use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class AclImplTest method inGroup.
private boolean inGroup(Object[] array, Principal key) {
for (int i = 0; i < array.length; i++) {
if (array[i] instanceof GroupPrincipal) {
String groupName = ((GroupPrincipal) array[i]).getName();
Group group = m_groups.get(groupName);
if (group != null && group.isMember(key)) {
return true;
}
}
}
return false;
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class AuthorizationManagerTest method testGetRoles.
@Test
public void testGetRoles() throws Exception {
WikiSession session;
Principal[] principals;
// Create a new "asserted" session for Bob
session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
// Set up a group without Bob in it
Group test = m_groupMgr.parseGroup("Test", "Alice \n Charlie", true);
m_groupMgr.setGroup(m_session, test);
// Bob should have two roles: ASSERTED and ALL
principals = session.getRoles();
Assert.assertTrue("Bob in ALL", ArrayUtils.contains(principals, Role.ALL));
Assert.assertTrue("Bob in ASSERTED", ArrayUtils.contains(principals, Role.ASSERTED));
Assert.assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(principals, Role.ANONYMOUS));
Assert.assertFalse("Bob not in Test", ArrayUtils.contains(principals, test.getPrincipal()));
// Re-save group "Test" with Bob as a member
test = m_groupMgr.parseGroup("Test", "Alice \n Bob \nCharlie", true);
m_groupMgr.setGroup(m_session, test);
// Bob not authenticated: should still have only two romes
principals = session.getRoles();
Assert.assertTrue("Bob in ALL", ArrayUtils.contains(principals, Role.ALL));
Assert.assertTrue("Bob in ASSERTED", ArrayUtils.contains(principals, Role.ASSERTED));
Assert.assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(principals, Role.ANONYMOUS));
Assert.assertFalse("Bob in Test", ArrayUtils.contains(principals, test.getPrincipal()));
// Elevate Bob to "authenticated" status
session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
// Re-save the group; Bob should possess the role now
test = m_groupMgr.parseGroup("Test", "Alice \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, test);
principals = session.getRoles();
Assert.assertTrue("Bob in ALL", ArrayUtils.contains(principals, Role.ALL));
Assert.assertFalse("Bob in ASSERTED", ArrayUtils.contains(principals, Role.ASSERTED));
Assert.assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(principals, Role.ANONYMOUS));
Assert.assertTrue("Bob in Test", ArrayUtils.contains(principals, test.getPrincipal()));
// Cleanup
m_groupMgr.removeGroup("Test");
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class AuthorizationManagerTest method testIsUserInRole.
@Test
public void testIsUserInRole() throws Exception {
// Create new user Alice and 2 sample roles
Principal alice = new WikiPrincipal(Users.ALICE);
Role it = new Role("IT");
Role finance = new Role("Finance");
// Create Group1 with Alice in it, Group2 without
WikiSession session = WikiSessionTest.adminSession(m_engine);
Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
m_groupMgr.setGroup(session, g1);
Principal group1 = g1.getPrincipal();
Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
m_groupMgr.setGroup(session, g2);
Principal group2 = g2.getPrincipal();
// Create anonymous session; not in ANY custom roles or groups
session = WikiSessionTest.anonymousSession(m_engine);
Assert.assertTrue("Anon anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
Assert.assertFalse("Anon not asserted", m_auth.isUserInRole(session, Role.ASSERTED));
Assert.assertFalse("Anon not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
Assert.assertFalse("Anon not in Ernie", m_auth.isUserInRole(session, alice));
Assert.assertFalse("Anon not in IT", m_auth.isUserInRole(session, it));
Assert.assertFalse("Anon not in Finance", m_auth.isUserInRole(session, finance));
Assert.assertFalse("Anon not in Group1", m_auth.isUserInRole(session, group1));
Assert.assertFalse("Anon not in Group2", m_auth.isUserInRole(session, group2));
// Create asserted session with 1 GroupPrincipal & 1 custom Role
// Alice is asserted, and thus not in ANY custom roles or groups
session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it });
Assert.assertFalse("Alice not anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
Assert.assertTrue("Alice asserted", m_auth.isUserInRole(session, Role.ASSERTED));
Assert.assertFalse("Alice not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
Assert.assertFalse("Alice not in Alice", m_auth.isUserInRole(session, alice));
Assert.assertFalse("Alice not in IT", m_auth.isUserInRole(session, it));
Assert.assertFalse("Alice not in Finance", m_auth.isUserInRole(session, finance));
Assert.assertFalse("Alice not in Group1", m_auth.isUserInRole(session, group1));
Assert.assertFalse("Alice not in Group2", m_auth.isUserInRole(session, group2));
// Create authenticated session with 1 GroupPrincipal & 1 custom Role
// Ernie is authenticated, and thus part of custom roles and groups
session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it });
Assert.assertFalse("Alice not anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
Assert.assertFalse("Alice not asserted", m_auth.isUserInRole(session, Role.ASSERTED));
Assert.assertTrue("Alice not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
Assert.assertFalse("Alice not in Alice", m_auth.isUserInRole(session, alice));
Assert.assertTrue("Alice in IT", m_auth.isUserInRole(session, it));
Assert.assertFalse("Alice not in Finance", m_auth.isUserInRole(session, finance));
Assert.assertTrue("Alice in Group1", m_auth.isUserInRole(session, group1));
Assert.assertFalse("Alice not in Group2", m_auth.isUserInRole(session, group2));
// Clean up
m_groupMgr.removeGroup("Group1");
m_groupMgr.removeGroup("Group2");
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class AuthorizationManagerTest method testResolveUsers.
