use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class AuthorizationManagerTest method testHasRoleOrPrincipal.
@Test
public void testHasRoleOrPrincipal() throws Exception {
// Create new user Alice and 2 sample roles
Principal alice = new WikiPrincipal(Users.ALICE);
Role it = new Role("IT");
Role finance = new Role("Finance");
// Create Group1 with Alice in it, Group2 without
WikiSession session = WikiSessionTest.adminSession(m_engine);
Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
m_groupMgr.setGroup(session, g1);
Principal group1 = g1.getPrincipal();
Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
m_groupMgr.setGroup(session, g2);
Principal group2 = g2.getPrincipal();
// Create anonymous session; not in ANY custom roles or groups
session = WikiSessionTest.anonymousSession(m_engine);
Assert.assertTrue("Anon anonymous", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertFalse("Anon not asserted", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertFalse("Anon not authenticated", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
Assert.assertFalse("Alice not in Anon", m_auth.hasRoleOrPrincipal(session, alice));
Assert.assertFalse("Anon not in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Anon not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
Assert.assertFalse("Anon not in Group1", m_auth.hasRoleOrPrincipal(session, group1));
Assert.assertFalse("Anon not in Group2", m_auth.hasRoleOrPrincipal(session, group2));
// Create asserted session with 1 GroupPrincipal & 1 custom Role
// Alice is asserted, and thus not in ANY custom roles or groups
session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it });
Assert.assertFalse("Alice not anonymous", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertTrue("Alice asserted", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertFalse("Alice not authenticated", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
Assert.assertFalse("Alice not in Alice", m_auth.hasRoleOrPrincipal(session, alice));
Assert.assertFalse("Alice not in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
Assert.assertFalse("Alice not in Group1", m_auth.hasRoleOrPrincipal(session, group1));
Assert.assertFalse("Alice not in Group2", m_auth.hasRoleOrPrincipal(session, group2));
// Create authenticated session with 1 GroupPrincipal & 1 custom Role
// Alice is authenticated, and thus part of custom roles and groups
session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it });
Assert.assertFalse("Alice not anonymous", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertFalse("Alice not asserted", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertTrue("Alice authenticated", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
Assert.assertTrue("Alice in Ernie", m_auth.hasRoleOrPrincipal(session, alice));
Assert.assertTrue("Alice in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
Assert.assertTrue("Alice in Group1", m_auth.hasRoleOrPrincipal(session, group1));
Assert.assertFalse("Alice not in Group2", m_auth.hasRoleOrPrincipal(session, group2));
// Clean up
m_groupMgr.removeGroup("Group1");
m_groupMgr.removeGroup("Group2");
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class GroupManagerTest method setUp.
@Before
public void setUp() throws Exception {
Properties props = TestEngine.getTestProperties();
m_engine = new TestEngine(props);
m_groupMgr = m_engine.getGroupManager();
m_session = WikiSessionTest.adminSession(m_engine);
// Flush any pre-existing groups (left over from previous Assert.failures, perhaps)
try {
m_groupMgr.removeGroup("Test");
m_groupMgr.removeGroup("Test2");
m_groupMgr.removeGroup("Test3");
} catch (NoSuchPrincipalException e) {
// It's not a problem if we can't find the principals...
}
m_groupMgr.addWikiEventListener(m_trap);
m_trap.clearEvents();
// Add 3 test groups
Group group;
group = m_groupMgr.parseGroup("Test", "Alice \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, group);
group = m_groupMgr.parseGroup("Test2", "Bob", true);
m_groupMgr.setGroup(m_session, group);
group = m_groupMgr.parseGroup("Test3", "Fred Flintstone", true);
m_groupMgr.setGroup(m_session, group);
// We should see 3 events: 1 for each group add
Assert.assertEquals(3, m_trap.events().length);
m_trap.clearEvents();
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class GroupManagerTest method testGroupAddEvents.
@Test
public void testGroupAddEvents() throws Exception {
// Flush any pre-existing groups (left over from previous Assert.failures, perhaps)
try {
m_groupMgr.removeGroup("Events");
} catch (NoSuchPrincipalException e) {
// It's not a problem if we get here...
}
m_trap.clearEvents();
Group group = m_groupMgr.parseGroup("Events", "", true);
m_groupMgr.setGroup(m_session, group);
WikiSecurityEvent event;
group = m_groupMgr.getGroup("Events");
group.add(new WikiPrincipal("Alice"));
group.add(new WikiPrincipal("Bob"));
group.add(new WikiPrincipal("Charlie"));
// We should see a GROUP_ADD event
WikiSecurityEvent[] events = m_trap.events();
Assert.assertEquals(1, events.length);
event = events[0];
Assert.assertEquals(m_groupMgr, event.getSrc());
Assert.assertEquals(WikiSecurityEvent.GROUP_ADD, event.getType());
Assert.assertEquals(group, event.getTarget());
// Clean up
m_groupMgr.removeGroup("Events");
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class GroupManagerTest method testParseGroup.
@Test
public void testParseGroup() throws WikiSecurityException {
String members = "Biff";
Group group = m_groupMgr.parseGroup("Group1", members, true);
Assert.assertEquals(1, group.members().length);
Assert.assertTrue(group.isMember(new WikiPrincipal("Biff")));
members = "Biff \n SteveAustin \n FredFlintstone";
group = m_groupMgr.parseGroup("Group2", members, true);
Assert.assertEquals(3, group.members().length);
Assert.assertTrue(group.isMember(new WikiPrincipal("Biff")));
Assert.assertTrue(group.isMember(new WikiPrincipal("SteveAustin")));
Assert.assertTrue(group.isMember(new WikiPrincipal("FredFlintstone")));
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class UserManagerTest method testSetRenamedUserProfile.
@Test
public void testSetRenamedUserProfile() throws Exception {
// First, count the number of users, groups, and pages
int oldUserCount = m_db.getWikiNames().length;
GroupManager groupManager = m_engine.getGroupManager();
PageManager pageManager = m_engine.getPageManager();
AuthorizationManager authManager = m_engine.getAuthorizationManager();
int oldGroupCount = groupManager.getRoles().length;
int oldPageCount = pageManager.getTotalPageCount();
// Setup Step 1: create a new user with random name
WikiSession session = m_engine.guestSession();
long now = System.currentTimeMillis();
String oldLogin = "TestLogin" + now;
String oldName = "Test User " + now;
String newLogin = "RenamedLogin" + now;
String newName = "Renamed User " + now;
UserProfile profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(oldLogin);
profile.setFullname(oldName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// 1a. Make sure the profile saved successfully and that we're logged in
profile = m_mgr.getUserProfile(session);
Assert.assertEquals(oldLogin, profile.getLoginName());
Assert.assertEquals(oldName, profile.getFullname());
Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
Assert.assertTrue(session.isAuthenticated());
// Setup Step 2: create a new group with our test user in it
Group group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
groupManager.setGroup(session, group);
// 2a. Make sure the group is created with the user in it, and the role is added to the Subject
Assert.assertEquals(oldGroupCount + 1, groupManager.getRoles().length);
Assert.assertTrue(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
Assert.assertTrue(groupManager.isUserInRole(session, group.getPrincipal()));
// Setup Step 3: create a new page with our test user in the ACL
String pageName = "TestPage" + now;
m_engine.saveText(pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
// 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
WikiPage p = m_engine.getPage(pageName);
Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
WikiSession bobSession = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Setup Step 4: change the user name in the profile and see what happens
profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(oldLogin);
profile.setFullname(newName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// Test 1: the wiki session should have the new wiki name in Subject
Principal[] principals = session.getPrincipals();
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
// Test 2: our group should not contain the old name OR login name any more
// (the full name is always used)
group = groupManager.getGroup(m_groupName);
Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(newName)));
// Test 3: our page should not contain the old wiki name OR login name
// in the ACL any more (the full name is always used)
p = m_engine.getPage(pageName);
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Test 4: our page text should have been re-written
// (The new full name should be in the ACL, but the login name should have been removed)
String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text. More text.\r\n";
String actualText = m_engine.getText(pageName);
Assert.assertEquals(expectedText, actualText);
// Remove our test page
m_engine.deletePage(pageName);
// Setup Step 6: re-create the group with our old test user names in it
group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
groupManager.setGroup(session, group);
// Setup Step 7: Save a new page with the old login/wiki names in the ACL again
// The test user should still be able to see the page (because the login name matches...)
pageName = "TestPage2" + now;
m_engine.saveText(pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
p = m_engine.getPage(pageName);
Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Setup Step 8: re-save the profile with the new login name
profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(newLogin);
profile.setFullname(oldName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// Test 5: the wiki session should have the new login name in Subject
principals = session.getPrincipals();
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
// Test 6: our group should not contain the old name OR login name any more
// (the full name is always used)
group = groupManager.getGroup(m_groupName);
Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
// Test 7: our page should not contain the old wiki name OR login name
// in the ACL any more (the full name is always used)
p = m_engine.getPage(pageName);
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Test 8: our page text should have been re-written
// (The new full name should be in the ACL, but the login name should have been removed)
expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text. More text.\r\n";
actualText = m_engine.getText(pageName);
Assert.assertEquals(expectedText, actualText);
// CLEANUP: delete the profile; user and page; should be back to old counts
m_db.deleteByLoginName(newLogin);
Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
groupManager.removeGroup(group.getName());
Assert.assertEquals(oldGroupCount, groupManager.getRoles().length);
m_engine.deletePage(pageName);
Assert.assertEquals(oldPageCount, pageManager.getTotalPageCount());
}
Aggregations