001: /*
002: jGuard is a security framework based on top of jaas (java authentication and authorization security).
003: it is written for web applications, to resolve simply, access control problems.
004:
005: http://sourceforge.net/projects/jguard/
006:
007: Copyright (C) 2004 Charles GAY
008:
009: This library is free software; you can redistribute it and/or
010: modify it under the terms of the GNU Lesser General Public
011: License as published by the Free Software Foundation; either
012: version 2.1 of the License, or (at your option) any later version.
013:
014: This library is distributed in the hope that it will be useful,
015: but WITHOUT ANY WARRANTY; without even the implied warranty of
016: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
017: Lesser General Public License for more details.
018:
019: You should have received a copy of the GNU Lesser General Public
020: License along with this library; if not, write to the Free Software
021: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
022:
023:
024: jGuard project home page:
025: http://sourceforge.net/projects/jguard/
026:
027: */
028: package net.sf.jguard.core.authorization.permissions;
029:
030: import java.util.ArrayList;
031: import java.util.List;
032:
033: import net.sf.jguard.core.authorization.permissions.URLPermission;
034:
035: import junit.framework.TestCase;
036: import junitx.util.PrivateAccessor;
037:
038: /**
039: * @author <a href="mailto:diabolo512@users.sourceforge.net ">Charles Gay</a>
040: *
041: */
042: public class URLPermissionTest extends TestCase {
043: private URLPermission url1;
044: private URLPermission url1bis;
045: private URLPermission url2;
046: private URLPermission url3;
047: private URLPermission url4;
048: private URLPermission url5;
049: private URLPermission url8;
050: private URLPermission url9;
051: private URLPermission url10;
052: private URLPermission url11;
053: private URLPermission url12;
054: private URLPermission url13;
055: private URLPermission url13empty;
056: private URLPermission url14;
057: private URLPermission url15;
058: private URLPermission url16;
059: private URLPermission url17;
060: private URLPermission url18;
061: private URLPermission url19;
062: private URLPermission url20;
063:
064: private URLPermission url21;
065: private URLPermission url22;
066: private URLPermission url23;
067: private URLPermission url24;
068: private URLPermission url25;
069: private URLPermission url26;
070: private URLPermission url27;
071: private URLPermission url28;
072: private URLPermission url29;
073: private URLPermission url30;
074: private URLPermission url31;
075: private URLPermission url32;
076:
077: /**
078: * @see TestCase#setUp()
079: */
080: protected void setUp() throws Exception {
081: super .setUp();
082: StringBuffer actions1 = new StringBuffer();
083: actions1.append("http://blabla.com/path1?param1=a¶m2=b");
084: actions1.append(",,");
085: actions1.append("description1");
086: url1 = new URLPermission("url1", actions1.toString());
087:
088: StringBuffer actions1bis = new StringBuffer();
089: actions1bis.append("http://blabla.com/path1?param1=a¶m2=b");
090: actions1bis.append(",,");
091: actions1bis.append("description1");
092: url1bis = new URLPermission("url1", actions1bis.toString());
093:
094: StringBuffer actions2 = new StringBuffer();
095: actions2.append("http://blabla.com/path1?param1=a¶m2=b");
096: actions2.append(",,");
097: actions2.append("description2");
098: url2 = new URLPermission("url2", actions2.toString());
099:
100: StringBuffer actions3 = new StringBuffer();
101: actions3.append("http://blabla.com/path1");
102: actions3.append(",,");
103: actions3.append("description3");
