001: /*
002: jGuard is a security framework based on top of jaas (java authentication and authorization security).
003: it is written for web applications, to resolve simply, access control problems.
004: version $Name: $
005: http://sourceforge.net/projects/jguard/
006:
007: Copyright (C) 2004 Charles GAY
008:
009: This library is free software; you can redistribute it and/or
010: modify it under the terms of the GNU Lesser General Public
011: License as published by the Free Software Foundation; either
012: version 2.1 of the License, or (at your option) any later version.
013:
014: This library is distributed in the hope that it will be useful,
015: but WITHOUT ANY WARRANTY; without even the implied warranty of
016: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
017: Lesser General Public License for more details.
018:
019: You should have received a copy of the GNU Lesser General Public
020: License along with this library; if not, write to the Free Software
021: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
022:
023:
024: jGuard project home page:
025: http://sourceforge.net/projects/jguard/
026:
027: */
028: package net.sf.jguard.core.authorization.permissions;
029:
030: import java.io.FilePermission;
031: import java.security.Permission;
032: import java.security.PermissionCollection;
033: import java.security.Permissions;
034: import java.security.Principal;
035: import java.security.ProtectionDomain;
036: import java.util.Enumeration;
037: import java.util.logging.Level;
038: import java.util.logging.Logger;
039:
040: import javax.security.auth.Subject;
041:
042: import junit.framework.TestCase;
043: import net.sf.jguard.core.authentication.credentials.JGuardCredential;
044: import net.sf.jguard.core.authorization.permissions.PermissionUtils;
045: import net.sf.jguard.core.authorization.permissions.URLPermission;
046: import net.sf.jguard.core.principals.UserPrincipal;
047:
048: /**
049: *
050: * @author <a href="mailto:vberetti@users.sourceforge.net">Vincent Beretti</a>
051: */
052: public class PermissionUtilsTest extends TestCase {
053:
054: private static final Logger logger = Logger
055: .getLogger(PermissionUtilsTest.class.getName());
056:
057: public void testEvaluatePermissionCollection() throws Throwable {
058: PermissionUtils.setCachesEnabled(true);
059: PermissionUtils.createCaches();
060:
061: Subject subjectA = new Subject();
062:
063: JGuardCredential nameA = new JGuardCredential();
064: nameA.setId("name");
065: nameA.setValue("userA");
066: JGuardCredential companyA = new JGuardCredential();
067: companyA.setId("company");
068: companyA.setValue("companyA");
069:
070: subjectA.getPublicCredentials().add(nameA);
071: subjectA.getPublicCredentials().add(companyA);
072:
073: if (logger.isLoggable(Level.FINEST)) {
074: logger.finest("---- logging subject ----");
075: logger.finest(subjectA.toString());
076: }
077:
078: UserPrincipal userPrincipal = new UserPrincipal(subjectA);
079:
080: ProtectionDomain protectionDomain = new ProtectionDomain(null,
081: new Permissions(), null,
082: new Principal[] { userPrincipal });
083:
084: PermissionCollection pc = new Permissions();
085: Permission p1 = new FilePermission("file://home", "read");
086: Permission p2 = new FilePermission(
087: "file://home/user/${subject.publicCredentials.name}",
088: "read");
089: Permission p3 = new FilePermission(
090: "file://home/user/${subject.publicCredentials.company}",
091: "read");
092: Permission p4 = new FilePermission(
093: "file://home/user/${subject.publicCredentials.name}/"
094: + "${subject.publicCredentials.company}/${subject.publicCredentials.name}/"
095: + "${subject.publicCredentials.name}/${subject.publicCredentials.company}",
096: "read");
097: Permission p5 = new FilePermission(
098: "file://home/user/${subject.publicCredentials.age}",
099: "read");
100: Permission p6 = new URLPermission("index",
101: "http://www.website.com/index.html?name=${subject.publicCredentials.name}");
102: Permission p7 = new URLPermission("index2",
103: "http://www.web�site.com/index.html?name=${subject.publicCredentials.name}");
104:
105: pc.add(p1);
106: pc.add(p2);
107: pc.add(p3);
108: pc.add(p4);
109: pc.add(p5);
110: pc.add(p6);
111: pc.add(p7);
112:
