[portal-commits] JBoss Portal SVN: r11793 - in branches/JBoss_Portal_Branch_2_6/cms: src/main/org/jboss/portal/test/cms/security and 1 other directories.
portal-commits at lists.jboss.org
portal-commits at lists.jboss.org
Wed Sep 3 05:03:36 EDT 2008
Author: thomas.heute at jboss.com
Date: 2008-09-03 05:03:36 -0400 (Wed, 03 Sep 2008)
New Revision: 11793
Added:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/DummyCommand.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestACLEnforcer.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestAuthorizationManagerImpl.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestNewReadCommand.java
branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security-test.xml
Modified:
branches/JBoss_Portal_Branch_2_6/cms/build.xml
Log:
Added TestCase for extending the CMS with new secured commands
Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2008-09-02 22:46:46 UTC (rev 11792)
+++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2008-09-03 09:03:36 UTC (rev 11793)
@@ -430,6 +430,7 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestReadAccess"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestWriteAccess"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestManageAccess"/>
+ <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestNewReadCommand"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/>
Added: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/DummyCommand.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/DummyCommand.java (rev 0)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/DummyCommand.java 2008-09-03 09:03:36 UTC (rev 11793)
@@ -0,0 +1,50 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.test.cms.security;
+
+import org.jboss.portal.cms.CMSException;
+import org.jboss.portal.cms.impl.jcr.JCRCommand;
+
+/**
+ * @author <a href="mailto:theute at jboss.org">Thomas Heute</a>
+ * @version $Revision$
+ */
+public class DummyCommand extends JCRCommand
+{
+ public String path;
+
+ public DummyCommand(String path)
+ {
+ this.path = path;
+ }
+
+ @Override
+ public Object execute() throws CMSException
+ {
+ System.out.println(path);
+ return null;
+ }
+
+
+}
+
Added: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestACLEnforcer.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestACLEnforcer.java (rev 0)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestACLEnforcer.java 2008-09-03 09:03:36 UTC (rev 11793)
@@ -0,0 +1,60 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.test.cms.security;
+
+import org.jboss.portal.cms.impl.jcr.JCRCommand;
+import org.jboss.portal.cms.impl.jcr.command.ACLEnforcer;
+import org.jboss.portal.cms.security.AuthorizationManager;
+import org.jboss.portal.identity.User;
+
+/**
+ * @author <a href="mailto:theute at jboss.org">Thomas Heute</a>
+ * @version $Revision$
+ */
+public class TestACLEnforcer extends ACLEnforcer
+{
+ public TestACLEnforcer(AuthorizationManager authorizationManager)
+ {
+ super(authorizationManager);
+ addACLCommand(Type.READ, DummyCommand.class.getName());
+ }
+
+ protected boolean hasReadAccess(User user, JCRCommand command)
+ {
+ boolean hasReadAccess = super.hasReadAccess(user, command);
+
+ String path = null;
+ if (command instanceof DummyCommand)
+ {
+ path = ((DummyCommand)command).path;
+ }
+
+ if (path != null)
+ {
+ hasReadAccess = this.hasReadAccess(user, path);
+ }
+
+ return hasReadAccess;
+ }
+}
+
Added: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestAuthorizationManagerImpl.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestAuthorizationManagerImpl.java (rev 0)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestAuthorizationManagerImpl.java 2008-09-03 09:03:36 UTC (rev 11793)
@@ -0,0 +1,40 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.test.cms.security;
+
+import org.jboss.portal.cms.security.AuthorizationManagerImpl;
+
+/**
+ * @author <a href="mailto:theute at jboss.org">Thomas Heute</a>
+ * @version $Revision$
+ */
+public class TestAuthorizationManagerImpl extends AuthorizationManagerImpl
+{
+
+ public void startService() throws Exception
+ {
+ super.startService();
+ setEnforcer(new TestACLEnforcer(this));
+ }
+}
+
Added: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestNewReadCommand.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestNewReadCommand.java (rev 0)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestNewReadCommand.java 2008-09-03 09:03:36 UTC (rev 11793)
@@ -0,0 +1,197 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.test.cms.security;
+
+import java.util.List;
+import java.util.Locale;
+
+import javax.naming.InitialContext;
+
+import junit.framework.TestSuite;
+
+import org.hibernate.Session;
+import org.hibernate.SessionFactory;
+import org.hibernate.Transaction;
+import org.jboss.portal.cms.CMSException;
+import org.jboss.portal.cms.Command;
+import org.jboss.portal.cms.impl.interceptors.ACLInterceptor;
+import org.jboss.portal.cms.impl.jcr.JCRCMS;
+import org.jboss.portal.cms.model.File;
+import org.jboss.portal.cms.model.Folder;