104: url3 = new URLPermission("url3", actions3.toString());
105:
106: StringBuffer actions4 = new StringBuffer();
107: actions4.append("http://blabla.com/path1");
108: actions4.append(",,");
109: actions4.append("description4");
110: url4 = new URLPermission("url4", actions4.toString());
111:
112: StringBuffer actions5 = new StringBuffer();
113: actions5.append("http://blabla.com/path5?param1=a¶m2=b");
114: actions5.append(",,");
115: actions5.append("description5");
116: url5 = new URLPermission("url5", actions5.toString());
117:
118: StringBuffer actions6 = new StringBuffer();
119: actions6.append("http://blabla.com/path6 blabla");
120: actions6.append(",,");
121: actions6.append("description6");
122: try {
123: new URLPermission("url6", actions6.toString());
124: } catch (IllegalArgumentException iae) {
125: System.out.println(" exception is the normal case");
126: }
127: StringBuffer actions7 = new StringBuffer();
128: actions7.append("http://blabla.com/path7%20blabla");
129: actions7.append(",,");
130: actions7.append("description7");
131: new URLPermission("url7", actions7.toString());
132:
133: StringBuffer actions8 = new StringBuffer();
134: actions8.append("http://blabla.com/testeBotao");
135: actions8.append(",,");
136: actions8.append("description8");
137: url8 = new URLPermission("url8", actions8.toString());
138:
139: StringBuffer actions9 = new StringBuffer();
140: actions9.append("http://blabla.com/testeBotaoxxx");
141: actions9.append(",,");
142: actions9.append("description9");
143: url9 = new URLPermission("url9", actions9.toString());
144:
145: StringBuffer actions10 = new StringBuffer();
146: actions10.append("http://blabla.com/testeBotao*");
147: actions10.append(",,");
148: actions10.append("description10");
149: url10 = new URLPermission("url10", actions10.toString());
150:
151: StringBuffer actions11 = new StringBuffer();
152: actions11.append("http://blabla.com/tes*aoxxx");
153: actions11.append(",,");
154: actions11.append("description11");
155: url11 = new URLPermission("url11", actions11.toString());
156:
157: StringBuffer actions12 = new StringBuffer();
158: actions12.append("/path1?param1=a¶m2=b");
159: actions12.append(",,");
160: actions12.append("description12");
161: url12 = new URLPermission("url12", actions12.toString());
162:
163: StringBuffer actions13 = new StringBuffer();
164: actions13.append("/path1?param1=a¶m2=b");
165: actions13.append(",,");
166: actions13.append("description13");
167: url13 = new URLPermission("url13", actions13.toString());
168:
169: url13empty = new URLPermission("url13");
170:
171: url14 = new URLPermission("url14");
172: //url14.setUri(new URI("/toto.do"));
173:
174: StringBuffer actions15 = new StringBuffer();
175: actions15.append("/index.html");
176: actions15.append(",,");
177: actions15.append("description15");
178: url15 = new URLPermission("url15", actions15.toString());
179:
180: StringBuffer actions16 = new StringBuffer();
181: actions16.append("/*");
182: actions16.append(",,");
183: actions16.append("description16");
184: url16 = new URLPermission("url16", actions16.toString());
185:
186: StringBuffer actions17 = new StringBuffer();
187: actions17.append("http://blabla.com/path?param1='a'");
188: actions17.append(",,");
189: actions17.append("");
190: url17 = new URLPermission("url17", actions17.toString());
191:
192: StringBuffer actions18 = new StringBuffer();
193: actions18.append("http://blabla.com/path?param1='b'");
194: actions18.append(",,");
195: actions18.append("");
196: url18 = new URLPermission("url18", actions18.toString());
197:
198: StringBuffer actions19 = new StringBuffer();
199: actions19.append("http://blabla.com/*?param1='a'");