113: if (logger.isLoggable(Level.FINEST)) {
114: logger.finest("---- logging unresolved permissions ----");
115: Enumeration unresolvedPermEnum = pc.elements();
116: while (unresolvedPermEnum.hasMoreElements()) {
117: logger.finest(unresolvedPermEnum.nextElement()
118: .toString());
119: }
120: }
121:
122: PermissionCollection expectedPc = new Permissions();
123: Permission expectedP1 = new FilePermission("file://home",
124: "read");
125: Permission expectedP2 = new FilePermission(
126: "file://home/user/userA", "read");
127: Permission expectedP3 = new FilePermission(
128: "file://home/user/companyA", "read");
129: Permission expectedP4 = new FilePermission(
130: "file://home/user/userA/companyA/userA/userA/companyA",
131: "read");
132: Permission expectedP6 = new URLPermission("index",
133: "http://www.website.com/index.html?name=userA");
134: Permission expectedP7 = new URLPermission("index2",
135: "http://www.web�site.com/index.html?name=userA");
136:
137: expectedPc.add(expectedP1);
138: expectedPc.add(expectedP2);
139: expectedPc.add(expectedP3);
140: expectedPc.add(expectedP4);
141: expectedPc.add(expectedP6);
142: expectedPc.add(expectedP7);
143:
144: // getting resolved permissions
145: PermissionCollection resolvedPc = PermissionUtils
146: .evaluatePermissionCollection(protectionDomain, pc);
147:
148: if (logger.isLoggable(Level.FINEST)) {
149: logger.finest("---- logging expected permissions ----");
150: Enumeration expectedPermEnum = expectedPc.elements();
151: while (expectedPermEnum.hasMoreElements()) {
152: logger
153: .finest(expectedPermEnum.nextElement()
154: .toString());
155: }
156:
157: logger.finest("---- logging resolved permissions ----");
158: }
159:
160: int collectionSize = 0;
161: Enumeration permEnum = resolvedPc.elements();
162: while (permEnum.hasMoreElements()) {
163: Permission resolvedPerm = (Permission) permEnum
164: .nextElement();
165: logger.finest("verify implies for "
166: + resolvedPerm.toString());
167: System.out.println("verify implies for "
168: + resolvedPerm.toString());
169: assertTrue(expectedPc.implies(resolvedPerm));
170: collectionSize++;
171: }
172: assertEquals(6, collectionSize);
173: System.out.println("END EVALUATE PERMISSION TEST");
174: }
175:
176: public void testEvaluateCombinativePermissionCollection()
177: throws Throwable {
178: PermissionUtils.setCachesEnabled(true);
179: PermissionUtils.createCaches();
180:
181: Subject subject = new Subject();
182:
183: JGuardCredential nameA = new JGuardCredential();
184: nameA.setId("name");
185: nameA.setValue("userA");
186: JGuardCredential nameB = new JGuardCredential();
187: nameB.setId("name");
188: nameB.setValue("userB");
189: JGuardCredential companyA = new JGuardCredential();
190: companyA.setId("company");
191: companyA.setValue("companyA");
192: JGuardCredential companyB = new JGuardCredential();
193: companyB.setId("company");
194: companyB.setValue("companyB");
195: JGuardCredential age = new JGuardCredential();
196: age.setId("age");
197: age.setValue("100");
198:
199: subject.getPublicCredentials().add(nameA);
200: subject.getPublicCredentials().add(nameB);
201: subject.getPublicCredentials().add(companyA);
202: subject.getPublicCredentials().add(companyB);
203: subject.getPublicCredentials().add(age);
204:
205: if (logger.isLoggable(Level.FINEST)) {
206: logger.finest("---- logging subject ----");
207: logger.finest(subject.toString());
208: }
209:
210: UserPrincipal userPrincipal = new UserPrincipal(subject);
211:
212: ProtectionDomain protectionDomain = new ProtectionDomain(null,
213: new Permissions(), null,
214: new Principal[] { userPrincipal });
215:
216: PermissionCollection pc = new Permissions();
217: Permission p1 = new FilePermission("file://home", "read");
218: Permission p2 = new FilePermission(
219: "file://home/user/${subject.publicCredentials.name}",
220: "read");
221: Permission p3 = new FilePermission(
222: "file://home/user/${subject.publicCredentials.company}",
223: "read");
224: Permission p4 = new FilePermission(
225: "file://home/user/${subject.publicCredentials.name}/"
226: + "${subject.publicCredentials.company}/${subject.publicCredentials.age}",
227: "read");
228: Permission p5 = new FilePermission(
229: "file://home/user/${subject.publicCredentials.company}/${subject.publicCredentials.company}",
230: "read");
231: Permission p6 = new URLPermission(
232: "index",
233: "http://www.website.com/index.html?name=${subject.publicCredentials.name}&company=${subject.publicCredentials.company}&age=${subject.publicCredentials.age}");
234:
235: pc.add(p1);
236: pc.add(p2);
237: pc.add(p3);
238: pc.add(p4);
239: pc.add(p5);
240: pc.add(p6);
241:
242: if (logger.isLoggable(Level.FINEST)) {
243: logger.finest("---- logging unresolved permissions ----");
244: Enumeration unresolvedPermEnum = pc.elements();
245: while (unresolvedPermEnum.hasMoreElements()) {
246: logger.finest(unresolvedPermEnum.nextElement()
247: .toString());
248: }
249: }
250:
251: PermissionCollection expectedPc = new Permissions();
252: Permission expectedP1 = new FilePermission("file://home",
253: "read");
254: Permission expectedP2a = new FilePermission(
255: "file://home/user/userA", "read");
256: Permission expectedP2b = new FilePermission(
257: "file://home/user/userB", "read");
258: Permission expectedP3a = new FilePermission(
259: "file://home/user/companyA", "read");
260: Permission expectedP3b = new FilePermission(
261: "file://home/user/companyB", "read");
262: Permission expectedP4a = new FilePermission(
263: "file://home/user/userA/companyA/100", "read");
264: Permission expectedP4b = new FilePermission(
265: "file://home/user/userA/companyB/100", "read");
266: Permission expectedP4c = new FilePermission(
267: "file://home/user/userB/companyA/100", "read");
268: Permission expectedP4d = new FilePermission(
269: "file://home/user/userB/companyB/100", "read");
270: Permission expectedP5a = new FilePermission(
271: "file://home/user/companyA/companyA", "read");
272: Permission expectedP5b = new FilePermission(
273: "file://home/user/companyA/companyB", "read");
274: Permission expectedP5c = new FilePermission(
275: "file://home/user/companyB/companyA", "read");
276: Permission expectedP5d = new FilePermission(
277: "file://home/user/companyB/companyB", "read");
278: Permission expectedP6a = new URLPermission("index",
279: "http://www.website.com/index.html?name=userA&company=companyA&age=100");
280: Permission expectedP6b = new URLPermission("index",
281: "http://www.website.com/index.html?name=userA&company=companyB&age=100");
282: Permission expectedP6c = new URLPermission("index",
283: "http://www.website.com/index.html?name=userB&company=companyA&age=100");
284: Permission expectedP6d = new URLPermission("index",
285: "http://www.website.com/index.html?name=userB&company=companyB&age=100");
286:
287: expectedPc.add(expectedP1);
288: expectedPc.add(expectedP2a);
289: expectedPc.add(expectedP2b);
290: expectedPc.add(expectedP3a);
291: expectedPc.add(expectedP3b);
292: expectedPc.add(expectedP4a);
293: expectedPc.add(expectedP4b);
294: expectedPc.add(expectedP4c);
295: expectedPc.add(expectedP4d);
296: expectedPc.add(expectedP5a);
297: expectedPc.add(expectedP5b);
298: expectedPc.add(expectedP5c);
299: expectedPc.add(expectedP5d);
300: expectedPc.add(expectedP6a);
301: expectedPc.add(expectedP6b);
302: expectedPc.add(expectedP6c);
303: expectedPc.add(expectedP6d);
304:
305: // getting resolved permissions
306: PermissionCollection resolvedPc = PermissionUtils
307: .evaluatePermissionCollection(protectionDomain, pc);
308:
309: if (logger.isLoggable(Level.FINEST)) {
310: logger.finest("---- logging expected permissions ----");
311: Enumeration expectedPermEnum = expectedPc.elements();
312: while (expectedPermEnum.hasMoreElements()) {
313: logger
314: .finest(expectedPermEnum.nextElement()
315: .toString());
316: }
317:
318: logger.finest("---- logging resolved permissions ----");
319: }
320:
321: int collectionSize = 0;
322: Enumeration permEnum = resolvedPc.elements();
323: while (permEnum.hasMoreElements()) {
324: Permission resolvedPerm = (Permission) permEnum
325: .nextElement();
326: logger.finest("verify implies for "
327: + resolvedPerm.toString());
328: System.out.println("verify implies for "
329: + resolvedPerm.toString());
330: assertTrue(expectedPc.implies(resolvedPerm));
331: collectionSize++;
332: }
333: assertEquals(17, collectionSize);
334: System.out.println("END EVALUATE COMBINATIVE PERMISSION TEST");
335:
336: }
337:
338: }
|