Author: sohil.shah(a)jboss.com Date: 2009-02-14 13:00:24 -0500 (Sat, 14 Feb 2009) New Revision: 12821 Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java Modified: modules/authorization/trunk/http-profile/pom.xml Log: testing the Request Parameter Matching Rule for the Http Profile Modified: modules/authorization/trunk/http-profile/pom.xml =================================================================== --- modules/authorization/trunk/http-profile/pom.xml 2009-02-14 17:04:26 UTC (rev 12820) +++ modules/authorization/trunk/http-profile/pom.xml 2009-02-14 18:00:24 UTC (rev 12821) @@ -64,7 +64,7 @@ <version>2.3.1</version> <configuration> <includes> - <include>**/TestURLPattern.java</include> + <include>**/TestParameterMatching.java</include> </includes> </configuration> </plugin> Added: modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java =================================================================== --- modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java (rev 0) +++ modules/authorization/trunk/http-profile/src/test/java/org/jboss/security/authz/http/components/TestParameterMatching.java 2009-02-14 18:00:24 UTC (rev 12821) @@ -0,0 +1,178 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.jboss.security.authz.http.components; + +import java.net.URI; + +import org.apache.log4j.Logger; +import org.jboss.security.authz.components.action.Read; +import org.jboss.security.authz.components.resource.HttpResource; +import org.jboss.security.authz.components.subject.Roles; +import org.jboss.security.authz.enforcement.Request; +import org.jboss.security.authz.enforcement.Response; + +import org.jboss.security.authz.model.Policy; +import org.jboss.security.authz.policy.server.PolicyServer; +import org.jboss.security.authz.policy.server.Server; + +import junit.framework.TestCase; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class TestParameterMatching extends TestCase +{ + private static Logger log = Logger.getLogger(TestParameterMatching.class); + + private PolicyServer policyServer; + + public void setUp() throws Exception + { + Server.bootstrap(); + this.policyServer = (PolicyServer)Server.lookup("/policy-server/PolicyServer"); + } + + public void testMatchContextSuperset() throws Exception + { + //SetUp HttpResource component to generate/store a policy + HttpResource policyResource = new HttpResource(); + policyResource.setUri(new URI("/prefix/url/*")); + policyResource.addAllowed("Admin"); + policyResource.addParameter("p1", "p1Val"); + policyResource.addParameter("p2", "p2Val"); + + //Store the policy into the Policy Server + this.policyServer.newPolicy(policyResource.getPolicyMetaData()); + + //Assert Policy State of the Server + Policy[] policies = this.policyServer.readAllPolicies(); + + assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1)); + log.info("------------------------------------------------------------------------------"); + log.info(policies[0].generateXACMLPolicy()); + + //SetUp a Contextual HttpResource component representing an incoming request that needs authorization + //where access should be granted + HttpResource permit = new HttpResource(); + permit.setUri(new URI("/prefix/url/index.html")); + for(int i=0; i<5; i++) + { + String name = "p"+i; + String value = name + "Val"; + permit.addParameter(name, value); + } + + //SetUp a Contextual HttpResource component representing an incoming request that needs authorization + //where access should not be granted + HttpResource deny = new HttpResource(); + deny.setUri(new URI("/prefix/url/index.html")); + for(int i=0; i<5; i++) + { + String name = "p"+i; + String value = name + "Blah"; + deny.addParameter(name, value); + } + + //Access Granted Enforcement + this.enforce(this.createRequest(permit), true); + + //Access Denied Enforcement + this.enforce(this.createRequest(deny), false); + } + + public void testMatchContextSubset() throws Exception + { + //SetUp HttpResource component to generate/store a policy + HttpResource policyResource = new HttpResource(); + policyResource.setUri(new URI("/prefix/url/*")); + policyResource.addAllowed("Admin"); + for(int i=0; i<5; i++) + { + String name = "p"+i; + String value = name + "Val"; + policyResource.addParameter(name, value); + } + + //Store the policy into the Policy Server + this.policyServer.newPolicy(policyResource.getPolicyMetaData()); + + //Assert Policy State of the Server + Policy[] policies = this.policyServer.readAllPolicies(); + + assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1)); + log.info("------------------------------------------------------------------------------"); + log.info(policies[0].generateXACMLPolicy()); + + //SetUp a Contextual HttpResource component representing an incoming request that needs authorization + //where access should not be granted + HttpResource deny = new HttpResource(); + deny.setUri(new URI("/prefix/url/index.html")); + for(int i=0; i<3; i++) + { + String name = "p"+i; + String value = name + "Val"; + deny.addParameter(name, value); + } + + //Access Denied Enforcement......In fact in the case where the Context carries a Subset of the parameters expected by the policy + //It will always result in a Deny since it will never fulfill the match expected by the policy + this.enforce(this.createRequest(deny), false); + } + //----------------------------------------------------------------------------------------------------------------------------------------------------- + private void enforce(Request request, boolean mustBePermitted) throws Exception + { + + Response response = this.policyServer.evaluate(request); + + assertNotNull(response); + log.info("-----------------------------------"); + log.info("Decision="+response.getMessage()); + + if(mustBePermitted) + { + assertTrue("Access must be granted!!!", response.isAccessGranted()); + } + else + { + assertFalse("Access must be denied!!!", response.isAccessGranted()); + } + } + + private Request createRequest(HttpResource contextResource) throws Exception + { + //Create a RequestType + Request request = new Request(); + + //Create Subjects + Roles roles = new Roles(); + roles.addName("Admin"); + request.addSubject(roles.getSubject()); + + //Create Resource + request.addResource(contextResource.getResource()); + + //Create Action + request.setAction(new Read().getAction()); + + return request; + } +}