/*
* #%L
* FlatPack serialization code
* %%
* Copyright (C) 2012 Perka Inc.
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
package com.getperka.flatpack;
import static org.junit.Assert.assertEquals;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.junit.Test;
import com.getperka.flatpack.domain.Employee;
import com.getperka.flatpack.domain.Person;
import com.getperka.flatpack.domain.TestTypeSource;
import com.getperka.flatpack.ext.EntityResolver;
import com.getperka.flatpack.security.PrincipalMapper;
import com.getperka.flatpack.security.SecurityTarget;
import com.getperka.flatpack.util.FlatPackCollections;
/**
* Verify that principal-related security works.
*/
public class PrincipalPackTest extends FlatPackTest {
class TestEntityResolver implements EntityResolver {
@Override
public <T extends HasUuid> T resolve(Class<T> clazz, UUID uuid) throws Exception {
return clazz.cast(data.get(uuid));
}
}
static class TestPrincipal implements Principal {
private final UUID uuid;
public TestPrincipal(UUID uuid) {
this.uuid = uuid;
}
@Override
public boolean equals(Object o) {
return o instanceof TestPrincipal && uuid.equals(((TestPrincipal) o).uuid);
}
@Override
public String getName() {
return uuid.toString();
}
@Override
public int hashCode() {
return uuid.hashCode();
}
}
static class TestPrincipalMapper implements PrincipalMapper {
@Override
public List<String> getGlobalSecurityGroups(Principal principal) {
return Collections.singletonList("employee");
}
@Override
public List<Principal> getPrincipals(HasUuid entity) {
if (entity instanceof Person) {
return Collections.<Principal> singletonList(new TestPrincipal(entity.getUuid()));
}
return null;
}
/**
* No super-users.
*/
@Override
public boolean isAccessEnforced(Principal principal, SecurityTarget target) {
return true;
}
}
private final Map<UUID, HasUuid> data = FlatPackCollections.mapForLookup();
@Test
public void test() throws IOException {
Employee e1 = makeEmployee();
Employee e2 = makeEmployee();
String e2Name = e2.getName();
Employee e1Send = makeEmployee();
e1Send.setUuid(e1.getUuid());
e1Send.setName("Should see this");
Employee e2Send = makeEmployee();
e2Send.setUuid(e2.getUuid());
e2Send.setName("Should not see this");
data.put(e1.getUuid(), e1);
data.put(e2.getUuid(), e2);
// Update self
Employee updated = deepPack(Employee.class, e1Send, new TestPrincipal(e1.getUuid()));
assertEquals("Should see this", updated.getName());
// Try updating one employee as another
updated = deepPack(Employee.class, e2Send, new TestPrincipal(e1.getUuid()));
assertEquals(e2Name, updated.getName());
}
@Override
protected Configuration getConfiguration() {
return super.getConfiguration()
.addEntityResolver(new TestEntityResolver())
.withPrincipalMapper(new TestPrincipalMapper())
.addTypeSource(new TestTypeSource());
}
}