SecurityManagerTest.java example

Explorer
jbpm-master
/*
 * Copyright 2015 Red Hat, Inc. and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
*/

package org.jbpm.runtime.manager.impl.deploy;

import static org.junit.Assert.assertNotNull;

import java.util.Properties;

import org.jbpm.runtime.manager.util.TestUtil;
import org.jbpm.services.task.identity.JBossUserGroupCallbackImpl;
import org.jbpm.test.util.AbstractBaseTest;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.kie.api.io.ResourceType;
import org.kie.api.runtime.manager.RuntimeEngine;
import org.kie.api.runtime.manager.RuntimeEnvironment;
import org.kie.api.runtime.manager.RuntimeEnvironmentBuilder;
import org.kie.api.runtime.manager.RuntimeManager;
import org.kie.api.runtime.manager.RuntimeManagerFactory;
import org.kie.internal.io.ResourceFactory;
import org.kie.internal.runtime.manager.InternalRuntimeManager;
import org.kie.internal.runtime.manager.SecurityManager;
import org.kie.internal.runtime.manager.context.EmptyContext;
import org.kie.internal.task.api.UserGroupCallback;

import bitronix.tm.resource.jdbc.PoolingDataSource;

public class SecurityManagerTest extends AbstractBaseTest {
	
    private PoolingDataSource pds;
    private UserGroupCallback userGroupCallback;  
    private RuntimeManager manager;
    @Before
    public void setup() {
        TestUtil.cleanupSingletonSessionId();
        pds = TestUtil.setupPoolingDataSource();
        Properties properties= new Properties();
        properties.setProperty("mary", "HR");
        properties.setProperty("john", "HR");
        userGroupCallback = new JBossUserGroupCallbackImpl(properties);
    }
    
    @After
    public void teardown() {
        if (manager != null) {
            manager.close();
        }
        pds.close();
    }

    @Test
	public void testNoSecurityManager() {
		RuntimeEnvironment environment = RuntimeEnvironmentBuilder.Factory.get()
    			.newEmptyBuilder()
    			.userGroupCallback(userGroupCallback)
                .addAsset(ResourceFactory.newClassPathResource("BPMN2-ScriptTask.bpmn2"), ResourceType.BPMN2)
                .get();
        
        manager = RuntimeManagerFactory.Factory.get().newSingletonRuntimeManager(environment);        
        assertNotNull(manager);
        
        RuntimeEngine runtime = manager.getRuntimeEngine(EmptyContext.get());
        assertNotNull(runtime);
        
        manager.disposeRuntimeEngine(runtime);
	}
    
    @Test(expected=SecurityException.class)
  	public void testDenyAllSecurityManager() {
  		RuntimeEnvironment environment = RuntimeEnvironmentBuilder.Factory.get()
      			.newEmptyBuilder()
      			.userGroupCallback(userGroupCallback)
                  .addAsset(ResourceFactory.newClassPathResource("BPMN2-ScriptTask.bpmn2"), ResourceType.BPMN2)
                  .get();
          
          manager = RuntimeManagerFactory.Factory.get().newSingletonRuntimeManager(environment);        
          assertNotNull(manager);
          ((InternalRuntimeManager) manager).setSecurityManager(new SecurityManager() {
			
			@Override
			public void checkPermission() throws SecurityException {
				throw new SecurityException("Deny all on purpose");
			}
          });
          manager.getRuntimeEngine(EmptyContext.get());        
  	}
    
    @Test(expected=SecurityException.class)
	public void testCustomSecurityManager() {
		RuntimeEnvironment environment = RuntimeEnvironmentBuilder.Factory.get()
    			.newEmptyBuilder()
    			.userGroupCallback(userGroupCallback)
                .addAsset(ResourceFactory.newClassPathResource("BPMN2-ScriptTask.bpmn2"), ResourceType.BPMN2)
                .get();
        
        manager = RuntimeManagerFactory.Factory.get().newSingletonRuntimeManager(environment);        
        assertNotNull(manager);
        final User user = new User("john");
        ((InternalRuntimeManager) manager).setSecurityManager(new SecurityManager() {

			@Override
			public void checkPermission() throws SecurityException {
				if ("mary".equals(user.getName())) {
					throw new SecurityException("Mary is not allowed to use runtime manager");
				}
			}
        	
        });
        
        RuntimeEngine runtime = manager.getRuntimeEngine(EmptyContext.get());
        assertNotNull(runtime);
        
        manager.disposeRuntimeEngine(runtime);
        
        user.setName("mary");
        manager.getRuntimeEngine(EmptyContext.get());
	}
    
    private class User {
    	private String name;

    	User(String name) {
    		this.name = name;
    	}
    	
		public String getName() {
			return name;
		}

		public void setName(String name) {
			this.name = name;
		}
    }
}