200: actions19.append(",,");
201: actions19.append("");
202: url19 = new URLPermission("url19", actions19.toString());
203:
204: StringBuffer actions20 = new StringBuffer();
205: actions20.append("http://blabla.com/path");
206: actions20.append(",,");
207: actions20.append("");
208: url20 = new URLPermission("url20", actions20.toString());
209:
210: // tests for parameter evaluations
211: StringBuffer actions21 = new StringBuffer();
212: actions21.append("http://blabla.com/path?param1=abc¶m2=b");
213: actions21.append(",,");
214: actions21.append("");
215: url21 = new URLPermission("url21", actions21.toString());
216:
217: StringBuffer actions22 = new StringBuffer();
218: actions22.append("http://blabla.com/path?param1=abc&*");
219: actions22.append(",,");
220: actions22.append("");
221: url22 = new URLPermission("url22", actions22.toString());
222:
223: StringBuffer actions23 = new StringBuffer();
224: actions23.append("http://blabla.com/path?param1=abc¶m2=*");
225: actions23.append(",,");
226: actions23.append("");
227: url23 = new URLPermission("url23", actions23.toString());
228:
229: StringBuffer actions24 = new StringBuffer();
230: actions24.append("http://blabla.com/path?param1=*");
231: actions24.append(",,");
232: actions24.append("");
233: url24 = new URLPermission("url24", actions24.toString());
234:
235: StringBuffer actions25 = new StringBuffer();
236: actions25.append("http://blabla.com/path?param1=a*&*");
237: actions25.append(",,");
238: actions25.append("");
239: url25 = new URLPermission("url25", actions25.toString());
240:
241: StringBuffer actions26 = new StringBuffer();
242: actions26.append("http://blabla.com/path?param1=dce&*");
243: actions26.append(",,");
244: actions26.append("");
245: url26 = new URLPermission("url26", actions26.toString());
246:
247: // param with empty value
248: StringBuffer actions27 = new StringBuffer();
249: actions27
250: .append("http://blabla.com/path?param1=dce¶m2=¶m3=2");
251: actions27.append(",,");
252: actions27.append("");
253: url27 = new URLPermission("url27", actions27.toString());
254:
255: StringBuffer actions28 = new StringBuffer();
256: actions28.append("http://blabla.com/path1?param1=a¶m2=b");
257: actions28.append(",https,");
258: actions28.append("description1");
259: url28 = new URLPermission("url28", actions28.toString());
260:
261: StringBuffer actions29 = new StringBuffer();
262: actions29.append("http://blabla.com/path1?param1=a¶m2=b");
263: actions29.append(",https");
264: actions29.append(",GET");
265: actions29.append(",description1");
266: url29 = new URLPermission("url29", actions29.toString());
267:
268: StringBuffer actions30 = new StringBuffer();
269: actions30.append("http://blabla.com/path1?param1=a¶m2=b");
270: actions30.append(",https");
271: actions30.append(",TRACE");
272: actions30.append(",description1");
273: url30 = new URLPermission("url30", actions30.toString());
274:
275: StringBuffer actions31 = new StringBuffer();
276: actions31.append("http://blabla.com/path1?param1=a¶m2=b");
277: actions31.append(",https");
278: actions31.append(",ANY");
279: actions31.append(",description1");
280: url31 = new URLPermission("url31", actions31.toString());
281:
282: StringBuffer actions32 = new StringBuffer();
283: actions32.append("http://blabla.com/path1?param1=a¶m2=b");
284: actions32.append(",https");
285: actions32.append(",GET");
286: actions32.append(",description1");
287: url32 = new URLPermission("url32", actions32.toString());
288:
289: }
290:
291: /**
292: * @see TestCase#tearDown()
293: */
294: protected void tearDown() throws Exception {
295: super .tearDown();
296: }
297:
298: /**
299: * Constructor for URLPermissionTest.
