turbine.util.security.UnknownEntityException;
38  
39  public class TestSecurity
40          extends BaseTurbineTest
41  {
42      private HsqlDB hsqlDB = null;
43  
44      public TestSecurity(String name)
45              throws Exception
46      {
47          super(name, "conf/test/TurbineResources.properties");
48          hsqlDB = new HsqlDB("jdbc:hsqldb:.", Turbine.getRealPath("conf/test/create-db.sql"));
49      }
50  
51      public static Test suite()
52      {
53          return new TestSuite(TestSecurity.class);
54      }
55  
56      private void checkUserList()
57              throws Exception
58      {
59          SecurityService ss = TurbineSecurity.getService();
60          assertEquals("User added to storage!", ss.getUserList(new org.apache.torque.util.Criteria()).size(), 2);
61      }
62  
63      public void testInit()
64      {
65          SecurityService ss = TurbineSecurity.getService();
66          assertTrue("Service failed to initialize", ss.getInit());
67      }
68  
69      // Make sure that our database contains what we need
70      public void testDatabase()
71      	throws Exception
72      {
73          SecurityService ss = TurbineSecurity.getService();
74  
75          GroupSet gs = ss.getAllGroups();
76          RoleSet rs = ss.getAllRoles();
77          PermissionSet ps = ss.getAllPermissions();
78  
79          List users = ss.getUserManager().retrieveList(new org.apache.torque.util.Criteria());
80  
81          assertEquals("Group DB Wrong!", gs.size(), 2);
82          assertEquals("Role DB Wrong!", rs.size(), 2);
83          assertEquals("Permission DB Wrong!", ps.size(), 3);
84      }
85  
86      public void testClasses()
87      	throws Exception
88      {
89          SecurityService ss = TurbineSecurity.getService();
90  
91          assertEquals("Class for User Objects is wrong!",       ss.getUserClass(),       TorqueUser.class);
92          assertEquals("Class for Group Objects is wrong!",      ss.getGroupClass(),      TorqueGroup.class);
93          assertEquals("Class for Role Objects is wrong!",       ss.getRoleClass(),       TorqueRole.class);
94          assertEquals("Class for Permission Objects is wrong!", ss.getPermissionClass(), TorquePermission.class);
95  
96          assertEquals("Class for ACLs is wrong!",               ss.getAclClass(),        TurbineAccessControlList.class);
97      }
98  
99      public void testInstance()
100     	throws Exception
101     {
102         SecurityService ss = TurbineSecurity.getService();
103 
104         assertEquals("Instance for User Objects is wrong!",       ss.getUserInstance().getClass(),       TorqueUser.class);
105         assertEquals("Instance for Group Objects is wrong!",      ss.getGroupInstance().getClass(),      TorqueGroup.class);
106         assertEquals("Instance for Role Objects is wrong!",       ss.getRoleInstance().getClass(),       TorqueRole.class);
107         assertEquals("Instance for Permission Objects is wrong!", ss.getPermissionInstance().getClass(), TorquePermission.class);
108     }
109 
110     public void testUserExists()
111             throws Exception
112     {
113         SecurityService ss = TurbineSecurity.getService();
114 
115         assertTrue(ss.accountExists("admin"));
116         assertFalse(ss.accountExists("does-not-exist"));
117 
118         checkUserList();
119     }
120 
121     public void testAuthenticateUser()
122             throws Exception
123     {
124         SecurityService ss = TurbineSecurity.getService();
125 
126         User admin = ss.getAuthenticatedUser("admin", "admin");
127 
128         try
129         {
130             admin = ss.getAuthenticatedUser("admin", "no such password");
131             fail("User was authenticated with wrong password");
132         }
133         catch (Exception e)
134         {
135             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
136         }
137 
138         checkUserList();
139     }
140 
141     public void testGetUser()
142     	throws Exception
143     {
144         SecurityService ss = TurbineSecurity.getService();
145 
146         User admin = ss.getUser("admin");
147 
148         try
149         {
150             User newbie = ss.getUser("newbie");
151             fail("Non Existing User could be loaded!");
152         }
153         catch (Exception e)
154         {
155             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
156         }
157 
158         checkUserList();
159     }
160 
161     public void testUserLists()
162             throws Exception
163     {
164         SecurityService ss = TurbineSecurity.getService();
165 
166         User [] users = ss.getUsers(new org.apache.torque.util.Criteria());
167         assertNotNull(users);
168         assertEquals("Wrong number of users retrieved!", users.length, 2);
169 
170 
171         List userList = ss.getUserList(new org.apache.torque.util.Criteria());
172         assertNotNull(userList);
173         assertEquals("Wrong number of users retrieved!", userList.size(), 2);
174 
175         assertEquals("Array and List have different sizes!", users.length, userList.size());
176 
177         checkUserList();
178     }
179 
180     public void testAnonymousUser()
181             throws Exception
182     {
183         SecurityService ss = TurbineSecurity.getService();
184 
185         User user = ss.getAnonymousUser();
186 
187         assertNotNull(user);
188 
189         assertTrue(ss.isAnonymousUser(user));
190 
191         user = ss.getUser("admin");
192         assertNotNull(user);
193 
194         assertFalse(ss.isAnonymousUser(user));
195     }
196 
197     public void testSaveUser()
198     	throws Exception
199     {
200         SecurityService ss = TurbineSecurity.getService();
201 
202         User admin = ss.getUser("admin");
203 
204         ss.saveUser(admin);
205 
206         try
207         {
208             User newbie = TurbineSecurity.getUserInstance();
209             newbie.setName("newbie");
210 
211             ss.saveUser(newbie);
212             fail("Non Existing User could be stored!");
213         }
214         catch (Exception e)
215         {
216             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
217         }
218 
219         checkUserList();
220     }
221 
222     public void testChangePassword()
223     	throws Exception
224     {
225         SecurityService ss = TurbineSecurity.getService();
226 
227         User admin = ss.getUser("admin");
228         assertNotNull(admin);
229 
230         ss.changePassword(admin, admin.getPassword(), "foobar");
231 
232         User admin2 = ss.getUser("admin");
233         assertEquals("Password was not changed!", "foobar", admin2.getPassword());
234 
235         try
236         {
237             admin = ss.getUser("admin");
238             ss.changePassword(admin, "admin", "foobar");
239             fail("Password could be changed without old password!");
240         }
241         catch (Exception e)
242         {
243             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
244         }
245 
246         admin2 = ss.getUser("admin");
247         assertEquals("Password was changed!", "foobar", admin2.getPassword());
248 
249         checkUserList();
250     }
251 
252     public void testForcePassword()
253     	throws Exception
254     {
255         SecurityService ss = TurbineSecurity.getService();
256 
257         User admin = ss.getUser("admin");
258         assertNotNull(admin);
259 
260         ss.forcePassword(admin, "barbaz");
261 
262         User admin2 = ss.getUser("admin");
263         assertEquals("Password was not changed!", "barbaz", admin2.getPassword());
264 
265         ss.forcePassword(admin, "admin");
266 
267         admin2 = ss.getUser("admin");
268         assertEquals("Password was not reset!", "admin", admin2.getPassword());
269 
270 
271         checkUserList();
272     }
273 }
274