/*
* This is eMonocot, a global online biodiversity information resource.
*
* Copyright © 2011–2015 The Board of Trustees of the Royal Botanic Gardens, Kew and The University of Oxford
*
* eMonocot is free software: you can redistribute it and/or modify it under the terms of the
* GNU Affero General Public License as published by the Free Software Foundation, either version 3
* of the License, or (at your option) any later version.
*
* eMonocot is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
* the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* The complete text of the GNU Affero General Public License is in the source repository as the file
* ‘COPYING’. It is also available from <http://www.gnu.org/licenses/>.
*/
package org.emonocot.service.impl;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import org.emonocot.api.AnnotationService;
import org.emonocot.api.GroupService;
import org.emonocot.api.ImageService;
import org.emonocot.api.OrganisationService;
import org.emonocot.api.TaxonService;
import org.emonocot.api.UserService;
import org.emonocot.model.Annotation;
import org.emonocot.model.Image;
import org.emonocot.model.Taxon;
import org.emonocot.model.auth.Group;
import org.emonocot.model.auth.User;
import org.emonocot.model.registry.Organisation;
import org.emonocot.test.DataManagementSupport;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
/**
*
* @author ben
*
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({"classpath*:META-INF/spring/applicationContext*.xml" })
public class ACLTest extends DataManagementSupport {
private static Logger logger = LoggerFactory.getLogger(ACLTest.class);
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TaxonService taxonService;
@Autowired
private ImageService imageService;
@Autowired
private AnnotationService annotationService;
@Autowired
private UserService userService;
@Autowired
private GroupService groupService;
@Autowired
private OrganisationService sourceService;
private UsernamePasswordAuthenticationToken token;
private Group group;
private Organisation source;
private User user;
/**
* @throws java.lang.Exception
* if there is a problem
*/
@Before
public final void setUp() throws Exception {
setUpTestData();
for (Object obj : getSetUp()) {
if (obj.getClass().equals(Taxon.class)) {
taxonService.saveOrUpdate((Taxon) obj);
} else if (obj.getClass().equals(Image.class)) {
imageService.saveOrUpdate((Image) obj);
} else if (obj.getClass().equals(Annotation.class)) {
annotationService.saveOrUpdate((Annotation) obj);
} else if (obj.getClass().equals(Organisation.class)) {
sourceService.saveOrUpdate((Organisation) obj);
} else if (obj.getClass().equals(User.class)) {
userService.createUser((User) obj);
} else if (obj.getClass().equals(Group.class)) {
groupService.saveOrUpdate((Group) obj);
}
}
token = new UsernamePasswordAuthenticationToken("admin@e-monocot.org",
"sPePhAz6");
Authentication authentication = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
userService.addPermission(source, "test", BasePermission.READ,
Organisation.class);
SecurityContextHolder.clearContext();
}
/**
* @throws java.lang.Exception
* if there is a problem
*/
@After
public final void tearDown() throws Exception {
setSetUp(new ArrayList<Object>());
token = new UsernamePasswordAuthenticationToken("admin@e-monocot.org",
"sPePhAz6");
Authentication authentication = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
userService.deletePermission(source, "test", BasePermission.READ,
Organisation.class);
while (!getTearDown().isEmpty()) {
Object obj = getTearDown().pop();
if (obj.getClass().equals(Taxon.class)) {
taxonService.delete(((Taxon) obj).getIdentifier());
} else if (obj.getClass().equals(Image.class)) {
imageService.delete(((Image) obj).getIdentifier());
} else if (obj.getClass().equals(Annotation.class)) {
annotationService.delete(((Annotation) obj).getIdentifier());
} else if (obj.getClass().equals(Organisation.class)) {
sourceService.delete(((Organisation) obj).getIdentifier());
} else if (obj.getClass().equals(User.class)) {
userService.deleteUser(((User) obj).getIdentifier());
} else if (obj.getClass().equals(Group.class)) {
userService.deleteGroup(((Group) obj).getIdentifier());
}
}
SecurityContextHolder.clearContext();
}
/**
*
*/
@Override
public final void setUpTestData() {
source = createSource("test", "http://example.com", "Test Organisation", "test@example.com");
group = createGroup("test");
user = createUser("authorized.user@e-monocot.org", "good.password", "authorizedUser");
user.getGroups().add(group);
User unauthorizedUser = createUser("unauthorized.user@e-monocot.org",
"bad.password", "unauthorizedUser");
}
/**
*
*/
@Test
public final void testACLWithoutPermission() {
token = new UsernamePasswordAuthenticationToken(
"unauthorized.user@e-monocot.org", "bad.password");
Authentication authentication = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean adeExceptionThrown = false;
try {
sourceService.load("test");
} catch (AccessDeniedException expected) {
adeExceptionThrown = true;
}
assertTrue("An Access Denied Exception was expected",
adeExceptionThrown);
SecurityContextHolder.clearContext();
}
/**
*
*/
@Test
public final void testACLWithPermission() {
token = new UsernamePasswordAuthenticationToken(
"authorized.user@e-monocot.org", "good.password");
Authentication authentication = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
sourceService.load("test");
SecurityContextHolder.clearContext();
}
/**
*
*/
@Test
public final void testACLWithAdministratePermission() {
token = new UsernamePasswordAuthenticationToken(
"admin@e-monocot.org", "sPePhAz6");
Authentication authentication = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
sourceService.load("test");
SecurityContextHolder.clearContext();
}
/**
*
*/
@Test
public final void testListAces() {
for (Object[] row : userService.listAces("test")) {
logger.debug("Object: " + row[0] + " ACE: " + row[1]);
}
}
}