300: * @param arg0
301: */
302: public URLPermissionTest(String arg0) {
303: super (arg0);
304: }
305:
306: /**
307: * Class under test for boolean implies(java.security.Permission)
308: */
309: public void testImpliesPermission() {
310: //two urlPermissions with differents name but the same url
311: //implies
312: assertTrue(url1.implies(url1));
313: assertTrue(url1.implies(url2));
314: assertTrue(url3.implies(url4));
315: assertTrue(url3.implies(url2));
316: assertFalse(url2.implies(url3));
317: assertFalse(url5.implies(url3));
318: assertFalse(url5.implies(url2));
319: assertFalse(url8.implies(url9));
320: assertTrue(url10.implies(url9));
321: assertTrue(url11.implies(url9));
322: assertFalse(url1.implies(url12));
323: assertTrue(url12.implies(url13));
324:
325: assertTrue(url16.implies(url15));
326:
327: assertFalse(url17.implies(url18));
328:
329: assertTrue(url19.implies(url17));
330: assertFalse(url19.implies(url18));
331:
332: assertTrue(url20.implies(url17));
333: assertFalse(url17.implies(url20));
334:
335: assertTrue(url22.implies(url21));
336: assertTrue(url23.implies(url21));
337: assertFalse(url24.implies(url21));
338: assertTrue(url25.implies(url21));
339: assertFalse(url26.implies(url21));
340: assertTrue(url26.implies(url27));
341: assertTrue(url28.implies(url29));
342: assertFalse(url29.implies(url28));
343: assertFalse(url29.implies(url30));
344: assertFalse(url30.implies(url31));
345: assertTrue(url31.implies(url30));
346: assertTrue(url31.implies(url32));
347: assertFalse(url32.implies(url31));
348: }
349:
350: /**
351: * Class under test for boolean implies(java.security.Permission)
352: */
353: public void testEquals() {
354:
355: assertFalse(url1.equals(url2));
356: assertTrue(url1.equals(url1bis));
357: assertTrue(url1bis.equals(url1));
358: assertFalse(url3.equals(url4));
359: assertFalse(url13.equals(url13empty));
360: assertFalse(url14.equals(url13));
361: assertFalse(url1.equals(url28));
362: }
363:
364: public void testRemoveRegexpFromURI() {
365: //method should remove all isolated star
366: List patterns = new ArrayList();
367: patterns.add("/teest*.do?toto=4&titi=dfgdfg");
368: patterns.add("/tee*st.do?toto=4&titi=dfgdfg");
369: patterns.add("/t*eest.do?toto=4&titi=dfgdfg");
370: patterns.add("/t*ees*t.do?toto=4&titi=dfgdfg");
371: patterns.add("/t*ees*t.do*?toto=4&titi=dfgdfg");
372: patterns.add("/t*ees*t.do*?toto=4&titi=dfgdfg");
373: patterns.add("/teest.do?toto=4&titi=dfgdfg");
374: System.out.println("******************");
375: for (int i = 0; i < patterns.size(); i++) {
376: String prettyPattern = (String) patterns.get(i);
377: try {
378: System.out.println("prettyPattern=" + prettyPattern);
379: String uri = (String) PrivateAccessor.invoke(
380: new URLPermission("toto"),
381: "removeRegexpFromURI",
382: new Class[] { String.class },
383: new Object[] { prettyPattern });
384: System.out.println("uri=" + uri);
385: assertFalse(uri.matches("\\*"));
386: } catch (Throwable e) {
387: TestCase.fail(e.getMessage());
388: }
389: }
390:
391: //method should remove only one star
392: String pattern = "/tee**st.do?toto=4&titi=dfgdfg";
393: System.out.println("prettyPattern=" + pattern);
394: try {
395: String path = (String) PrivateAccessor.invoke(
396: new URLPermission("toto"), "removeRegexpFromURI",
397: new Class[] { String.class },
398: new Object[] { pattern });
399:
400: System.out.println("path=" + path);
401: assertTrue(path.equals("/tee*st.do?toto=4&titi=dfgdfg"));
402: } catch (Throwable e) {
403: TestCase.fail(e.getMessage());
404: }
405:
406: //method should remove only one star
407: String pattern2 = "/tee****st.do?toto=4&titi=dfgdfg";
408: System.out.println("prettyPattern=" + pattern);
409: try {
410: String path = (String) PrivateAccessor.invoke(
411: new URLPermission("toto"), "removeRegexpFromURI",
412: new Class[] { String.class },
413: new Object[] { pattern2 });
414:
415: System.out.println("path=" + path);
416: assertTrue(path.equals("/tee**st.do?toto=4&titi=dfgdfg"));
417: } catch (Throwable e) {
418: TestCase.fail(e.getMessage());
419: }
420:
421: }
422:
423: }
|