AuthorizerClassLoaderTest.java

/*
 * Copyright © 2016 Cask Data, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

package co.cask.cdap.security.authorization;

import co.cask.cdap.api.app.Application;
import co.cask.cdap.common.lang.ClassPathResources;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.spi.authorization.Authorizer;
import co.cask.cdap.security.spi.authorization.UnauthorizedException;
import com.google.common.collect.ImmutableList;
import com.google.gson.Gson;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.twill.filesystem.LocationFactory;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;

import java.util.List;
import javax.annotation.Nullable;

/**
 * Tests for {@link AuthorizerClassLoader}.
 */
public class AuthorizerClassLoaderTest {
  private final ClassLoader parent = AuthorizerClassLoader.createParent();

  @Test
  public void testAuthorizerClassLoaderParentAvailableClasses() throws ClassNotFoundException {
    // classes from java.* should be available
    parent.loadClass(List.class.getName());
    // classes from javax.* should be available
    parent.loadClass(Nullable.class.getName());
    // classes from gson should be available
    parent.loadClass(Gson.class.getName());
    // classes from cdap-api should be available
    parent.loadClass(Application.class.getName());
    // classes from twill-api should be available as dependencies of cdap-api
    parent.loadClass(LocationFactory.class.getName());
    // classes from slf4j-api should be available as dependencies of cdap-api
    parent.loadClass(Logger.class.getName());
    // classes from cdap-proto should be available
    parent.loadClass(Principal.class.getName());
    // classes from cdap-security-spi should be available
    parent.loadClass(Authorizer.class.getName());
    parent.loadClass(UnauthorizedException.class.getName());
  }

  @Test
  public void testAuthorizerClassLoaderParentUnavailableClasses() {
    // classes from guava should not be available
    assertClassUnavailable(ImmutableList.class);
    // classes from hadoop should not be available
    assertClassUnavailable(Configuration.class);
    // classes from hbase should not be available
    assertClassUnavailable(HTable.class);
    // classes from spark should not be available
    assertClassUnavailable("org.apache.spark.SparkConf");
    // classes from cdap-common should not be available
    assertClassUnavailable(ClassPathResources.class);
    // classes from cdap-security should not be available
    assertClassUnavailable(AuthorizerClassLoader.class);
    // classes from cdap-data-fabric should not be available
    assertClassUnavailable("co.cask.cdap.data2.util.TableId");
    // classes from cdap-app-fabric should not be available
    assertClassUnavailable("co.cask.cdap.internal.app.namespace.DefaultNamespaceAdmin");
  }

  private void assertClassUnavailable(Class<?> aClass) {
    assertClassUnavailable(aClass.getName());
  }

  private void assertClassUnavailable(String aClassName) {
    try {
      parent.loadClass(aClassName);
      Assert.fail(String.format("Class %s should not be available from the parent class loader of the " +
                                  "AuthorizerClassLoader, but it is.", aClassName));
    } catch (ClassNotFoundException e) {
      // expected
    }
  }
}