From 3937ab10d59eaf111c154047f0ecc332862090da Mon Sep 17 00:00:00 2001 From: Dancovich Date: Fri, 9 Aug 2013 17:05:35 -0300 Subject: [PATCH] Implementados testes de autorização --- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java | 2 +- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java | 2 +- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java | 18 ++++++++++++------ impl/core/src/test/java/security/athentication/error/ErrorAuthenticator.java | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/athentication/error/ErrorAuthenticatorTest.java | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/ambiguity/AmbiguousAuthorizerTest.java | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/ambiguity/DuplicatedCustomAuthorizer.java | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/custom/CustomAuthorizer.java | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/custom/CustomAuthorizerTest.java | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/error/ErrorAuthorizer.java | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/error/ErrorAuthorizerTest.java | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/selection/SelectedAuthorizerTest.java | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/authorization/undefined/UndefinedAuthorizerTest.java | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/resources/security/authorization/selection/demoiselle.properties | 36 ++++++++++++++++++++++++++++++++++++ 14 files changed, 841 insertions(+), 8 deletions(-) create mode 100644 impl/core/src/test/java/security/athentication/error/ErrorAuthenticator.java create mode 100644 impl/core/src/test/java/security/athentication/error/ErrorAuthenticatorTest.java create mode 100644 impl/core/src/test/java/security/authorization/ambiguity/AmbiguousAuthorizerTest.java create mode 100644 impl/core/src/test/java/security/authorization/ambiguity/DuplicatedCustomAuthorizer.java create mode 100644 impl/core/src/test/java/security/authorization/custom/CustomAuthorizer.java create mode 100644 impl/core/src/test/java/security/authorization/custom/CustomAuthorizerTest.java create mode 100644 impl/core/src/test/java/security/authorization/error/ErrorAuthorizer.java create mode 100644 impl/core/src/test/java/security/authorization/error/ErrorAuthorizerTest.java create mode 100644 impl/core/src/test/java/security/authorization/selection/SelectedAuthorizerTest.java create mode 100644 impl/core/src/test/java/security/authorization/undefined/UndefinedAuthorizerTest.java create mode 100644 impl/core/src/test/resources/security/authorization/selection/demoiselle.properties diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java index 01e72e5..a2bac8c 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java @@ -37,7 +37,7 @@ package br.gov.frameworkdemoiselle.security; /** - * Thrown when the authorization process fails. + * Thrown when the authentication process fails. * * @author SERPRO */ diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java index c803975..0631b33 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/Authenticator.java @@ -52,7 +52,7 @@ public interface Authenticator extends Serializable { * @throws AuthenticationException * When the authentication process fails, this exception is thrown. */ - void authenticate() throws AuthenticationException; + void authenticate(); /** * Executes the necessary steps to unauthenticate an user. diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java index 1649e96..334840b 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java @@ -49,10 +49,10 @@ public interface SecurityContext extends Serializable { /** * Executes the login of a user to the application. * - * @throws AuthorizationException + * @throws AuthenticationException * When the logon process fails, this exception is thrown. */ - void login() throws AuthorizationException; + void login(); /** * Executes the logout of a user. @@ -60,7 +60,7 @@ public interface SecurityContext extends Serializable { * @throws NotLoggedInException * if there is no user logged in a specific session */ - void logout() throws NotLoggedInException; + void logout(); /** * Checks if a specific user is logged in. @@ -69,7 +69,11 @@ public interface SecurityContext extends Serializable { */ boolean isLoggedIn(); - void checkLoggedIn() throws NotLoggedInException; + /** + * @throws NotLoggedInException + * if there is no user logged in a specific session + */ + void checkLoggedIn(); /** * Checks if the