📄 authorizationmanagertest.java
字号:
} assertEquals( Role.AUTHENTICATED, m_auth.resolvePrincipal( "Authenticated" ) ); } public void testResolveUsers() throws WikiException { // We should be able to resolve a user by login, user, or wiki name UserProfile profile = m_engine.getUserManager().getUserDatabase().newProfile(); profile.setEmail( "authmanagertest@tester.net" ); profile.setFullname( "AuthorizationManagerTest User" ); profile.setLoginName( "authmanagertest" ); try { m_engine.getUserManager().getUserDatabase().save( profile ); } catch( WikiSecurityException e ) { fail( "Failed save: " + e.getLocalizedMessage() ); } assertEquals( new WikiPrincipal( "authmanagertest", WikiPrincipal.LOGIN_NAME ), m_auth.resolvePrincipal( "authmanagertest" ) ); assertEquals( new WikiPrincipal( "AuthorizationManagerTest User", WikiPrincipal.FULL_NAME ), m_auth.resolvePrincipal( "AuthorizationManagerTest User" ) ); assertEquals( new WikiPrincipal( "AuthorizationManagerTestUser", WikiPrincipal.WIKI_NAME ), m_auth.resolvePrincipal( "AuthorizationManagerTestUser" ) ); try { m_engine.getUserManager().getUserDatabase().deleteByLoginName( "authmanagertest" ); } catch( WikiSecurityException e ) { fail( "Failed delete: " + e.getLocalizedMessage() ); } // A wiki group should resolve to itself Group group1 = m_groupMgr.parseGroup( "SampleGroup", "", true ); m_groupMgr.setGroup( m_session, group1 ); assertEquals( group1.getPrincipal(), m_auth.resolvePrincipal( "SampleGroup" ) ); m_groupMgr.removeGroup( "SampleGroup" ); // A built-in role should resolve to itself assertEquals( Role.AUTHENTICATED, m_auth.resolvePrincipal( "Authenticated" ) ); // We shouldn't be able to spoof a built-in role assertNotSame( new WikiPrincipal( "Authenticated" ), m_auth.resolvePrincipal( "Authenticated" ) ); // An unknown user should resolve to a generic UnresolvedPrincipal Principal principal = new UnresolvedPrincipal( "Bart Simpson" ); assertEquals( principal, m_auth.resolvePrincipal( "Bart Simpson" ) ); } public void testRoleAcl() throws Exception { // Create test page & attachment String src = "[{ALLOW edit Authenticated}] "; m_engine.saveText( "Test", src ); WikiPage p = m_engine.getPage( "Test" ); Permission view = PermissionFactory.getPagePermission( p, "view" ); Permission edit = PermissionFactory.getPagePermission( p, "edit" ); // Create session with authenticated user 'Alice', who can read & edit WikiSession session; session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS ); assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) ); assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) ); // Create session with asserted user 'Bob', who can't read or edit (not in ACL) session = WikiSessionTest.assertedSession( m_engine, Users.BOB ); assertFalse( "Bob !view Test", m_auth.checkPermission( session, view ) ); assertFalse( "Bob !edit Test", m_auth.checkPermission( session, edit ) ); // Cleanup try { m_engine.deletePage( "Test" ); } catch( ProviderException e ) { assertTrue( false ); } } public void testStaticPermission() throws Exception { WikiSession s = WikiSessionTest.anonymousSession( m_engine ); assertTrue( "Anonymous view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertTrue( "Anonymous edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertTrue( "Anonymous comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertFalse( "Anonymous modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertFalse( "Anonymous upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Anonymous rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertFalse( "Anonymous delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertTrue( "Anonymous prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertTrue( "Anonymous profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertTrue( "Anonymous pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Anonymous groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.assertedSession( m_engine, "Jack Sparrow" ); assertTrue( "Asserted view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertTrue( "Asserted edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertTrue( "Asserted comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertFalse( "Asserted modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertFalse( "Asserted upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Asserted rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertFalse( "Asserted delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertTrue( "Asserted prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertTrue( "Asserted profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertTrue( "Asserted pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Asserted groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.authenticatedSession( m_engine, Users.JANNE, Users.JANNE_PASS ); assertTrue( "Authenticated view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertTrue( "Authenticated edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertTrue( "Authenticated comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertTrue( "Authenticated modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertTrue( "Authenticated upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertTrue( "Authenticated rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertFalse( "Authenticated delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertTrue( "Authenticated prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertTrue( "Authenticated profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertTrue( "Authenticated pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertTrue( "Authenticated groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.adminSession( m_engine ); assertTrue( "Admin view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertTrue( "Admin edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertTrue( "Admin comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertTrue( "Admin modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertTrue( "Admin upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertTrue( "Admin rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); // Even though we grant AllPermission in the policy, 'delete' isn't explicit so the check // for delete privileges will fail (but it will succeed if requested via the checkPermission()) assertFalse( "Admin delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertTrue( "Admin prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertTrue( "Admin profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertTrue( "Admin pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertTrue( "Admin groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); } public void testAdminView() throws Exception { m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" ); Principal admin = new GroupPrincipal( "Admin" ); WikiSession session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { admin } ); assertTrue( "Alice has AllPermission", m_auth.checkPermission( session, new AllPermission( m_engine.getApplicationName() ))); assertTrue( "Alice cannot read", m_auth.checkPermission( session, new PagePermission("TestDefaultPage","view") ) ); } public void testAdminView2() throws Exception { m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" ); WikiSession session = WikiSessionTest.adminSession(m_engine); assertTrue( "Alice has AllPermission", m_auth.checkPermission( session, new AllPermission( m_engine.getApplicationName() ))); assertTrue( "Alice cannot read", m_auth.checkPermission( session, new PagePermission("TestDefaultPage","view") ) ); } public void testUserPolicy() throws Exception { Properties props = new Properties(); props.load( TestEngine.findTestProperties() ); // Make sure we are using the default security policy file jspwiki.policy props.put( AuthorizationManager.POLICY, "jspwiki-testUserPolicy.policy" ); // Initialize the test engine m_engine = new TestEngine( props ); m_auth = m_engine.getAuthorizationManager(); m_groupMgr = m_engine.getGroupManager(); m_session = WikiSessionTest.adminSession( m_engine ); WikiSession s = WikiSessionTest.anonymousSession( m_engine ); assertFalse( "Anonymous view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertFalse( "Anonymous edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertFalse( "Anonymous comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertFalse( "Anonymous modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertFalse( "Anonymous upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Anonymous rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertFalse( "Anonymous delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertFalse( "Anonymous prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertFalse( "Anonymous profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertFalse( "Anonymous pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Anonymous groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.assertedSession( m_engine, "Jack Sparrow" ); assertFalse( "Asserted view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertFalse( "Asserted edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertFalse( "Asserted comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertFalse( "Asserted modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertFalse( "Asserted upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Asserted rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertFalse( "Asserted delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertFalse( "Asserted prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertFalse( "Asserted profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertFalse( "Asserted pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Asserted groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS ); assertTrue( "Bob view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertTrue( "Bob edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertTrue( "Bob comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertTrue( "Bob modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertTrue( "Bob upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Bob rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertTrue( "Bob delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertFalse( "Bob prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertFalse( "Bob profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertFalse( "Bob pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Bob groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.authenticatedSession( m_engine, Users.JANNE, Users.JANNE_PASS ); assertTrue( "Janne view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertTrue( "Janne edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertTrue( "Janne comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertTrue( "Janne modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertTrue( "Janne upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Janne rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertTrue( "Janne delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertFalse( "Janne prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertFalse( "Janne profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertFalse( "Janne pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Janne groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); s = WikiSessionTest.adminSession( m_engine ); assertTrue( "Admin view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) ); assertFalse( "Admin edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) ); assertFalse( "Admin comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) ); assertFalse( "Admin modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) ); assertFalse( "Admin upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) ); assertFalse( "Admin rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) ); assertFalse( "Admin delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) ); assertFalse( "Admin prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) ); assertFalse( "Admin profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) ); assertFalse( "Admin pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) ); assertFalse( "Admin groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) ); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -