/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.aries.blueprint.itests.authz;
import static org.apache.aries.blueprint.itests.Helper.mvnBundle;
import static org.ops4j.pax.exam.CoreOptions.streamBundle;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessControlException;
import java.security.PrivilegedAction;
import javax.inject.Inject;
import javax.security.auth.login.LoginException;
import org.apache.aries.blueprint.itests.AbstractBlueprintIntegrationTest;
import org.apache.aries.blueprint.itests.Helper;
import org.apache.aries.blueprint.itests.authz.helper.JAASHelper;
import org.apache.aries.blueprint.itests.authz.testbundle.SecuredService;
import org.apache.aries.blueprint.itests.authz.testbundle.impl.SecuredServiceImpl;
import org.junit.Test;
import org.ops4j.pax.exam.CoreOptions;
import org.ops4j.pax.exam.Option;
import org.ops4j.pax.exam.ProbeBuilder;
import org.ops4j.pax.exam.TestProbeBuilder;
import org.ops4j.pax.tinybundles.core.TinyBundles;
import org.osgi.framework.BundleException;
import org.osgi.framework.Constants;
/**
* Test calling a service that is secured using the blueprint-authz module.
*
* Access is regulated using JEE security annotations
* @see SecuredServiceImpl
*/
public class AuthorizationTest extends AbstractBlueprintIntegrationTest {
@Inject
SecuredService service;
@Test
public void testOnlyAdminOk() throws LoginException, BundleException {
JAASHelper.doAs(new String[] {"admin"}, new CallOnlyAdmin());
}
@Test(expected = AccessControlException.class)
public void testOnlyAdminDenied() throws LoginException, BundleException {
JAASHelper.doAs(new String[] {"user"}, new CallOnlyAdmin());
}
@Test
public void testUserAdndAdminOk() throws LoginException, BundleException {
JAASHelper.doAs(new String[] {"admin"}, new CallUserAndAdmin());
JAASHelper.doAs(new String[] {"user"}, new CallUserAndAdmin());
}
@Test(expected = AccessControlException.class)
public void testUserAdndAdminDeniedForUnauthenticated() throws LoginException, BundleException {
service.userAndAdmin("Hi");
}
@Test
public void testAnyOneUnauthenticatedOk() throws LoginException, BundleException {
service.anyOne("Hi");
}
@Test(expected = AccessControlException.class)
public void testDenyAll() throws LoginException, BundleException {
JAASHelper.doAs(new String[] {"admin"}, new CallNoOne());
}
@ProbeBuilder
public TestProbeBuilder probeConfiguration(TestProbeBuilder probe) {
probe.setHeader(Constants.EXPORT_PACKAGE, SecuredService.class.getPackage().getName());
probe.setHeader(Constants.IMPORT_PACKAGE, SecuredService.class.getPackage().getName());
return probe;
}
@org.ops4j.pax.exam.Configuration
public Option[] configuration() throws IOException, LoginException, BundleException {
return new Option[] {
baseOptions(),
CoreOptions.keepCaches(),
Helper.blueprintBundles(),
mvnBundle("org.apache.aries.blueprint", "org.apache.aries.blueprint.authz"),
streamBundle(testBundle()),
};
}
private InputStream testBundle() {
InputStream testBundle = TinyBundles.bundle()
.set(Constants.BUNDLE_SYMBOLICNAME, "authz")
.add(SecuredServiceImpl.class)
.add(SecuredService.class)
.add("OSGI-INF/blueprint/authz.xml", this.getClass().getResourceAsStream("/authz.xml"))
.set(Constants.EXPORT_PACKAGE, SecuredService.class.getPackage().getName())
.set(Constants.IMPORT_PACKAGE, SecuredService.class.getPackage().getName())
.build(TinyBundles.withBnd());
return testBundle;
}
private final class CallUserAndAdmin implements PrivilegedAction<Void> {
@Override
public Void run() {
service.userAndAdmin("Hi");
return null;
}
}
private final class CallOnlyAdmin implements PrivilegedAction<Void> {
@Override
public Void run() {
service.onlyAdmin("Hi");
return null;
}
}
private final class CallNoOne implements PrivilegedAction<Void> {
@Override
public Void run() {
service.noOne("Hi");
return null;
}
}
}