logged user has permission to execute an specific operation on a specific resource. @@ -79,10 +83,11 @@ public interface SecurityContext extends Serializable { * @param operation * operation to be checked * @return {@code true} if the user has the permission + * * @throws NotLoggedInException * if there is no user logged in a specific session. */ - boolean hasPermission(String resource, String operation) throws NotLoggedInException; + boolean hasPermission(String resource, String operation); /** * Checks if the logged user has an specific role @@ -90,10 +95,11 @@ public interface SecurityContext extends Serializable { * @param role * role to be checked * @return {@code true} if the user has the role + * * @throws NotLoggedInException * if there is no user logged in a specific session. */ - boolean hasRole(String role) throws NotLoggedInException; + boolean hasRole(String role); /** * Return the user logged in the session. diff --git a/impl/core/src/test/java/security/athentication/error/ErrorAuthenticator.java b/impl/core/src/test/java/security/athentication/error/ErrorAuthenticator.java new file mode 100644 index 0000000..9fbaf06 --- /dev/null +++ b/impl/core/src/test/java/security/athentication/error/ErrorAuthenticator.java @@ -0,0 +1,64 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.athentication.error; + +import java.security.Principal; + +import br.gov.frameworkdemoiselle.security.AuthenticationException; +import br.gov.frameworkdemoiselle.security.Authenticator; + +public class ErrorAuthenticator implements Authenticator { + + private static final long serialVersionUID = 1L; + + @Override + public void authenticate() throws AuthenticationException { + throw new RuntimeException(); + } + + @Override + public void unAuthenticate() { + throw new RuntimeException(); + } + + @Override + public Principal getUser() { + return null; + } + + +} diff --git a/impl/core/src/test/java/security/athentication/error/ErrorAuthenticatorTest.java b/impl/core/src/test/java/security/athentication/error/ErrorAuthenticatorTest.java new file mode 100644 index 0000000..7ac8542 --- /dev/null +++ b/impl/core/src/test/java/security/athentication/error/ErrorAuthenticatorTest.java @@ -0,0 +1,95 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.athentication.error; + +import javax.inject.Inject; + +import junit.framework.Assert; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import test.Tests; +import br.gov.frameworkdemoiselle.security.AuthenticationException; +import br.gov.frameworkdemoiselle.security.SecurityContext; +import configuration.resource.ConfigurationResourceTest; + +@RunWith(Arquillian.class) +public class ErrorAuthenticatorTest { + + @Inject + private SecurityContext context; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(ConfigurationResourceTest.class); + deployment.addClass(ErrorAuthenticator.class); + return deployment; + } + + @Test + public void errorDuringLogin(){ + try{ + context.login(); + Assert.fail("Login deveria disparar exceção de runtime"); + } + catch(AuthenticationException ae){ + Assert.fail("A exceção disparada não foi a esperada"); + } + catch(RuntimeException e){ + //PASS + } + } + + @Test + public void errorDuringLogout(){ + try{ + context.login(); + Assert.fail("Logout deveria disparar exceção de runtime"); + } + catch(AuthenticationException ae){ + Assert.fail("A exceção disparada não foi a esperada"); + } + catch(RuntimeException e){ + //PASS + } + } + +} diff --git a/impl/core/src/test/java/security/authorization/ambiguity/AmbiguousAuthorizerTest.java b/impl/core/src/test/java/security/authorization/ambiguity/AmbiguousAuthorizerTest.java new file mode 100644 index 0000000..03b2727 --- /dev/null +++ b/impl/core/src/test/java/security/authorization/ambiguity/AmbiguousAuthorizerTest.java @@ -0,0 +1,92 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.ambiguity; + +import static junit.framework.Assert.assertEquals; + +import javax.enterprise.inject.AmbiguousResolutionException; +import javax.inject.Inject; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import security.athentication.custom.CustomAuthenticator; +import security.authorization.custom.CustomAuthorizer; +import test.Tests; +import br.gov.frameworkdemoiselle.DemoiselleException; +import br.gov.frameworkdemoiselle.security.SecurityContext; +import configuration.resource.ConfigurationResourceTest; + +@RunWith(Arquillian.class) +public class AmbiguousAuthorizerTest { + + @Inject + private SecurityContext context; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(ConfigurationResourceTest.class); + deployment.addClass(CustomAuthenticator.class); + deployment.addClass(CustomAuthorizer.class); + deployment.addClass(DuplicatedCustomAuthorizer.class); + return deployment; + } + + @Before + public void loginToTest(){ + context.login(); + } + + @Test + public void ambiguousAuthorizerStrategy() { + try { + context.hasRole("role"); + } catch (DemoiselleException cause) { + assertEquals(AmbiguousResolutionException.class, cause.getCause().getClass()); + } + } + + @After + public void logoutAfterTest(){ + context.logout(); + } +} diff --git a/impl/core/src/test/java/security/authorization/ambiguity/DuplicatedCustomAuthorizer.java b/impl/core/src/test/java/security/authorization/ambiguity/DuplicatedCustomAuthorizer.java new file mode 100644 index 0000000..310f3a7 --- /dev/null +++ b/impl/core/src/test/java/security/authorization/ambiguity/DuplicatedCustomAuthorizer.java @@ -0,0 +1,54 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.ambiguity; + +import br.gov.frameworkdemoiselle.security.Authorizer; + +public class DuplicatedCustomAuthorizer implements Authorizer { + + private static final long serialVersionUID = 1L; + + @Override + public boolean hasRole(String role) { + return true; + } + + @Override + public boolean hasPermission(String resource, String operation) { + return true; + } +} diff --git a/impl/core/src/test/java/security/authorization/custom/CustomAuthorizer.java b/impl/core/src/test/java/security/authorization/custom/CustomAuthorizer.java new file mode 100644 index 0000000..4ac212c --- /dev/null +++ b/impl/core/src/test/java/security/authorization/custom/CustomAuthorizer.java @@ -0,0 +1,57 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.custom; + +import br.gov.frameworkdemoiselle.security.Authorizer; + +public class CustomAuthorizer implements Authorizer { + + private static final long serialVersionUID = 1L; + + @Override + public boolean hasRole(String role) { + return "role".equals(role); + } + + @Override + public boolean hasPermission(String resource, String operation) { + return "resource".equals(resource); + } + + + +} diff --git a/impl/core/src/test/java/security/authorization/custom/CustomAuthorizerTest.java b/impl/core/src/test/java/security/authorization/custom/CustomAuthorizerTest.java new file mode 100644 index 0000000..fdd4722 --- /dev/null +++ b/impl/core/src/test/java/security/authorization/custom/CustomAuthorizerTest.java @@ -0,0 +1,100 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.custom; + +import javax.inject.Inject; + +import junit.framework.Assert; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import security.athentication.custom.CustomAuthenticator; +import test.Tests; +import br.gov.frameworkdemoiselle.security.SecurityContext; +import configuration.resource.ConfigurationResourceTest; + +@RunWith(Arquillian.class) +public class CustomAuthorizerTest { + + @Inject + private SecurityContext context; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(ConfigurationResourceTest.class); + deployment.addClass(CustomAuthenticator.class); + deployment.addClass(CustomAuthorizer.class); + return deployment; + } + + @Before + public void loginToTest(){ + context.login(); + } + + @Test + public void hasPermission(){ + Assert.assertTrue(context.hasPermission("resource", "operation")); + } + + @Test + public void hasRole(){ + Assert.assertTrue(context.hasRole("role")); + } + + @Test + public void denyPermission(){ + Assert.assertFalse(context.hasPermission("falseresource", "falseoperation")); + } + + @Test + public void denyRole(){ + Assert.assertFalse(context.hasRole("falserole")); + } + + @After + public void logoutAfterTest(){ + context.logout(); + } + +} diff --git a/impl/core/src/test/java/security/authorization/error/ErrorAuthorizer.java b/impl/core/src/test/java/security/authorization/error/ErrorAuthorizer.java new file mode 100644 index 0000000..b3c141a --- /dev/null +++ b/impl/core/src/test/java/security/authorization/error/ErrorAuthorizer.java @@ -0,0 +1,57 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.error; + +import br.gov.frameworkdemoiselle.security.Authorizer; + +public class ErrorAuthorizer implements Authorizer { + + private static final long serialVersionUID = 1L; + + @Override + public boolean hasRole(String role) { + throw new RuntimeException("Erro desconhecido ao obter papeis"); + } + + @Override + public boolean hasPermission(String