AccessTest.java

/**
 * Copyright (c) 2008-2011 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://www.sonatype.com/products/nexus/attributions.
 *
 * This program is free software: you can redistribute it and/or modify it only under the terms of the GNU Affero General
 * Public License Version 3 as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License Version 3
 * for more details.
 *
 * You should have received a copy of the GNU Affero General Public License Version 3 along with this program.  If not, see
 * http://www.gnu.org/licenses.
 *
 * Sonatype Nexus (TM) Open Source Version is available from Sonatype, Inc. Sonatype and Sonatype Nexus are trademarks of
 * Sonatype, Inc. Apache Maven is a trademark of the Apache Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
 * All other trademarks are the property of their respective owners.
 */
package org.sonatype.nexus.proxy.repository;

import java.io.File;
import java.net.URL;
import java.util.Arrays;

import junit.framework.Assert;

import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.codehaus.plexus.util.FileUtils;
import org.sonatype.jettytestsuite.ServletServer;
import org.sonatype.nexus.configuration.application.ApplicationConfiguration;
import org.sonatype.nexus.proxy.AbstractProxyTestEnvironment;
import org.sonatype.nexus.proxy.AccessDeniedException;
import org.sonatype.nexus.proxy.EnvironmentBuilder;
import org.sonatype.nexus.proxy.M2TestsuiteEnvironmentBuilder;
import org.sonatype.nexus.proxy.ResourceStoreRequest;
import org.sonatype.nexus.proxy.item.StorageItem;
import org.sonatype.nexus.proxy.maven.maven2.Maven2ContentClass;
import org.sonatype.nexus.proxy.target.Target;
import org.sonatype.nexus.proxy.target.TargetMatch;
import org.sonatype.nexus.proxy.target.TargetRegistry;
import org.sonatype.nexus.security.WebSecurityUtil;
import org.sonatype.security.SecuritySystem;
import org.sonatype.security.authentication.AuthenticationException;

public class AccessTest
    extends AbstractProxyTestEnvironment
{
    private M2TestsuiteEnvironmentBuilder jettyTestsuiteEnvironmentBuilder;

    protected ApplicationConfiguration applicationConfiguration;

    @Override
    public void setUp()
        throws Exception
    {
        applicationConfiguration = this.lookup( ApplicationConfiguration.class );
        applicationConfiguration.saveConfiguration();

        super.setUp();

        String resource = this.getClass().getName().replaceAll( "\\.", "\\/" ) + "-security-configuration.xml";
        URL url = Thread.currentThread().getContextClassLoader().getResource( resource );
        FileUtils.copyURLToFile( url, new File( getConfHomeDir(), "security-configuration.xml" ) );

        TargetRegistry targetRegistry = this.lookup( TargetRegistry.class );

        Target t1 =
            new Target( "maven2-all", "All (Maven2)", new Maven2ContentClass(), Arrays.asList( new String[] { ".*" } ) );

        targetRegistry.addRepositoryTarget( t1 );

        applicationConfiguration.saveConfiguration();

        // setup security
        this.lookup( SecuritySystem.class ).start(); // need to call start to clear caches
    }

    @Override
    protected EnvironmentBuilder getEnvironmentBuilder()
        throws Exception
    {
        if ( this.jettyTestsuiteEnvironmentBuilder == null )
        {
            ServletServer ss = (ServletServer) lookup( ServletServer.ROLE );
            this.jettyTestsuiteEnvironmentBuilder = new M2TestsuiteEnvironmentBuilder( ss );
        }
        return this.jettyTestsuiteEnvironmentBuilder;
    }

    public void testGroupAccess()
        throws AuthenticationException, Exception
    {

        // user does not have access to the group
        try
        {
            this.getItem( "allrepo3", "test", "/spoof/simple.txt" );
            Assert.fail( "Expected AccessDeniedException" );
        }
        catch ( AccessDeniedException e )
        {
            // expected
        }

        // this user has access to the group
        StorageItem item = this.getItem( "alltest", "test", "/spoof/simple.txt" );
        // the first repo in the group
        Assert.assertEquals( "repo1", item.getRepositoryId() );

    }

    public void testRepositoryAccess()
        throws AuthenticationException, Exception
    {
        // Not true, currently perms are always transitive
        // group access imples repository access, IF NOT EXPOSED, SO "UN"-EXPOSE IT
        // getRepositoryRegistry().getRepositoryWithFacet( "test", GroupRepository.class ).setExposed( false );

        StorageItem item = this.getItem( "alltest", "repo1", "/spoof/simple.txt" );
        Assert.assertEquals( "repo1", item.getRepositoryId() );
    }

    //
    // public void testAuthorizerDirectly()
    // throws Exception
    // {
    // String repoId = "repo1";
    // String path = "/spoof/simple.txt";
    // String username = "alltest";
    //
    // Subject subject = SecurityUtils.getSecurityManager().login( new UsernamePasswordToken( username, "" ) );
    //
    // NexusItemAuthorizer authorizer = this.lookup( NexusItemAuthorizer.class );
    //
    // ResourceStoreRequest request = new ResourceStoreRequest( "/repositories/" + repoId + "/" + path, true );
    // Assert.assertTrue( authorizer.authorizePath( request, Action.read ) );
    //
    // // not sure if we really need to log the user out, we are not using a remember me,
    // // but what can it hurt?
    // SecurityUtils.getSecurityManager().logout( subject.getPrincipals() );
    //
    // }

    private StorageItem getItem( String username, String repositoryId, String path )
        throws AuthenticationException, Exception
    {
        WebSecurityUtil.setupWebContext( username + "-" + repositoryId + "-" + path );

        SecuritySystem securitySystem = this.lookup( SecuritySystem.class );

        Subject subject = securitySystem.login( new UsernamePasswordToken( username, "" ) );

        Repository repo = this.getRepositoryRegistry().getRepository( repositoryId );

        ResourceStoreRequest request = new ResourceStoreRequest( path, false );

        StorageItem item = repo.retrieveItem( request );

        // not sure if we really need to log the user out, we are not using a remember me,
        // but what can it hurt?
        securitySystem.logout( subject );

        return item;
    }

    private String targetMatchToString( TargetMatch targetMatch )
    {
        StringBuffer buffer = new StringBuffer();

        buffer.append( "RepoId: " ).append( targetMatch.getRepository().getId() ).append( "\n" );
        Target target = targetMatch.getTarget();
        buffer.append( "target: " ).append( target.getId() ).append( " - " ).append( target.getName() ).append( "\n" );

        for ( String pattern : target.getPatternTexts() )
        {
            buffer.append( "\tpattern: " ).append( pattern );
        }

        return buffer.toString();
    }

}