📄 authorizationmanagertest.java
字号:
assertTrue( "Alice in Bar", m_auth.hasRoleOrPrincipal( session, barGroup.getPrincipal() ) ); // Cleanup m_groupMgr.removeGroup( "Foo" ); m_groupMgr.removeGroup( "Bar" ); } public void testInheritedPermissions() throws Exception { // Create test page & attachment String src = "[{ALLOW edit Alice}] "; m_engine.saveText( "Test", src ); File f = m_engine.makeAttachmentFile(); Attachment att = new Attachment( m_engine, "Test", "test1.txt" ); att.setAuthor( "FirstPost" ); m_engine.getAttachmentManager().storeAttachment( att, f ); Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" ); Permission view = PermissionFactory.getPagePermission( p, "view" ); Permission edit = PermissionFactory.getPagePermission( p, "edit" ); // Create authenticated session with user 'Alice', who can read & edit (in ACL) WikiSession session; session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS ); assertTrue( "Alice view Test/test1.txt", m_auth.checkPermission( session, view ) ); assertTrue( "Alice edit Test/test1.txt", m_auth.checkPermission( session, edit ) ); // Create authenticated session with user 'Bob', who can't read or edit (not in ACL) session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS ); assertFalse( "Bob !view Test/test1.txt", m_auth.checkPermission( session, view ) ); assertFalse( "Bob !edit Test/test1.txt", m_auth.checkPermission( session, edit ) ); // Delete test page & attachment m_engine.getAttachmentManager().deleteAttachment( att ); m_engine.deletePage( "Test" ); } public void testInheritedAclPermissions() throws Exception { // Create test page & attachment String src = "[{ALLOW view Alice}] "; m_engine.saveText( "Test", src ); File f = m_engine.makeAttachmentFile(); Attachment att = new Attachment( m_engine, "Test", "test1.txt" ); att.setAuthor( "FirstPost" ); m_engine.getAttachmentManager().storeAttachment( att, f ); Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" ); Permission view = PermissionFactory.getPagePermission( p, "view" ); Permission edit = PermissionFactory.getPagePermission( p, "edit" ); // Create session with user 'Alice', who can read (in ACL) WikiSession session; session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS ); assertTrue( "Foo view Test", m_auth.checkPermission( session, view ) ); assertFalse( "Foo !edit Test", m_auth.checkPermission( session, edit ) ); // Create session with user 'Bob', who can't read or edit (not in ACL) session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS ); assertFalse( "Bar !view Test", m_auth.checkPermission( session, view ) ); assertFalse( "Bar !edit Test", m_auth.checkPermission( session, view ) ); // Delete test page & attachment m_engine.getAttachmentManager().deleteAttachment( att ); m_engine.deletePage( "Test" ); } public void testHasRoleOrPrincipal() throws Exception { // Create new user Alice and 2 sample roles Principal alice = new WikiPrincipal( Users.ALICE ); Role it = new Role( "IT" ); Role finance = new Role( "Finance" ); // Create Group1 with Alice in it, Group2 without WikiSession session = WikiSessionTest.adminSession( m_engine ); Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true ); m_groupMgr.setGroup( session, g1 ); Principal group1 = g1.getPrincipal(); Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true ); m_groupMgr.setGroup( session, g2 ); Principal group2 = g2.getPrincipal(); // Create anonymous session; not in ANY custom roles or groups session = WikiSessionTest.anonymousSession( m_engine ); assertTrue ( "Anon anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) ); assertFalse( "Anon not asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) ); assertFalse( "Anon not authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) ); assertFalse( "Alice not in Anon", m_auth.hasRoleOrPrincipal( session, alice ) ); assertFalse( "Anon not in IT", m_auth.hasRoleOrPrincipal( session, it ) ); assertFalse( "Anon not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) ); assertFalse( "Anon not in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) ); assertFalse( "Anon not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) ); // Create asserted session with 1 GroupPrincipal & 1 custom Role // Alice is asserted, and thus not in ANY custom roles or groups session = WikiSessionTest.assertedSession( m_engine, Users.ALICE, new Principal[] { it } ); assertFalse( "Alice not anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) ); assertTrue ( "Alice asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) ); assertFalse( "Alice not authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) ); assertFalse( "Alice not in Alice", m_auth.hasRoleOrPrincipal( session, alice ) ); assertFalse( "Alice not in IT", m_auth.hasRoleOrPrincipal( session, it ) ); assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) ); assertFalse( "Alice not in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) ); assertFalse( "Alice not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) ); // Create authenticated session with 1 GroupPrincipal & 1 custom Role // Alice is authenticated, and thus part of custom roles and groups session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { it } ); assertFalse( "Alice not anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) ); assertFalse( "Alice not asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) ); assertTrue ( "Alice authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) ); assertTrue ( "Alice in Ernie", m_auth.hasRoleOrPrincipal( session, alice ) ); assertTrue ( "Alice in IT", m_auth.hasRoleOrPrincipal( session, it ) ); assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) ); assertTrue ( "Alice