@Test
public void testResolveUsers() throws WikiException {
// We should be able to resolve a user by login, user, or wiki name
UserProfile profile = m_engine.getUserManager().getUserDatabase().newProfile();
profile.setEmail("authmanagertest@tester.net");
profile.setFullname("AuthorizationManagerTest User");
profile.setLoginName("authmanagertest");
try {
m_engine.getUserManager().getUserDatabase().save(profile);
} catch (WikiSecurityException e) {
Assert.fail("Failed save: " + e.getLocalizedMessage());
}
Assert.assertEquals(new WikiPrincipal("authmanagertest", WikiPrincipal.LOGIN_NAME), m_auth.resolvePrincipal("authmanagertest"));
Assert.assertEquals(new WikiPrincipal("AuthorizationManagerTest User", WikiPrincipal.FULL_NAME), m_auth.resolvePrincipal("AuthorizationManagerTest User"));
Assert.assertEquals(new WikiPrincipal("AuthorizationManagerTestUser", WikiPrincipal.WIKI_NAME), m_auth.resolvePrincipal("AuthorizationManagerTestUser"));
try {
m_engine.getUserManager().getUserDatabase().deleteByLoginName("authmanagertest");
} catch (WikiSecurityException e) {
Assert.fail("Failed delete: " + e.getLocalizedMessage());
}
// A wiki group should resolve to itself
Group group1 = m_groupMgr.parseGroup("SampleGroup", "", true);
m_groupMgr.setGroup(m_session, group1);
Assert.assertEquals(group1.getPrincipal(), m_auth.resolvePrincipal("SampleGroup"));
m_groupMgr.removeGroup("SampleGroup");
// A built-in role should resolve to itself
Assert.assertEquals(Role.AUTHENTICATED, m_auth.resolvePrincipal("Authenticated"));
// We shouldn't be able to spoof a built-in role
Assert.assertNotSame(new WikiPrincipal("Authenticated"), m_auth.resolvePrincipal("Authenticated"));
// An unknown user should resolve to a generic UnresolvedPrincipal
Principal principal = new UnresolvedPrincipal("Bart Simpson");
Assert.assertEquals(principal, m_auth.resolvePrincipal("Bart Simpson"));
}
use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.
the class AuthorizationManagerTest method testAuthenticatedSession.
@Test
public void testAuthenticatedSession() throws Exception {
// Create Alice and her roles
Principal alice = new WikiPrincipal(Users.ALICE);
Role it = new Role("IT");
Role engineering = new Role("Engineering");
Role finance = new Role("Finance");
Principal admin = new GroupPrincipal("Admin");
WikiSession session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it, engineering, admin });
// Create two groups: Alice should be part of group Bar, but not Foo
Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
barGroup.add(alice);
m_groupMgr.setGroup(m_session, fooGroup);
m_groupMgr.setGroup(m_session, barGroup);
// Test user principal posession: user principals of different
// types should still be "the same" if their names are equal
Assert.assertTrue("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.ALICE)));
Assert.assertTrue("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.ALICE)));
Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.BOB)));
Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.BOB)));
// Built-in role membership
Assert.assertTrue("Alice in ALL", m_auth.hasRoleOrPrincipal(session, Role.ALL));
Assert.assertFalse("Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertFalse("Alice not in ASSERTED", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertTrue("Alice in AUTHENTICATED", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
// Custom roles
Assert.assertTrue("Alice in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertTrue("Alice in Engineering", m_auth.hasRoleOrPrincipal(session, engineering));
Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
// Group memberships
Assert.assertFalse("Alice not in Foo", m_auth.hasRoleOrPrincipal(session, fooGroup.getPrincipal()));
Assert.assertTrue("Alice in Bar", m_auth.hasRoleOrPrincipal(session, barGroup.getPrincipal()));
// Cleanup
m_groupMgr.removeGroup("Foo");
m_groupMgr.removeGroup("Bar");
}
Aggregations