1 package org.apache.turbine.services.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import java.util.List;
20
21 import junit.framework.Test;
22 import junit.framework.TestSuite;
23
24 import org.apache.turbine.Turbine;
25 import org.apache.turbine.om.security.User;
26 import org.apache.turbine.services.security.torque.TorqueGroup;
27 import org.apache.turbine.services.security.torque.TorquePermission;
28 import org.apache.turbine.services.security.torque.TorqueRole;
29 import org.apache.turbine.services.security.torque.TorqueUser;
30 import org.apache.turbine.test.BaseTurbineTest;
31 import org.apache.turbine.test.HsqlDB;
32 import org.apache.turbine.util.security.GroupSet;
33 import org.apache.turbine.util.security.PasswordMismatchException;
34 import org.apache.turbine.util.security.PermissionSet;
35 import org.apache.turbine.util.security.RoleSet;
36 import org.apache.turbine.util.security.TurbineAccessControlList;
37 import org.apache.turbine.util.security.UnknownEntityException;
38
39 public class TestSecurity
40 extends BaseTurbineTest
41 {
42 private HsqlDB hsqlDB = null;
43
44 public TestSecurity(String name)
45 throws Exception
46 {
47 super(name, "conf/test/TurbineResources.properties");
48 hsqlDB = new HsqlDB("jdbc:hsqldb:.", Turbine.getRealPath("conf/test/create-db.sql"));
49 }
50
51 public static Test suite()
52 {
53 return new TestSuite(TestSecurity.class);
54 }
55
56 private void checkUserList()
57 throws Exception
58 {
59 SecurityService ss = TurbineSecurity.getService();
60 assertEquals("User added to storage!", ss.getUserList(new org.apache.torque.util.Criteria()).size(), 2);
61 }
62
63 public void testInit()
64 {
65 SecurityService ss = TurbineSecurity.getService();
66 assertTrue("Service failed to initialize", ss.getInit());
67 }
68
69
70 public void testDatabase()
71 throws Exception
72 {
73 SecurityService ss = TurbineSecurity.getService();
74
75 GroupSet gs = ss.getAllGroups();
76 RoleSet rs = ss.getAllRoles();
77 PermissionSet ps = ss.getAllPermissions();
78
79 List users = ss.getUserManager().retrieveList(new org.apache.torque.util.Criteria());
80
81 assertEquals("Group DB Wrong!", gs.size(), 2);
82 assertEquals("Role DB Wrong!", rs.size(), 2);
83 assertEquals("Permission DB Wrong!", ps.size(), 3);
84 }
85
86 public void testClasses()
87 throws Exception
88 {
89 SecurityService ss = TurbineSecurity.getService();
90
91 assertEquals("Class for User Objects is wrong!", ss.getUserClass(), TorqueUser.class);
92 assertEquals("Class for Group Objects is wrong!", ss.getGroupClass(), TorqueGroup.class);
93 assertEquals("Class for Role Objects is wrong!", ss.getRoleClass(), TorqueRole.class);
94 assertEquals("Class for Permission Objects is wrong!", ss.getPermissionClass(), TorquePermission.class);
95
96 assertEquals("Class for ACLs is wrong!", ss.getAclClass(), TurbineAccessControlList.class);
97 }
98
99 public void testInstance()
100 throws Exception
101 {
102 SecurityService ss = TurbineSecurity.getService();
103
104 assertEquals("Instance for User Objects is wrong!", ss.getUserInstance().getClass(), TorqueUser.class);
105 assertEquals("Instance for Group Objects is wrong!", ss.getGroupInstance().getClass(), TorqueGroup.class);
106 assertEquals("Instance for Role Objects is wrong!", ss.getRoleInstance().getClass(), TorqueRole.class);
107 assertEquals("Instance for Permission Objects is wrong!", ss.getPermissionInstance().getClass(), TorquePermission.class);
108 }
109
110 public void testUserExists()
111 throws Exception
112 {
113 SecurityService ss = TurbineSecurity.getService();
114
115 assertTrue(ss.accountExists("admin"));
116 assertFalse(ss.accountExists("does-not-exist"));
117