+import org.jboss.portal.cms.security.AuthorizationProviderImpl;
+import org.jboss.portal.common.invocation.Interceptor;
+import org.jboss.portal.identity.IdentityContext;
+import org.jboss.portal.identity.IdentityServiceController;
+import org.jboss.portal.identity.UserModule;
+import org.jboss.portal.server.impl.invocation.JBossInterceptorStack;
+import org.jboss.portal.test.cms.commands.AbstractCommandTestCase;
+import org.jboss.portal.test.cms.commands.CMSInterceptorStackFactory;
+
+/**
+ * @author <a href="mailto:theute at jboss.org">Thomas Heute</a>
+ * @version $Revision$
+ */
+public class TestNewReadCommand extends AbstractCommandTestCase
+{
+ String rejectFolderPath = "/default/private";
+ String allowedFolderPath = "/default/images";
+ String rejectFilePath = "/default/private/license.html";
+ String allowedFilePath = "/default/images/check.gif";
+
+ /**
+ *
+ */
+ protected UserModule userModule = null;
+
+ /**
+ *
+ */
+ public TestNewReadCommand()
+ {
+ super();
+ }
+
+
+ public static TestSuite suite() throws Exception
+ {
+ return createTestSuite(TestNewReadCommand.class);
+ }
+
+ /**
+ *
+ */
+ public void setUp() throws Exception
+ {
+ //override the configration location to include workflow services
+ this.configuration = "org/jboss/portal/cms/jboss-beans-security-test.xml";
+ super.setUp();
+
+ ACLInterceptor aclInterceptor = this.getACLInterceptor();
+
+ //Setup the interceptor stack
+ CMSInterceptorStackFactory stackFactory = new CMSInterceptorStackFactory();
+ Interceptor[] interceptors = new Interceptor[1];
+ interceptors[0] = aclInterceptor;
+ JBossInterceptorStack stack = new JBossInterceptorStack(interceptors);
+ stackFactory.setInterceptorStack(stack);
+
+ this.service.setStackFactory(stackFactory);
+
+ //Register the IdentityService with the JCR service
+ IdentityServiceController identityService = ((AuthorizationProviderImpl)aclInterceptor.getAuthorizationManager().getProvider()).
+ getIdentityServiceController();
+ this.userModule = (UserModule)identityService.getIdentityContext().getObject(IdentityContext.TYPE_USER_MODULE);
+ }
+
+ /**
+ *
+ */
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+ this.userModule = null;
+ }
+
+
+ /** @return */
+ protected ACLInterceptor getACLInterceptor() throws Exception
+ {
+ ACLInterceptor aclInterceptor = (ACLInterceptor)new InitialContext().lookup("java:/portal/cms/ACLInterceptor");
+ return aclInterceptor;
+ }
+
+ /** @param username */
+ protected void runAs(String username) throws Exception
+ {
+ SessionFactory sessionFactory = (SessionFactory)new InitialContext().lookup("java:/SessionFactory");
+ Session session = sessionFactory.openSession();
+ Transaction tx = session.beginTransaction();
+ JCRCMS.getUserInfo().set(this.userModule.findUserByUserName(username));
+ tx.commit();
+ session.close();
+ }
+
+ /**
+ * @param folderPath
+ * @throws CMSException
+ */
+ private void runAccessScenario(String folderPath) throws CMSException
+ {
+ //Get the specified folder
+ Command command = new DummyCommand(folderPath);
+ this.service.execute(command);
+ }
+
+ /** @throws Exception */
+ public void testAnonymous() throws Exception
+ {
+ try
+ {
+ this.runAccessScenario(this.rejectFilePath);
+ assertTrue("Access should not have been granted to" + this.rejectFilePath,
+ false);
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") != -1);
+ }
+
+ try
+ {
+ this.runAccessScenario(this.rejectFolderPath);
+ assertTrue("Access should not have been granted to" + this.rejectFolderPath,
+ false);
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") != -1);
+ }
+
+ try
+ {
+ this.runAccessScenario(this.allowedFilePath);
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+
+ try
+ {
+ this.runAccessScenario(this.allowedFolderPath);
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+ }
+}
+
Added: branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security-test.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security-test.xml (rev 0)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security-test.xml 2008-09-03 09:03:36 UTC (rev 11793)
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~ JBoss, a division of Red Hat ~
+ ~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
+ ~ contributors as indicated by the @authors tag. See the ~
+ ~ copyright.txt in the distribution for a full listing of ~
+ ~ individual contributors. ~
+ ~ ~
+ ~ This is free software; you can redistribute it and/or modify it ~
+ ~ under the terms of the GNU Lesser General Public License as ~
+ ~ published by the Free Software Foundation; either version 2.1 of ~
+ ~ the License, or (at your option) any later version. ~
+ ~ ~
+ ~ This software is distributed in the hope that it will be useful, ~
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
+ ~ Lesser General Public License for more details. ~
+ ~ ~
+ ~ You should have received a copy of the GNU Lesser General Public ~
+ ~ License along with this software; if not, write to the Free ~
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+
