Search in sources :

Example 1 with RoleDefinition

use of org.killbill.billing.client.model.RoleDefinition in project killbill by killbill.

the class TestSecurity method testUserWithUpdates.

@Test(groups = "slow")
public void testUserWithUpdates() throws KillBillClientException {
    final String roleDefinition = "somethingNice";
    final String allPermissions = "*";
    final String username = "GuanYu";
    final String password = "IamAGreatWarrior";
    Response response = killBillClient.addRoleDefinition(new RoleDefinition(roleDefinition, ImmutableList.of(allPermissions)), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    response = killBillClient.addUserRoles(new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    logout();
    login(username, password);
    Permissions permissions = killBillClient.getPermissions();
    Assert.assertEquals(permissions.size(), Permission.values().length);
    String newPassword = "IamTheBestWarrior";
    killBillClient.updateUserPassword(username, newPassword, createdBy, reason, comment);
    logout();
    login(username, newPassword);
    permissions = killBillClient.getPermissions();
    Assert.assertEquals(permissions.size(), Permission.values().length);
    final String newRoleDefinition = "somethingLessNice";
    // Only enough permissions to invalidate itself in the last step...
    final String littlePermissions = "user";
    response = killBillClient.addRoleDefinition(new RoleDefinition(newRoleDefinition, ImmutableList.of(littlePermissions)), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    killBillClient.updateUserRoles(username, ImmutableList.of(newRoleDefinition), createdBy, reason, comment);
    permissions = killBillClient.getPermissions();
    // This will only work if correct shiro cache invalidation was performed... requires lots of sweat to get it to work ;-)
    Assert.assertEquals(permissions.size(), 2);
    killBillClient.invalidateUser(username, createdBy, reason, comment);
    try {
        killBillClient.getPermissions();
        Assert.fail();
    } catch (final KillBillClientException e) {
        Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
    }
}
Also used : Response(com.ning.http.client.Response) UserRoles(org.killbill.billing.client.model.UserRoles) RoleDefinition(org.killbill.billing.client.model.RoleDefinition) Permissions(org.killbill.billing.client.model.Permissions) KillBillClientException(org.killbill.billing.client.KillBillClientException) Test(org.testng.annotations.Test)

Example 2 with RoleDefinition

use of org.killbill.billing.client.model.RoleDefinition in project killbill by killbill.

the class TestSecurity method testDynamicUserRolesInternal.

private void testDynamicUserRolesInternal(final String username, final String password, final String roleDefinition, final List<String> permissions, final boolean expectPermissionSuccess) throws Exception {
    Response response = killBillClient.addRoleDefinition(new RoleDefinition(roleDefinition, permissions), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    response = killBillClient.addUserRoles(new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    // Now 'login' as new user (along with roles to make an API call requiring permissions), and check behavior
    logout();
    login(username, password);
    boolean success = false;
    try {
        final String catalogPath = Resources.getResource("SpyCarBasic.xml").getPath();
        killBillClient.uploadXMLCatalog(catalogPath, createdBy, reason, comment);
        success = true;
    } catch (final Exception e) {
        if (expectPermissionSuccess || !e.getMessage().startsWith("java.lang.IllegalArgumentException: Unauthorized")) {
            throw e;
        }
    } finally {
        Assert.assertTrue(success == expectPermissionSuccess);
    }
}
Also used : Response(com.ning.http.client.Response) UserRoles(org.killbill.billing.client.model.UserRoles) RoleDefinition(org.killbill.billing.client.model.RoleDefinition) KillBillClientException(org.killbill.billing.client.KillBillClientException)

Example 3 with RoleDefinition

use of org.killbill.billing.client.model.RoleDefinition in project killbill by killbill.

the class TestSecurity method testUserPermission.

@Test(groups = "slow")
public void testUserPermission() throws KillBillClientException {
    final String roleDefinition = "notEnoughToAddUserAndRoles";
    final List<String> permissions = new ArrayList<String>();
    for (Permission cur : Permission.values()) {
        if (!cur.getGroup().equals("user")) {
            permissions.add(cur.toString());
        }
    }
    Response response = killBillClient.addRoleDefinition(new RoleDefinition(roleDefinition, permissions), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    final String username = "candy";
    final String password = "lolipop";
    response = killBillClient.addUserRoles(new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment);
    Assert.assertEquals(response.getStatusCode(), 201);
    // Now 'login' as new user (along with roles to make an API call requiring permissions), and check behavior
    logout();
    login(username, password);
    boolean success = false;
    try {
        killBillClient.addRoleDefinition(new RoleDefinition("dsfdsfds", ImmutableList.of("*")), createdBy, reason, comment);
        success = true;
    } catch (final Exception e) {
    } finally {
        Assert.assertFalse(success);
    }
    success = false;
    try {
        killBillClient.addUserRoles(new UserRoles("sdsd", "sdsdsd", ImmutableList.of(roleDefinition)), createdBy, reason, comment);
        success = true;
    } catch (final Exception e) {
    } finally {
        Assert.assertFalse(success);
    }
}
Also used : Response(com.ning.http.client.Response) UserRoles(org.killbill.billing.client.model.UserRoles) ArrayList(java.util.ArrayList) Permission(org.killbill.billing.security.Permission) RoleDefinition(org.killbill.billing.client.model.RoleDefinition) KillBillClientException(org.killbill.billing.client.KillBillClientException) Test(org.testng.annotations.Test)

Aggregations

Response (com.ning.http.client.Response)3 KillBillClientException (org.killbill.billing.client.KillBillClientException)3 RoleDefinition (org.killbill.billing.client.model.RoleDefinition)3 UserRoles (org.killbill.billing.client.model.UserRoles)3 Test (org.testng.annotations.Test)2 ArrayList (java.util.ArrayList)1 Permissions (org.killbill.billing.client.model.Permissions)1 Permission (org.killbill.billing.security.Permission)1