[jboss-svn-commits] JBL Code SVN: r21269 - in labs/jbossrules/trunk/drools-guvnor/src: test/java/org/drools/guvnor/server and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Jul 29 03:11:28 EDT 2008
Author: michael.neale at jboss.com
Date: 2008-07-29 03:11:28 -0400 (Tue, 29 Jul 2008)
New Revision: 21269
Modified:
labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java
labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java
Log:
some more tests for security
Modified: labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-07-29 06:32:53 UTC (rev 21268)
+++ labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/ServiceImplementation.java 2008-07-29 07:11:28 UTC (rev 21269)
@@ -202,7 +202,7 @@
if (Contexts.isSessionContextActive()) {
Identity.instance().checkPermission(
new PackageNameType(initialPackage),
- RoleTypes.PACKAGE_ADMIN);
+ RoleTypes.PACKAGE_DEVELOPER);
}
log.info("USER:" + repository.getSession().getUserID()
@@ -1901,7 +1901,11 @@
@WebRemote
@Restrict("#{identity.loggedIn}")
public Capabilities getUserCapabilities() {
- return Capabilities.all();
+ if (Contexts.isSessionContextActive()) {
+ return Capabilities.all();
+ } else {
+ return Capabilities.all();
+ }
}
}
\ No newline at end of file
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java 2008-07-29 06:32:53 UTC (rev 21268)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/ServiceImplementationTest.java 2008-07-29 07:11:28 UTC (rev 21269)
@@ -24,6 +24,7 @@
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import junit.framework.TestCase;
@@ -90,6 +91,7 @@
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.contexts.Lifecycle;
import org.jboss.seam.security.AuthorizationException;
+import org.jboss.seam.security.permission.PermissionResolver;
import com.google.gwt.user.client.rpc.IsSerializable;
import com.google.gwt.user.client.rpc.SerializableException;
@@ -234,6 +236,37 @@
AssetItem dtItem = impl.repository.loadAssetByUUID(uuid);
assertEquals(dtItem.getDescription(), "an initial desc");
+
+
+ Lifecycle.beginApplication(new HashMap());
+ Lifecycle.beginCall();
+ MockIdentity mi = new MockIdentity();
+ mi.inject();
+
+ try {
+ uuid = impl.createNewRule("testCreateNewRuleName22",
+ "an initial desc", "testCreateNewRule", "testCreateNewRule",
+ AssetFormats.DSL_TEMPLATE_RULE);
+ fail("not allowed");
+ } catch (AuthorizationException e) {
+ assertNotNull(e.getMessage());
+ }
+
+ mi.addPermissionResolver(new PermissionResolver() {
+ public void filterSetByAction(Set<Object> arg0, String arg1) {
+ }
+
+ public boolean hasPermission(Object arg0, String arg1) {
+ return (arg1.equals(RoleTypes.PACKAGE_DEVELOPER));
+ }
+
+ });
+ uuid = impl.createNewRule("testCreateNewRuleName22",
+ "an initial desc", "testCreateNewRule", "testCreateNewRule",
+ AssetFormats.DSL_TEMPLATE_RULE);
+
+
+
}
public void testCreateNewRuleContainsApostrophe() throws Exception {
@@ -393,7 +426,7 @@
TableDataRow row2 = res2.data[0];
String uuid2 = row2.id;
-
+
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
@@ -403,30 +436,30 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis", RoleTypes.ANALYST, null,
"testLoadRuleAssetWithRoleBasedAuthrozationCat1"));
Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
+
//now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid);
try {
asset = impl.loadRuleAsset(uuid2);
fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
+ } catch (AuthorizationException e) {
}
} finally {
Lifecycle.endApplication();
}
}
-
+
public void testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonly() throws Exception {
try {
ServiceImplementation impl = getService();
@@ -440,7 +473,7 @@
"description",
"testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyCat1",
"testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1", "drl");
-
+
impl.repository.createPackage(
"testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
@@ -457,8 +490,8 @@
String uuid = row.id;
PackageItem source = impl.repository
.loadPackage("testLoadRuleAssetWithRoleBasedAuthrozationPackageReadonlyPack1");
- String package1Uuid = source.getUUID();
-
+ String package1Uuid = source.getUUID();
+
TableDataRow row2 = res.data[1];
String uuid2 = row2.id;
@@ -471,12 +504,12 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_READONLY,
@@ -484,18 +517,18 @@
Contexts.getSessionContext().set("packageBasedPermission", pbps);
- //now lets see if we can access this asset with the permissions
+ //now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid);
try {
asset = impl.loadRuleAsset(uuid2);
fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
+ } catch (AuthorizationException e) {
}
} finally {
Lifecycle.endApplication();
}
}
-
+
//Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
//The user role is admin
public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategory() throws Exception {
@@ -521,12 +554,12 @@
midentity.setHasRole(true);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
/* pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_READONLY,
@@ -534,14 +567,14 @@
Contexts.getSessionContext().set("packageBasedPermission", pbps);
- //now lets see if we can access this asset with the permissions
+ //now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid);
assertNotNull(asset);
} finally {
Lifecycle.endApplication();
}
}
-
+
//Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
//The user role is admin
public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryPackageAdmin() throws Exception {
@@ -568,12 +601,12 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_ADMIN,
@@ -581,14 +614,14 @@
Contexts.getSessionContext().set("packageBasedPermission", pbps);
- //now lets see if we can access this asset with the permissions
+ //now lets see if we can access this asset with the permissions
RuleAsset asset = impl.loadRuleAsset(uuid);
assertNotNull(asset);
} finally {
Lifecycle.endApplication();
}
}
-
+
//Access an asset that belongs to no category. e.g., Packages -> Create New -> "upload new Model jar".
