[jboss-cvs] JBossAS SVN: r63126 - projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authorization.

Thu May 17 16:24:01 EDT 2007

Author: anil.saldhana at jboss.com
Date: 2007-05-17 16:24:01 -0400 (Thu, 17 May 2007)
New Revision: 63126

Added:
   projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
Log:
authorizationmgr test

Added: projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java
===================================================================

--- projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authorization/JBossAuthorizationManagerUnitTestCase.java	2007-05-17 20:24:01 UTC (rev 63126)
@@ -0,0 +1,116 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.test.authorization;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.HashMap;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.jacc.SubjectPolicyContextHandler;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.plugins.SecurityContextFactory;
+import org.jboss.test.authorization.xacml.TestHttpServletRequest;
+
+import junit.framework.TestCase;
+
+//$Id$
+
+/**
+ *  Unit test the JBossAuthorizationManager
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  May 17, 2007 
+ *  @version $Revision$
+ */
+public class JBossAuthorizationManagerUnitTestCase extends TestCase
+{
+   private Principal p = new SimplePrincipal("jduke");
+   private String contextID = "web.jar";
+   private String uri = "/xacml-subjectrole/test";
+   
+   protected void setUp() throws Exception
+   { 
+      super.setUp();
+      setSecurityContext();
+      setUpPolicyContext();
+      setSecurityConfiguration();
+   }
+   
+   public void testAuthorization() throws Exception
+   {
+      HashMap cmap = new HashMap();
+      cmap.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p,"test", "get"));
+      WebResource wr = new WebResource(cmap);
+      AuthorizationManager am = new JBossAuthorizationManager("other");
+      am.authorize(wr);//This should just pass as the default module PERMITS all
+   }
+   
+   private Group getRoleGroup()
+   {
+      Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+      gp.addMember(new SimplePrincipal("ServletUserRole"));
+      return gp;
+   }
+   
+   private void setSecurityContext()
+   { 
+      Subject subj = new Subject();
+      subj.getPrincipals().add(p);
+      SecurityContext sc = SecurityContextFactory.createSecurityContext("other");
+      sc.getUtil().createSubjectInfo(p, "cred", subj);
+      sc.getUtil().setRoles(getRoleGroup());
+      SecurityContextAssociation.setSecurityContext(sc);
+   }
+   
+   private void setUpPolicyContext() throws Exception
+   {
+      PolicyContext.setContextID(contextID);
+      PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY, 
+            new SubjectPolicyContextHandler(), true);
+   }
+   
+   private void setSecurityConfiguration() throws Exception
+   {
+      String name = "org.jboss.security.authorization.modules.web.WebAuthorizationModule";
+      ApplicationPolicy ap = new ApplicationPolicy("other");
+      AuthorizationInfo ai = new AuthorizationInfo("other");
+      AuthorizationModuleEntry ame = new AuthorizationModuleEntry(name);
+      ai.add(ame);
+      ap.setAuthorizationInfo(ai);
+      SecurityConfiguration.addApplicationPolicy(ap); 
+   } 
+
+}


