CustomAuditLoggerTest.java example

Explorer
infinispan-master
package org.infinispan.security;

import static org.testng.AssertJUnit.assertEquals;

import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;

import javax.security.auth.Subject;

import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.annotations.Test;

@Test(groups = "functional", testName = "security.CustomAuditLoggerTest")
public class CustomAuditLoggerTest extends SingleCacheManagerTest {

   public static final String ADMIN_ROLE = "admin";
   public static final String READER_ROLE = "reader";
   public static final Subject ADMIN = TestingUtil.makeSubject(ADMIN_ROLE);
   public static final Subject READER = TestingUtil.makeSubject(READER_ROLE);

   private static final TestAuditLogger LOGGER = new TestAuditLogger();

   @Override
   protected EmbeddedCacheManager createCacheManager() throws Exception {
      GlobalConfigurationBuilder global = new GlobalConfigurationBuilder();
      GlobalAuthorizationConfigurationBuilder globalRoles = global.security().authorization().enable()
            .principalRoleMapper(new IdentityRoleMapper()).auditLogger(LOGGER);
      ConfigurationBuilder config = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
      AuthorizationConfigurationBuilder authConfig = config.security().authorization().enable();

      globalRoles.role(ADMIN_ROLE).permission(AuthorizationPermission.ALL).role(READER_ROLE)
            .permission(AuthorizationPermission.READ);
      authConfig.role(ADMIN_ROLE).role(READER_ROLE);
      return TestCacheManagerFactory.createCacheManager(global, config);
   }

   @Override
   protected void setup() throws Exception {
      Security.doAs(ADMIN, new PrivilegedExceptionAction<Void>() {

         @Override
         public Void run() throws Exception {
            cacheManager = createCacheManager();
            cache = cacheManager.getCache();
            return null;
         }
      });
   }

   @Override
   protected void teardown() {
      Security.doAs(ADMIN, new PrivilegedAction<Void>() {
         @Override
         public Void run() {
            CustomAuditLoggerTest.super.teardown();
            return null;
         }
      });
   }

   @Override
   protected void clearContent() {
      Security.doAs(ADMIN, new PrivilegedAction<Void>() {
         @Override
         public Void run() {
            cacheManager.getCache().clear();
            return null;
         }
      });
   }

   public void testAdminWriteAllow() {
      Security.doAs(ADMIN, new PrivilegedAction<Void>() {

         @Override
         public Void run() {
            cacheManager.getCache().put("key", "value");
            return null;
         }

      });

      String actual = LOGGER.getLastRecord();
      String expected = LOGGER.formatLogRecord(AuthorizationPermission.WRITE.toString(),
            AuditResponse.ALLOW.toString(), ADMIN.toString());
      assertEquals(expected, actual);
   }

   public void testReaderReadAllow() {
      Security.doAs(READER, new PrivilegedAction<Void>() {

         @Override
         public Void run() {
            cacheManager.getCache().get("key");
            return null;
         }

      });

      String actual = LOGGER.getLastRecord();
      String expected = LOGGER.formatLogRecord(AuthorizationPermission.READ.toString(), AuditResponse.ALLOW.toString(),
            READER.toString());
      assertEquals(expected, actual);
   }

   public void testReaderWriteDeny() {
      try {
         Security.doAs(READER, new PrivilegedAction<Void>() {

            @Override
            public Void run() {
               cacheManager.getCache().put("key", "value");
               return null;
            }

         });
      } catch (SecurityException ingnored) {
      }

      String actual = LOGGER.getLastRecord();
      String expected = LOGGER.formatLogRecord(AuthorizationPermission.WRITE.toString(), AuditResponse.DENY.toString(),
            READER.toString());
      assertEquals(expected, actual);
   }

   public static class TestAuditLogger implements AuditLogger {

      public static final String logTemplate = "Permission to %s is %s for user %s";
      private String lastLogRecord;

      @Override
      public void audit(Subject subject, AuditContext context, String contextName, AuthorizationPermission permission,
            AuditResponse response) {
         lastLogRecord = formatLogRecord(permission.toString(), response.toString(), subject.toString());
      }

      public String getLastRecord() {
         return lastLogRecord;
      }

      public String formatLogRecord(String permission, String response, String subject) {
         return String.format(logTemplate, permission, response, subject);
      }
   }

}