+<deployment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:bean-deployer bean-deployer_1_0.xsd"
+ xmlns="urn:jboss:bean-deployer">
+
+ <bean name="DataSourceConfig" class="org.jboss.portal.test.framework.embedded.DataSourceSupport$Config">
+ <constructor factoryMethod="getBean">
+ <factory bean="BeanFactory"/>
+ <parameter>DataSourceConfig</parameter>
+ </constructor>
+ </bean>
+
+ <bean name="HibernateConfig" class="org.jboss.portal.test.framework.embedded.HibernateSupport$Config">
+ <constructor factoryMethod="getBean">
+ <factory bean="BeanFactory"/>
+ <parameter>HibernateConfig</parameter>
+ </constructor>
+ </bean>
+
+ <bean name="JNDISupport" class="org.jboss.portal.test.framework.embedded.JNDISupport">
+ </bean>
+
+ <bean name="TransactionManagerSupport" class="org.jboss.portal.test.framework.embedded.TransactionManagerSupport">
+ </bean>
+
+ <bean name="ConnectionManagerSupport" class="org.jboss.portal.test.framework.embedded.ConnectionManagerSupport">
+ <property name="transactionManager"><inject bean="TransactionManagerSupport" property="transactionManager"/></property>
+ </bean>
+
+ <bean name="DataSourceSupport" class="org.jboss.portal.test.framework.embedded.DataSourceSupport">
+ <property name="transactionManager"><inject bean="TransactionManagerSupport" property="transactionManager"/></property>
+ <property name="connectionManagerReference"><inject bean="ConnectionManagerSupport"
+ property="connectionManagerReference"/></property>
+ <property name="config"><inject bean="DataSourceConfig"/></property>
+ </bean>
+
+ <bean name="HibernateSupport" class="org.jboss.portal.test.framework.embedded.HibernateSupport">
+ <property name="config"><inject bean="HibernateConfig"/></property>
+ <property name="jNDIName">java:/SessionFactory</property>
+ <property name="mappings">
+ <list elementClass="java.lang.String">
+ <value>domain.hbm.xml</value>
+ <value>domain-identity.hbm.xml</value>
+ </list>
+ </property>
+ </bean>
+
+ <bean name="IdentityServiceController" class="org.jboss.portal.core.identity.service.IdentityServiceControllerImpl">
+ <property name="configFile">db-config.xml</property>
+ <property name="defaultConfigFile">standardidentity-config.xml</property>
+ <property name="registerMBeans">false</property>
+ </bean>
+
+ <bean name="IdentityDataLoader" class="org.jboss.portal.test.cms.security.IdentityDataLoader">
+ <property name="identityServiceController"><inject bean="IdentityServiceController"/></property>
+ <property name="identitySessionFactory">java:/SessionFactory</property>
+ </bean>
+
+ <!-- setup for cms security testing -->
+ <bean name="AuthorizationProvider" class="org.jboss.portal.cms.security.AuthorizationProviderImpl">
+ <property name="identityServiceController"><inject bean="IdentityServiceController"/></property>
+ <property name="cmsRootUserName">admin</property>
+ </bean>
+
+ <bean name="AuthorizationManager" class="org.jboss.portal.test.cms.security.TestAuthorizationManagerImpl">
+ <property name="provider"><inject bean="AuthorizationProvider"/></property>
+ <property name="jNDIName">java:portal/cms/AuthorizationManager</property>
+ </bean>
+
+ <bean name="ACLInterceptor" class="org.jboss.portal.cms.impl.interceptors.ACLInterceptor">
+ <property name="authorizationManager"><inject bean="AuthorizationManager"/></property>
+ <property name="jNDIName">java:/portal/cms/ACLInterceptor</property>
+ <property name="cmsSessionFactory">java:/SessionFactory</property>
+ <property name="identitySessionFactory">java:/SessionFactory</property>
+ <property name="defaultPolicy">
+ <![CDATA[
+ <policy>
+ <!-- permissions on the root cms node -->
+ <criteria name="path" value="/">
+ <permission name="cms" action="read">
+ <role name="Anonymous"/>
+ </permission>
+ <permission name="cms" action="write">
+ <role name="User"/>
+ </permission>
+ <permission name="cms" action="manage">
+ <role name="Admin"/>
+ </permission>
+ </criteria>
+ <!-- permissions on the default cms node -->
+ <criteria name="path" value="/default">
+ <permission name="cms" action="read">
+ <role name="Anonymous"/>
+ </permission>
+ <permission name="cms" action="write">
+ <role name="User"/>
+ </permission>
+ <permission name="cms" action="manage">
+ <role name="Admin"/>
+ </permission>
+ </criteria>
+ <!-- permissions on the private/protected node -->
+ <criteria name="path" value="/default/private">
+ <permission name="cms" action="manage">
+ <role name="Admin"/>
+ </permission>
+ </criteria>
+ <!--
+ permissions on the /default/support.html node used to test atomicity of copy/move operations
+ -->
+ <criteria name="path" value="/default/support.html">
+ <permission name="cms" action="manage">
+ <role name="User"/>
+ </permission>
+ </criteria>
+ </policy>
+ ]]>
+ </property>
+ </bean>
+</deployment>
Property changes on: branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security-test.xml
___________________________________________________________________
Name: svn:executable
+ *
More information about the portal-commits
mailing list