in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) ); assertFalse( "Alice not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) ); // Clean up m_groupMgr.removeGroup( "Group1" ); m_groupMgr.removeGroup( "Group2" ); } public void testIsUserInRole() throws Exception { // Create new user Alice and 2 sample roles Principal alice = new WikiPrincipal( Users.ALICE ); Role it = new Role( "IT" ); Role finance = new Role( "Finance" ); // Create Group1 with Alice in it, Group2 without WikiSession session = WikiSessionTest.adminSession( m_engine ); Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true ); m_groupMgr.setGroup( session, g1 ); Principal group1 = g1.getPrincipal(); Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true ); m_groupMgr.setGroup( session, g2 ); Principal group2 = g2.getPrincipal(); // Create anonymous session; not in ANY custom roles or groups session = WikiSessionTest.anonymousSession( m_engine ); assertTrue ( "Anon anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) ); assertFalse( "Anon not asserted", m_auth.isUserInRole( session, Role.ASSERTED ) ); assertFalse( "Anon not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) ); assertFalse( "Anon not in Ernie", m_auth.isUserInRole( session, alice ) ); assertFalse( "Anon not in IT", m_auth.isUserInRole( session, it ) ); assertFalse( "Anon not in Finance", m_auth.isUserInRole( session, finance ) ); assertFalse( "Anon not in Group1", m_auth.isUserInRole( session, group1 ) ); assertFalse( "Anon not in Group2", m_auth.isUserInRole( session, group2 ) ); // Create asserted session with 1 GroupPrincipal & 1 custom Role // Alice is asserted, and thus not in ANY custom roles or groups session = WikiSessionTest.assertedSession( m_engine, Users.ALICE, new Principal[] { it } ); assertFalse( "Alice not anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) ); assertTrue ( "Alice asserted", m_auth.isUserInRole( session, Role.ASSERTED ) ); assertFalse( "Alice not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) ); assertFalse( "Alice not in Alice", m_auth.isUserInRole( session, alice ) ); assertFalse( "Alice not in IT", m_auth.isUserInRole( session, it ) ); assertFalse( "Alice not in Finance", m_auth.isUserInRole( session, finance ) ); assertFalse( "Alice not in Group1", m_auth.isUserInRole( session, group1 ) ); assertFalse( "Alice not in Group2", m_auth.isUserInRole( session, group2 ) ); // Create authenticated session with 1 GroupPrincipal & 1 custom Role // Ernie is authenticated, and thus part of custom roles and groups session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { it } ); assertFalse( "Alice not anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) ); assertFalse( "Alice not asserted", m_auth.isUserInRole( session, Role.ASSERTED ) ); assertTrue ( "Alice not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) ); assertFalse( "Alice not in Alice", m_auth.isUserInRole( session, alice ) ); assertTrue ( "Alice in IT", m_auth.isUserInRole( session, it ) ); assertFalse( "Alice not in Finance", m_auth.isUserInRole( session, finance ) ); assertTrue ( "Alice in Group1", m_auth.isUserInRole( session, group1 ) ); assertFalse( "Alice not in Group2", m_auth.isUserInRole( session, group2 ) ); // Clean up m_groupMgr.removeGroup( "Group1" ); m_groupMgr.removeGroup( "Group2" ); } public void testPrincipalAcl() throws Exception { // Create test page & attachment String src = "[{ALLOW edit Alice}] "; m_engine.saveText( "Test", src ); WikiPage p = m_engine.getPage( "Test" ); Permission view = PermissionFactory.getPagePermission( p, "view" ); Permission edit = PermissionFactory.getPagePermission( p, "edit" ); // Create session with authenticated user 'Alice', who can read & edit (in ACL) WikiSession session; session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS ); assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) ); assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) ); // Create session with authenticated user 'Bob', who can't read or edit (not in ACL) session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS ); assertFalse( "Bob !view Test", m_auth.checkPermission( session, view ) ); assertFalse( "Bob !edit Test", m_auth.checkPermission( session, edit ) ); // Cleanup try { m_engine.deletePage( "Test" ); } catch( ProviderException e ) { fail( "Could not delete page" ); } } /** * Any principal strings that have same names as built-in roles should * resolve as built-in roles! */ public void testResolveBuiltInRoles() { Principal principal = Role.AUTHENTICATED; assertEquals( principal, m_auth.resolvePrincipal( "Authenticated" ) ); principal = Role.ASSERTED; assertEquals( principal, m_auth.resolvePrincipal( "Asserted" ) ); principal = Role.ALL; assertEquals( principal, m_auth.resolvePrincipal( "All" ) ); principal = Role.ANONYMOUS; assertEquals( principal, m_auth.resolvePrincipal( "Anonymous" ) ); // This should not resolve because there's no built-in role Admin principal = new WikiPrincipal( "Admin" ); assertFalse( principal.equals( m_auth.resolvePrincipal( "Admin" ) ) ); } public void testResolveGroups() throws WikiException { Group group1 = m_groupMgr.parseGroup( "SampleGroup", "", true ); m_groupMgr.setGroup( m_session, group1 ); assertEquals( group1.getPrincipal(), m_auth.resolvePrincipal( "SampleGroup" ) ); m_groupMgr.removeGroup( "SampleGroup" ); // We shouldn't be able to spoof a built-in role try { Group group2 = m_groupMgr.parseGroup( "Authenticated", "", true ); assertNotSame( group2.getPrincipal(), m_auth.resolvePrincipal( "Authenticated" ) ); } catch ( WikiSecurityException e ) { assertTrue ( "Authenticated not allowed as group name.", true );⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -