basicaclentryvotertests.java

acegi构造安全的java系统

                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                });

        // Wire up a voter
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setAclManager(aclManager);
        voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        voter.setProcessDomainObjectClass(SomeDomainObject.class);
        voter.afterPropertiesSet();

        // Wire up an invocation to be voted on
        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));

        // Setup a MockMethodInvocation, so voter can retrieve domainObject
        MethodInvocation mi = getMethodInvocation(domainObject);

        assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN,
            voter.vote(new UsernamePasswordAuthenticationToken("marissa", null), mi, attr));
    }

    public void testVoterCanDenyAccessBasedOnInternalMethodOfDomainObject()
        throws Exception {
        // Setup a domain object subject of this test
        SomeDomainObject domainObject = new SomeDomainObject("foo");

        // Setup an AclManager
        AclManager aclManager = new MockAclManager(domainObject.getParent(), "marissa",
                new AclEntry[] {
                    new MockAclEntry(),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                });

        // Wire up a voter
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setAclManager(aclManager);
        voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        voter.setProcessDomainObjectClass(SomeDomainObject.class);
        voter.setInternalMethod("getParent");
        voter.afterPropertiesSet();

        // Wire up an invocation to be voted on
        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));

        // Setup a MockMethodInvocation, so voter can retrieve domainObject
        MethodInvocation mi = getMethodInvocation(domainObject);

        assertEquals(AccessDecisionVoter.ACCESS_DENIED,
            voter.vote(new UsernamePasswordAuthenticationToken("marissa", null), mi, attr));
    }

    public void testVoterCanDenyAccessIfPrincipalHasNoPermissionsAtAllToDomainObject()
        throws Exception {
        // Setup a domain object subject of this test
        SomeDomainObject domainObject = new SomeDomainObject("foo");

        // Setup an AclManager
        AclManager aclManager = new MockAclManager(domainObject, "marissa",
                new AclEntry[] {
                    new MockAclEntry(),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                });

        // Wire up a voter
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setAclManager(aclManager);
        voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        voter.setProcessDomainObjectClass(SomeDomainObject.class);
        voter.setInternalMethod("getParent");
        voter.afterPropertiesSet();

        // Wire up an invocation to be voted on
        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));

        // Setup a MockMethodInvocation, so voter can retrieve domainObject
        MethodInvocation mi = getMethodInvocation(domainObject);

        // NB: scott is the principal, not marissa
        assertEquals(AccessDecisionVoter.ACCESS_DENIED,
            voter.vote(new UsernamePasswordAuthenticationToken("scott", null), mi, attr));
    }

    public void testVoterCanGrantAccessBasedOnInternalMethodOfDomainObject()
        throws Exception {
        // Setup a domain object subject of this test
        SomeDomainObject domainObject = new SomeDomainObject("foo");

        // Setup an AclManager
        AclManager aclManager = new MockAclManager(domainObject.getParent(), "marissa",
                new AclEntry[] {
                    new MockAclEntry(),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                });

        // Wire up a voter
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setAclManager(aclManager);
        voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        voter.setProcessDomainObjectClass(SomeDomainObject.class);
        voter.setInternalMethod("getParent");
        assertEquals("getParent", voter.getInternalMethod());
        voter.afterPropertiesSet();

        // Wire up an invocation to be voted on
        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));

        // Setup a MockMethodInvocation, so voter can retrieve domainObject
        // (well actually it will access domainObject.getParent())
        MethodInvocation mi = getMethodInvocation(domainObject);

        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
            voter.vote(new UsernamePasswordAuthenticationToken("marissa", null), mi, attr));
    }

    public void testVoterThrowsExceptionIfInvalidInternalMethodOfDomainObject()
        throws Exception {
        // Setup a domain object subject of this test
        SomeDomainObject domainObject = new SomeDomainObject("foo");

        // Setup an AclManager
        AclManager aclManager = new MockAclManager(domainObject.getParent(), "marissa",
                new AclEntry[] {
                    new MockAclEntry(),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                });

        // Wire up a voter
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setAclManager(aclManager);
        voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        voter.setProcessDomainObjectClass(SomeDomainObject.class);
        voter.setInternalMethod("getNonExistentParentName");
        voter.afterPropertiesSet();

        // Wire up an invocation to be voted on
        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));

        // Setup a MockMethodInvocation, so voter can retrieve domainObject
        // (well actually it will access domainObject.getParent())
        MethodInvocation mi = getMethodInvocation(domainObject);

        try {
            voter.vote(new UsernamePasswordAuthenticationToken("marissa", null), mi, attr);
            fail("Should have thrown AuthorizationServiceException");
        } catch (AuthorizationServiceException expected) {
            assertTrue(true);
        }
    }

    public void testVoterThrowsExceptionIfProcessDomainObjectNotFound()
        throws Exception {
        // Setup a domain object subject of this test
        SomeDomainObject domainObject = new SomeDomainObject("foo");

        // Setup an AclManager
        AclManager aclManager = new MockAclManager(domainObject.getParent(), "marissa",
                new AclEntry[] {
                    new MockAclEntry(),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
                    new SimpleAclEntry("marissa", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                });

        // Wire up a voter
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setAclManager(aclManager);
        voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        voter.setProcessDomainObjectClass(SomeDomainObject.class);
        voter.afterPropertiesSet();

        // Wire up an invocation to be voted on
        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));

        // Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
        Class clazz = String.class;
        Method method = clazz.getMethod("toString", new Class[] {});

        MethodInvocation mi = new SimpleMethodInvocation(method, new Object[] {domainObject});

        try {
            voter.vote(new UsernamePasswordAuthenticationToken("marissa", null), mi, attr);
            fail("Should have thrown AuthorizationServiceException");
        } catch (AuthorizationServiceException expected) {
            assertTrue(true);
        }
    }

    public void testSetRequirePermissionFromString() {
        assertPermission("NOTHING", SimpleAclEntry.NOTHING);
        assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION);
        assertPermission("READ", SimpleAclEntry.READ);
        assertPermission("WRITE", SimpleAclEntry.WRITE);
        assertPermission("CREATE", SimpleAclEntry.CREATE);
        assertPermission("DELETE", SimpleAclEntry.DELETE);
        assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { SimpleAclEntry.WRITE, SimpleAclEntry.CREATE });
    }

    public void testSetRequirePermissionFromStringWrongValues() {
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        try {
            voter.setRequirePermissionFromString(new String[] { "X" });
            fail(IllegalArgumentException.class.getName() + " must have been thrown.");
        } catch (IllegalArgumentException e) {
            // expected
        }
    }

    private void assertPermission(String text, int value) {
        assertPermission(new String[] { text }, new int[] { value });
    }

    private void assertPermission(String[] text, int[] value) {
        BasicAclEntryVoter voter = new BasicAclEntryVoter();
        voter.setRequirePermissionFromString(text);
        assertEquals("Test incorreclty coded", value.length, text.length);
        assertEquals(value.length, voter.getRequirePermission().length);
        for (int i = 0; i < value.length; i++) {
            assertEquals(value[i], voter.getRequirePermission()[i]);
        }
    }

    //~ Inner Classes ==================================================================================================

    private class MockAclEntry implements AclEntry {
        // just so AclTag iterates some different types of AclEntrys
    }
}