AuthorizationTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.wicket;

import java.io.Serializable;

import org.apache.wicket.authorization.Action;
import org.apache.wicket.authorization.AuthorizationException;
import org.apache.wicket.authorization.IAuthorizationStrategy;
import org.apache.wicket.markup.html.WebComponent;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.model.CompoundPropertyModel;
import org.apache.wicket.request.component.IRequestableComponent;
import org.apache.wicket.util.tester.WicketTestCase;
import org.junit.Test;


/**
 * Authorization tests.
 * 
 * @author hillenius
 */
public class AuthorizationTest extends WicketTestCase
{
	/**
	 * Tests that a component can be created when authorization is allowed.
	 * 
	 * @throws Exception
	 */
	@Test
	public void createAllowedComponent() throws Exception
	{
		new WebComponent("component");
	}

	/**
	 * Tests that a component cannot be created when authorization is not allowed.
	 * 
	 * @throws Exception
	 */
	@Test
	public void testCreateDisallowedComponent() throws Exception
	{
		tester.getApplication()
			.getSecuritySettings()
			.setAuthorizationStrategy(new IAuthorizationStrategy.AllowAllAuthorizationStrategy()
			{
				@Override
				public <T extends IRequestableComponent> boolean isInstantiationAuthorized(
					Class<T> componentClass)
				{
					return false;
				}
			});
		try
		{
			new WebComponent("test");
			// bad: authorization should have failed
			fail("authorization check failed to throw an exception");
		}
		catch (AuthorizationException e)
		{
			// this is good: authorization should have failed
		}
	}

	/**
	 * Test that a component will be rendered when authorization is ok.
	 * 
	 * @throws Exception
	 */
	@Test
	public void testRenderAllowedComponent() throws Exception
	{
		tester.getApplication()
			.getSecuritySettings()
			.setAuthorizationStrategy(new IAuthorizationStrategy.AllowAllAuthorizationStrategy());

		tester.startPage(AuthTestPage1.class);
		tester.assertRenderedPage(AuthTestPage1.class);
		tester.assertLabel("label", "wicked!");
	}

	/**
	 * Test that a component will be rendered when authorization is ok.
	 * 
	 * @throws Exception
	 */
	@Test
	public void testRenderDisallowedComponent() throws Exception
	{
		tester.getApplication()
			.getSecuritySettings()
			.setAuthorizationStrategy(new IAuthorizationStrategy.AllowAllAuthorizationStrategy()
			{
				/**
				 * @see org.apache.wicket.authorization.IAuthorizationStrategy#isActionAuthorized(org.apache.wicket.Component,
				 *      org.apache.wicket.authorization.Action)
				 */
				@Override
				public boolean isActionAuthorized(Component component, Action action)
				{
					if (action == Component.RENDER && component instanceof Label)
					{
						return false;
					}
					return true;
				}
			});
		tester.startPage(AuthTestPage1.class);
		tester.assertRenderedPage(AuthTestPage1.class);
		tester.assertInvisible("label");
	}

	/**
	 * Test that a component will update it's model when authorization is ok.
	 * 
	 * @throws Exception
	 */
	@Test
	public void testEnabledAllowedComponent() throws Exception
	{
		tester.getApplication()
			.getSecuritySettings()
			.setAuthorizationStrategy(new IAuthorizationStrategy.AllowAllAuthorizationStrategy());

		tester.startPage(AuthTestPage1.class);
		tester.assertRenderedPage(AuthTestPage1.class);
		tester.getRequest().getPostParameters().setParameterValue("stringInput", "test");
		tester.submitForm("form");
		tester.assertRenderedPage(AuthTestPage1.class);
		AuthTestPage1 page = (AuthTestPage1)tester.getLastRenderedPage();
		assertTrue(page.isSubmitted());
		Input input = page.getTestModel();
		assertNotNull(input.getStringInput());
		assertEquals("test", input.getStringInput());
	}

	/**
	 * Test that a component will update it's model when authorization is ok.
	 * 
	 * @throws Exception
	 */
	@Test
	public void testEnabledDisallowedComponent() throws Exception
	{
		tester.getApplication()
			.getSecuritySettings()
			.setAuthorizationStrategy(new IAuthorizationStrategy.AllowAllAuthorizationStrategy()
			{
				/**
				 * @see org.apache.wicket.authorization.IAuthorizationStrategy#isActionAuthorized(org.apache.wicket.Component,
				 *      org.apache.wicket.authorization.Action)
				 */
				@Override
				public boolean isActionAuthorized(Component c, Action action)
				{
					if (action == Component.ENABLE && c instanceof TextField &&
						c.getId().equals("stringInput"))
					{
						return false;
					}
					return true;
				}
			});
		tester.startPage(AuthTestPage1.class);
		tester.assertRenderedPage(AuthTestPage1.class);
		tester.getRequest().getPostParameters().setParameterValue("form:stringInput", "test");
		try
		{
			tester.submitForm("form");
			Component component = tester.getComponentFromLastRenderedPage("form:stringInput");
			assertEquals("", component.getDefaultModelObjectAsString());
		}
		catch (WicketRuntimeException e)
		{
			// good
		}
	}

	/**
	 * Test page for authentication tests.
	 */
	public static class AuthTestPage1 extends WebPage
	{
		private static final long serialVersionUID = 1L;

		private Input input;

		private boolean submitted = false;

		/**
		 * Construct.
		 */
		public AuthTestPage1()
		{
			add(new Label("label", "wicked!"));
			add(new TestForm("form"));

		}

		/**
		 * Gets the test model.
		 * 
		 * @return the test model
		 */
		public Input getTestModel()
		{
			return input;
		}

		/**
		 * Gets whether the form was submitted.
		 * 
		 * @return whether the form was submitted
		 */
		public boolean isSubmitted()
		{
			return submitted;
		}

		/** test form. */
		private class TestForm extends Form<Input>
		{
			private static final long serialVersionUID = 1L;

			/**
			 * Construct.
			 * 
			 * @param id
			 */
			public TestForm(String id)
			{
				super(id);
				setDefaultModel(new CompoundPropertyModel<Input>(input = new Input()));
				add(new TextField<String>("stringInput"));
			}

			/**
			 * @see org.apache.wicket.markup.html.form.Form#onSubmit()
			 */
			@Override
			protected void onSubmit()
			{
				submitted = true;
			}
		}
	}

	/** simple input holder. */
	private static class Input implements Serializable
	{
		private static final long serialVersionUID = 1L;

		private String stringInput;

		/**
		 * Gets stringInput.
		 * 
		 * @return stringInput
		 */
		public String getStringInput()
		{
			return stringInput;
		}

		/**
		 * Sets stringInput.
		 * 
		 * @param stringInput
		 *            stringInput
		 */
		public void setStringInput(String stringInput)
		{
			this.stringInput = stringInput;
		}
	}
}