//The user role is analyst
public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryAnalyst() throws Exception {
@@ -615,12 +648,12 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.ANALYST,
@@ -628,18 +661,18 @@
Contexts.getSessionContext().set("packageBasedPermission", pbps);
- //now lets see if we can access this asset with the permissions
+ //now lets see if we can access this asset with the permissions
try {
RuleAsset asset = impl.loadRuleAsset(uuid);
fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
+ } catch (AuthorizationException e) {
}
} finally {
Lifecycle.endApplication();
}
}
- //Access an asset that belongs to no category. The user role is analyst and package.admin.
+ //Access an asset that belongs to no category. The user role is analyst and package.admin.
//Because the analyst role the user has has no category access to the asset,
//the permission can not be granted even though the package.admin role has package access.
public void testLoadRuleAssetWithRoleBasedAuthrozationAssetNoCategoryMixed() throws Exception {
@@ -666,12 +699,12 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.ANALYST,
@@ -682,17 +715,17 @@
Contexts.getSessionContext().set("packageBasedPermission", pbps);
- //now lets see if we can access this asset with the permissions
+ //now lets see if we can access this asset with the permissions
try {
RuleAsset asset = impl.loadRuleAsset(uuid);
fail("Did not catch expected exception");
- } catch (AuthorizationException e) {
+ } catch (AuthorizationException e) {
}
} finally {
Lifecycle.endApplication();
}
}
-
+
public void testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonly() throws Exception {
try {
ServiceImplementation impl = getService();
@@ -706,15 +739,15 @@
"description",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack1", "drl");
-
+
impl.repository.createPackage(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "desc");
impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
"description",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "drl");
-
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2", "drl");
+
impl.repository.createPackage(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack3", "desc");
@@ -727,7 +760,7 @@
String package1Uuid = source.getUUID();
source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyPack2");
String package2Uuid = source.getUUID();
-
+
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
@@ -737,12 +770,12 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_READONLY,
@@ -752,8 +785,8 @@
package2Uuid, null));
Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
-
+
+
TableDataResult res = impl.loadRuleListForCategories(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationPackageReadonlyCat1", 0, -1,
AssetItemGrid.RULE_LIST_TABLE_ID);
@@ -762,7 +795,7 @@
Lifecycle.endApplication();
}
}
-
+
public void testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalyst() throws Exception {
try {
ServiceImplementation impl = getService();
@@ -776,15 +809,15 @@
"description",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack1", "drl");
-
+
impl.repository.createPackage(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "desc");
impl.createNewRule("testLoadRuleAssetWithRoleBasedAuthrozation",
"description",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
- "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "drl");
-
+ "testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2", "drl");
+
impl.repository.createPackage(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3", "desc");
@@ -792,12 +825,12 @@
"description",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1",
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3", "drl");
-
+
PackageItem source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack2");
String package2Uuid = source.getUUID();
source = impl.repository.loadPackage("testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystPack3");
String package3Uuid = source.getUUID();
-
+
// Mock up SEAM contexts
Map application = new HashMap<String, Object>();
Lifecycle.beginApplication(application);
@@ -807,12 +840,12 @@
midentity.setHasRole(false);
midentity.addPermissionResolver(new PackageBasedPermissionResolver());
midentity.addPermissionResolver(new CategoryBasedPermissionResolver());
-
+
Contexts.getSessionContext().set(
"org.jboss.seam.security.identity", midentity);
Contexts.getSessionContext().set(
"org.drools.guvnor.client.rpc.RepositoryService", impl);
-
+
List<RoleBasedPermission> pbps = new ArrayList<RoleBasedPermission>();
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.ANALYST,
@@ -823,10 +856,10 @@
pbps.add(new RoleBasedPermission("jervis",
RoleTypes.PACKAGE_DEVELOPER,
package3Uuid, null));
-
+
Contexts.getSessionContext().set("packageBasedPermission", pbps);
-
-
+
+
TableDataResult res = impl.loadRuleListForCategories(
"testloadRuleListForCategoriesWithRoleBasedAuthrozationAnalystCat1", 0, -1,
AssetItemGrid.RULE_LIST_TABLE_ID);
@@ -836,7 +869,7 @@
}
}
-
+
public void testLoadAssetHistoryAndRestore() throws Exception {
ServiceImplementation impl = getService();
impl.repository.createPackage("testLoadAssetHistory", "desc");
@@ -2573,6 +2606,12 @@
}
+ @Override
+ protected void tearDown() throws Exception {
+ if (Contexts.isApplicationContextActive()) {
+ Lifecycle.endApplication();
+ }
+ }
private ServiceImplementation getService() throws Exception {
ServiceImplementation impl = new ServiceImplementation();
Modified: labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java
===================================================================
--- labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java 2008-07-29 06:32:53 UTC (rev 21268)
+++ labs/jbossrules/trunk/drools-guvnor/src/test/java/org/drools/guvnor/server/security/MockIdentity.java 2008-07-29 07:11:28 UTC (rev 21269)
@@ -1,13 +1,13 @@
package org.drools.guvnor.server.security;
/*
* Copyright 2005 JBoss Inc
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,6 +22,7 @@
import java.util.List;
import java.util.Map;
+import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.permission.PermissionResolver;
import org.jboss.seam.security.permission.ResolverChain;
@@ -50,11 +51,18 @@
return true;
}
}
-
+
return false;
}
-
+
public void addPermissionResolver(PermissionResolver r) {
resolvers.add(r);
}
+
+ /**
+ * Push this mock as the identity to Seam.
+ */
+ public void inject() {
+ Contexts.getSessionContext().set("org.jboss.seam.security.identity", this);
+ }
}
\ No newline at end of file
More information about the jboss-svn-commits
mailing list