/*
* Constellation - An open source and standard compliant SDI
* http://www.constellation-sdi.org
*
* Copyright 2014 Geomatys.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.constellation.ws.security;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
/**
* Test different rules and the answer of the Simple Policy Decision Point.
*
* @author Cédric Briançon (Geomatys)
* @since 0.7
*/
public class SimplePDPTest {
/**
* Some rules to apply.
*/
private static final String RULE1 = "('$ip'=='127.0.0.1')";
private static final String RULE2 = "(('$ip'=='127.0.0.1') && ('$referer'.indexOf('http://localhost:8080/en')!=-1))";
private static final String RULE3 = "(('$ip'=='17.15.25.3') || ('$ip'=='127.0.0.1')) && "
+ "(('$referer'=='http://localhost:8080/fr/web/guest/test') || ('$referer'.indexOf('http://localhost:8080/en')!=-1))";
/**
* Verify the IP address fields in the rule.
*/
@Test
public void isAuthorizedRule1Test() {
final SimplePDP pdp = new SimplePDP(RULE1);
assertTrue(pdp.isAuthorized("127.0.0.1", ""));
}
/**
* Ensures a bad IP address makes the PDP return {@code false}.
*/
@Test
public void isNotAuthorizedRule1Test() {
final SimplePDP pdp = new SimplePDP(RULE1);
assertFalse(pdp.isAuthorized("17.15.25.3", "test"));
}
/**
* Verify both IP address and referer fields.
*/
@Test
public void isAuthorizedRule2Test() {
final SimplePDP pdp = new SimplePDP(RULE2);
assertTrue(pdp.isAuthorized("127.0.0.1", "http://localhost:8080/en/test/constellation"));
}
/**
* Ensures that a referer url which is not contained in the rule makes the PDP return {@code false}.
*/
@Test
public void isNotAuthorizedRule2Test() {
final SimplePDP pdp = new SimplePDP(RULE2);
assertFalse(pdp.isAuthorized("127.0.0.1", "http://localhost:8080/fr/test"));
}
/**
* Verify the IP address and that the referer url is contained in the rule.
*/
@Test
public void isAuthorizedRule3Test() {
final SimplePDP pdp = new SimplePDP(RULE3);
assertTrue(pdp.isAuthorized("17.15.25.3", "http://localhost:8080/fr/web/guest/test"));
}
/**
* Ensures that a referer url which is not contained in the rule makes the PDP return {@code false}.
*/
@Test
public void isNotAuthorizedRule3Test() {
final SimplePDP pdp = new SimplePDP(RULE3);
assertFalse(pdp.isAuthorized("17.15.25.3", "http://localhost:8080/fr/web/guest/test2"));
}
}