use of org.killbill.billing.client.model.RoleDefinition in project killbill by killbill.
the class TestSecurity method testUserWithUpdates.
@Test(groups = "slow")
public void testUserWithUpdates() throws KillBillClientException {
final String roleDefinition = "somethingNice";
final String allPermissions = "*";
final String username = "GuanYu";
final String password = "IamAGreatWarrior";
Response response = killBillClient.addRoleDefinition(new RoleDefinition(roleDefinition, ImmutableList.of(allPermissions)), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
response = killBillClient.addUserRoles(new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
logout();
login(username, password);
Permissions permissions = killBillClient.getPermissions();
Assert.assertEquals(permissions.size(), Permission.values().length);
String newPassword = "IamTheBestWarrior";
killBillClient.updateUserPassword(username, newPassword, createdBy, reason, comment);
logout();
login(username, newPassword);
permissions = killBillClient.getPermissions();
Assert.assertEquals(permissions.size(), Permission.values().length);
final String newRoleDefinition = "somethingLessNice";
// Only enough permissions to invalidate itself in the last step...
final String littlePermissions = "user";
response = killBillClient.addRoleDefinition(new RoleDefinition(newRoleDefinition, ImmutableList.of(littlePermissions)), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
killBillClient.updateUserRoles(username, ImmutableList.of(newRoleDefinition), createdBy, reason, comment);
permissions = killBillClient.getPermissions();
// This will only work if correct shiro cache invalidation was performed... requires lots of sweat to get it to work ;-)
Assert.assertEquals(permissions.size(), 2);
killBillClient.invalidateUser(username, createdBy, reason, comment);
try {
killBillClient.getPermissions();
Assert.fail();
} catch (final KillBillClientException e) {
Assert.assertEquals(e.getResponse().getStatusCode(), Status.UNAUTHORIZED.getStatusCode());
}
}
use of org.killbill.billing.client.model.RoleDefinition in project killbill by killbill.
the class TestSecurity method testDynamicUserRolesInternal.
private void testDynamicUserRolesInternal(final String username, final String password, final String roleDefinition, final List<String> permissions, final boolean expectPermissionSuccess) throws Exception {
Response response = killBillClient.addRoleDefinition(new RoleDefinition(roleDefinition, permissions), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
response = killBillClient.addUserRoles(new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
// Now 'login' as new user (along with roles to make an API call requiring permissions), and check behavior
logout();
login(username, password);
boolean success = false;
try {
final String catalogPath = Resources.getResource("SpyCarBasic.xml").getPath();
killBillClient.uploadXMLCatalog(catalogPath, createdBy, reason, comment);
success = true;
} catch (final Exception e) {
if (expectPermissionSuccess || !e.getMessage().startsWith("java.lang.IllegalArgumentException: Unauthorized")) {
throw e;
}
} finally {
Assert.assertTrue(success == expectPermissionSuccess);
}
}
use of org.killbill.billing.client.model.RoleDefinition in project killbill by killbill.
the class TestSecurity method testUserPermission.
@Test(groups = "slow")
public void testUserPermission() throws KillBillClientException {
final String roleDefinition = "notEnoughToAddUserAndRoles";
final List<String> permissions = new ArrayList<String>();
for (Permission cur : Permission.values()) {
if (!cur.getGroup().equals("user")) {
permissions.add(cur.toString());
}
}
Response response = killBillClient.addRoleDefinition(new RoleDefinition(roleDefinition, permissions), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
final String username = "candy";
final String password = "lolipop";
response = killBillClient.addUserRoles(new UserRoles(username, password, ImmutableList.of(roleDefinition)), createdBy, reason, comment);
Assert.assertEquals(response.getStatusCode(), 201);
// Now 'login' as new user (along with roles to make an API call requiring permissions), and check behavior
logout();
login(username, password);
boolean success = false;
try {
killBillClient.addRoleDefinition(new RoleDefinition("dsfdsfds", ImmutableList.of("*")), createdBy, reason, comment);
success = true;
} catch (final Exception e) {
} finally {
Assert.assertFalse(success);
}
success = false;
try {
killBillClient.addUserRoles(new UserRoles("sdsd", "sdsdsd", ImmutableList.of(roleDefinition)), createdBy, reason, comment);
success = true;
} catch (final Exception e) {
} finally {
Assert.assertFalse(success);
}
}
Aggregations