/* * Copyright 2015 Red Hat, Inc. and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.jbpm.runtime.manager.impl.deploy; import static org.junit.Assert.assertNotNull; import java.util.Properties; import org.jbpm.runtime.manager.util.TestUtil; import org.jbpm.services.task.identity.JBossUserGroupCallbackImpl; import org.jbpm.test.util.AbstractBaseTest; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.kie.api.io.ResourceType; import org.kie.api.runtime.manager.RuntimeEngine; import org.kie.api.runtime.manager.RuntimeEnvironment; import org.kie.api.runtime.manager.RuntimeEnvironmentBuilder; import org.kie.api.runtime.manager.RuntimeManager; import org.kie.api.runtime.manager.RuntimeManagerFactory; import org.kie.internal.io.ResourceFactory; import org.kie.internal.runtime.manager.InternalRuntimeManager; import org.kie.internal.runtime.manager.SecurityManager; import org.kie.internal.runtime.manager.context.EmptyContext; import org.kie.internal.task.api.UserGroupCallback; import bitronix.tm.resource.jdbc.PoolingDataSource; public class SecurityManagerTest extends AbstractBaseTest { private PoolingDataSource pds; private UserGroupCallback userGroupCallback; private RuntimeManager manager; @Before public void setup() { TestUtil.cleanupSingletonSessionId(); pds = TestUtil.setupPoolingDataSource(); Properties properties= new Properties(); properties.setProperty("mary", "HR"); properties.setProperty("john", "HR"); userGroupCallback = new JBossUserGroupCallbackImpl(properties); } @After public void teardown() { if (manager != null) { manager.close(); } pds.close(); } @Test public void testNoSecurityManager() { RuntimeEnvironment environment = RuntimeEnvironmentBuilder.Factory.get() .newEmptyBuilder() .userGroupCallback(userGroupCallback) .addAsset(ResourceFactory.newClassPathResource("BPMN2-ScriptTask.bpmn2"), ResourceType.BPMN2) .get(); manager = RuntimeManagerFactory.Factory.get().newSingletonRuntimeManager(environment); assertNotNull(manager); RuntimeEngine runtime = manager.getRuntimeEngine(EmptyContext.get()); assertNotNull(runtime); manager.disposeRuntimeEngine(runtime); } @Test(expected=SecurityException.class) public void testDenyAllSecurityManager() { RuntimeEnvironment environment = RuntimeEnvironmentBuilder.Factory.get() .newEmptyBuilder() .userGroupCallback(userGroupCallback) .addAsset(ResourceFactory.newClassPathResource("BPMN2-ScriptTask.bpmn2"), ResourceType.BPMN2) .get(); manager = RuntimeManagerFactory.Factory.get().newSingletonRuntimeManager(environment); assertNotNull(manager); ((InternalRuntimeManager) manager).setSecurityManager(new SecurityManager() { @Override public void checkPermission() throws SecurityException { throw new SecurityException("Deny all on purpose"); } }); manager.getRuntimeEngine(EmptyContext.get()); } @Test(expected=SecurityException.class) public void testCustomSecurityManager() { RuntimeEnvironment environment = RuntimeEnvironmentBuilder.Factory.get() .newEmptyBuilder() .userGroupCallback(userGroupCallback) .addAsset(ResourceFactory.newClassPathResource("BPMN2-ScriptTask.bpmn2"), ResourceType.BPMN2) .get(); manager = RuntimeManagerFactory.Factory.get().newSingletonRuntimeManager(environment); assertNotNull(manager); final User user = new User("john"); ((InternalRuntimeManager) manager).setSecurityManager(new SecurityManager() { @Override public void checkPermission() throws SecurityException { if ("mary".equals(user.getName())) { throw new SecurityException("Mary is not allowed to use runtime manager"); } } }); RuntimeEngine runtime = manager.getRuntimeEngine(EmptyContext.get()); assertNotNull(runtime); manager.disposeRuntimeEngine(runtime); user.setName("mary"); manager.getRuntimeEngine(EmptyContext.get()); } private class User { private String name; User(String name) { this.name = name; } public String getName() { return name; } public void setName(String name) { this.name = name; } } }