118 checkUserList();
119 }
120
121 public void testAuthenticateUser()
122 throws Exception
123 {
124 SecurityService ss = TurbineSecurity.getService();
125
126 User admin = ss.getAuthenticatedUser("admin", "admin");
127
128 try
129 {
130 admin = ss.getAuthenticatedUser("admin", "no such password");
131 fail("User was authenticated with wrong password");
132 }
133 catch (Exception e)
134 {
135 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
136 }
137
138 checkUserList();
139 }
140
141 public void testGetUser()
142 throws Exception
143 {
144 SecurityService ss = TurbineSecurity.getService();
145
146 User admin = ss.getUser("admin");
147
148 try
149 {
150 User newbie = ss.getUser("newbie");
151 fail("Non Existing User could be loaded!");
152 }
153 catch (Exception e)
154 {
155 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
156 }
157
158 checkUserList();
159 }
160
161 public void testUserLists()
162 throws Exception
163 {
164 SecurityService ss = TurbineSecurity.getService();
165
166 User [] users = ss.getUsers(new org.apache.torque.util.Criteria());
167 assertNotNull(users);
168 assertEquals("Wrong number of users retrieved!", users.length, 2);
169
170
171 List userList = ss.getUserList(new org.apache.torque.util.Criteria());
172 assertNotNull(userList);
173 assertEquals("Wrong number of users retrieved!", userList.size(), 2);
174
175 assertEquals("Array and List have different sizes!", users.length, userList.size());
176
177 checkUserList();
178 }
179
180 public void testAnonymousUser()
181 throws Exception
182 {
183 SecurityService ss = TurbineSecurity.getService();
184
185 User user = ss.getAnonymousUser();
186
187 assertNotNull(user);
188
189 assertTrue(ss.isAnonymousUser(user));
190
191 user = ss.getUser("admin");
192 assertNotNull(user);
193
194 assertFalse(ss.isAnonymousUser(user));
195 }
196
197 public void testSaveUser()
198 throws Exception
199 {
200 SecurityService ss = TurbineSecurity.getService();
201
202 User admin = ss.getUser("admin");
203
204 ss.saveUser(admin);
205
206 try
207 {
208 User newbie = TurbineSecurity.getUserInstance();
209 newbie.setName("newbie");
210
211 ss.saveUser(newbie);
212 fail("Non Existing User could be stored!");
213 }
214 catch (Exception e)
215 {
216 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
217 }
218
219 checkUserList();
220 }
221
222 public void testChangePassword()
223 throws Exception
224 {
225 SecurityService ss = TurbineSecurity.getService();
226
227 User admin = ss.getUser("admin");
228 assertNotNull(admin);
229
230 ss.changePassword(admin, admin.getPassword(), "foobar");
231
232 User admin2 = ss.getUser("admin");
233 assertEquals("Password was not changed!", "foobar", admin2.getPassword());
234
235 try
236 {
237 admin = ss.getUser("admin");
238 ss.changePassword(admin, "admin", "foobar");
239 fail("Password could be changed without old password!");
240 }
241 catch (Exception e)
242 {
243 assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
244 }
245
246 admin2 = ss.getUser("admin");
247 assertEquals("Password was changed!", "foobar", admin2.getPassword());
248
249 checkUserList();
250 }
251
252 public void testForcePassword()
253 throws Exception
254 {
255 SecurityService ss = TurbineSecurity.getService();
256
257 User admin = ss.getUser("admin");
258 assertNotNull(admin);
259
260 ss.forcePassword(admin, "barbaz");
261
262 User admin2 = ss.getUser("admin");
263 assertEquals("Password was not changed!", "barbaz", admin2.getPassword());
264
265 ss.forcePassword(admin, "admin");
266
267 admin2 = ss.getUser("admin");
268 assertEquals("Password was not reset!", "admin", admin2.getPassword());
269
270
271 checkUserList();
272 }
273 }
274