Bugzilla_399487_Test.java

/*
 * Copyright (c) 2013 Eike Stepper (Berlin, Germany) and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    Christian W. Damus (CEA LIST) - initial API and implementation
 */
package org.eclipse.emf.cdo.tests.bugzilla;

import org.eclipse.emf.cdo.eresource.CDOResource;
import org.eclipse.emf.cdo.security.Access;
import org.eclipse.emf.cdo.security.Group;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Realm;
import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
import org.eclipse.emf.cdo.session.CDOSession;
import org.eclipse.emf.cdo.tests.AbstractCDOTest;
import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesAfter;
import org.eclipse.emf.cdo.tests.config.impl.ConfigTest.CleanRepositoriesBefore;
import org.eclipse.emf.cdo.tests.config.impl.RepositoryConfig;
import org.eclipse.emf.cdo.tests.config.impl.SessionConfig;
import org.eclipse.emf.cdo.transaction.CDOTransaction;
import org.eclipse.emf.cdo.util.CommitException;
import org.eclipse.emf.cdo.util.ValidationException;
import org.eclipse.emf.cdo.view.CDOView;

import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
import org.eclipse.net4j.util.security.IPasswordCredentials;
import org.eclipse.net4j.util.security.IPasswordCredentialsProvider;
import org.eclipse.net4j.util.security.PasswordCredentials;

import java.util.Iterator;

/**
 * Bug 399487: [Security] Changes to the security realm should be verified before being applied
 *
 * @author Christian W. Damus (CEA LIST)
 */
@CleanRepositoriesBefore(reason = "Security manager installed on repository")
@CleanRepositoriesAfter(reason = "Security manager installed on repository")
public class Bugzilla_399487_Test extends AbstractCDOTest
{
  public void testCommitSafeChanges() throws Exception
  {
    CDOSession session = openSession();
    CDOTransaction transaction = session.openTransaction();

    Realm realm = getRealm(transaction);
    realm.getGroup("Users").getUsers().add(realm.addUser("cdamus", "12345678"));

    try
    {
      transaction.commit();
    }
    catch (CommitException ex)
    {
      fail("Commit rolled back: " + ex.getLocalizedMessage());
    }
  }

  public void testRemoveAdministratorAccess() throws Exception
  {
    CDOSession session = openSession();
    CDOTransaction transaction = session.openTransaction();

    Realm realm = getRealm(transaction);
    Role admin = realm.getRole("Administration");
    for (Iterator<Permission> permissions = admin.getPermissions().iterator(); permissions.hasNext();)
    {
      if (permissions.next().getAccess() == Access.WRITE)
      {
        permissions.remove();
      }
    }

    try
    {
      transaction.commit();
      fail("Should have thrown ValidationException");
    }
    catch (ValidationException ex)
    {
      // Success
    }
    catch (CommitException ex)
    {
      fail("Commit rolled back for wrong reason: " + ex.getLocalizedMessage());
    }
  }

  public void testGroupInheritanceCycle() throws Exception
  {
    CDOSession session = openSession();
    CDOTransaction transaction = session.openTransaction();

    Realm realm = getRealm(transaction);
    Group admins = realm.getGroup("Administrators");
    Group users = realm.getGroup("Users");
    admins.getInheritedGroups().add(users);
    users.getInheritedGroups().add(admins);

    try
    {
      transaction.commit();
      fail("Should have thrown ValidationException");
    }
    catch (ValidationException ex)
    {
      // Success
    }
    catch (CommitException ex)
    {
      fail("Commit rolled back for wrong reason: " + ex.getLocalizedMessage());
    }
  }

  @Override
  public void setUp() throws Exception
  {
    getTestProperties().put(SessionConfig.PROP_TEST_CREDENTIALS_PROVIDER, new IPasswordCredentialsProvider()
    {

      public boolean isInteractive()
      {
        return false;
      }

      public IPasswordCredentials getCredentials()
      {
        return new PasswordCredentials(User.ADMINISTRATOR, "0000");
      }
    });

    super.doSetUp();

    // Create the security manager and attach it to the repository
    ISecurityManager securityManager = SecurityManagerUtil.createSecurityManager("/security", getServerContainer());
    getTestProperties().put(RepositoryConfig.PROP_TEST_SECURITY_MANAGER, securityManager);
    getRepository();
    LifecycleUtil.waitForActive(securityManager, 10000L);
  }

  Realm getRealm(CDOView view)
  {
    CDOResource resource = view.getResource("/security");
    return (Realm)resource.getContents().get(0);
  }
}