resource, String operation) { + throw new RuntimeException("Erro desconhecido ao obter permissões"); + } + + + +} diff --git a/impl/core/src/test/java/security/authorization/error/ErrorAuthorizerTest.java b/impl/core/src/test/java/security/authorization/error/ErrorAuthorizerTest.java new file mode 100644 index 0000000..f017a50 --- /dev/null +++ b/impl/core/src/test/java/security/authorization/error/ErrorAuthorizerTest.java @@ -0,0 +1,110 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.error; + +import javax.inject.Inject; + +import junit.framework.Assert; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import security.athentication.custom.CustomAuthenticator; +import test.Tests; +import br.gov.frameworkdemoiselle.security.AuthorizationException; +import br.gov.frameworkdemoiselle.security.NotLoggedInException; +import br.gov.frameworkdemoiselle.security.SecurityContext; +import configuration.resource.ConfigurationResourceTest; + +@RunWith(Arquillian.class) +public class ErrorAuthorizerTest { + + @Inject + private SecurityContext context; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(ConfigurationResourceTest.class); + deployment.addClass(CustomAuthenticator.class); + deployment.addClass(ErrorAuthorizer.class); + return deployment; + } + + @Before + public void loginToTest(){ + context.login(); + } + + @Test + public void errorDuringCheckPermission(){ + try{ + context.hasPermission("resource", "operation"); + Assert.fail("Verificar permissão deveria disparar exceção de runtime"); + } + catch(NotLoggedInException ae){ + Assert.fail("A exceção disparada não foi a esperada"); + } + catch(RuntimeException e){ + //PASS + } + } + + @Test + public void errorDuringCheckRole(){ + try{ + context.hasRole("role"); + Assert.fail("Verificar papel deveria disparar exceção de runtime"); + } + catch(AuthorizationException ae){ + Assert.fail("A exceção disparada não foi a esperada"); + } + catch(RuntimeException e){ + //PASS + } + } + + @After + public void logoutAfterTest(){ + context.logout(); + } + +} diff --git a/impl/core/src/test/java/security/authorization/selection/SelectedAuthorizerTest.java b/impl/core/src/test/java/security/authorization/selection/SelectedAuthorizerTest.java new file mode 100644 index 0000000..55aed7d --- /dev/null +++ b/impl/core/src/test/java/security/authorization/selection/SelectedAuthorizerTest.java @@ -0,0 +1,90 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.selection; + +import javax.inject.Inject; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import security.athentication.custom.CustomAuthenticator; +import security.authorization.ambiguity.DuplicatedCustomAuthorizer; +import security.authorization.custom.CustomAuthorizer; +import test.Tests; +import br.gov.frameworkdemoiselle.security.SecurityContext; +import configuration.resource.ConfigurationResourceTest; + +@RunWith(Arquillian.class) +public class SelectedAuthorizerTest { + + private static final String PATH = "src/test/resources/security/authorization/selection"; + + @Inject + private SecurityContext context; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(ConfigurationResourceTest.class); + deployment.addClass(CustomAuthenticator.class); + deployment.addClass(CustomAuthorizer.class); + deployment.addClass(DuplicatedCustomAuthorizer.class); + deployment.addAsResource(Tests.createFileAsset(PATH + "/demoiselle.properties"), "demoiselle.properties"); + return deployment; + } + + @Before + public void loginToTest(){ + context.login(); + } + + @Test + public void selectedAuthorizerStrategy() { + context.login(); + Assert.assertTrue(context.hasRole("role")); + } + + @After + public void logoutAfterTest(){ + context.logout(); + } +} diff --git a/impl/core/src/test/java/security/authorization/undefined/UndefinedAuthorizerTest.java b/impl/core/src/test/java/security/authorization/undefined/UndefinedAuthorizerTest.java new file mode 100644 index 0000000..2526db8 --- /dev/null +++ b/impl/core/src/test/java/security/authorization/undefined/UndefinedAuthorizerTest.java @@ -0,0 +1,72 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.authorization.undefined; + +import static junit.framework.Assert.assertEquals; + +import javax.inject.Inject; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import test.Tests; +import br.gov.frameworkdemoiselle.security.AuthenticationException; +import br.gov.frameworkdemoiselle.security.SecurityContext; + +@RunWith(Arquillian.class) +public class UndefinedAuthorizerTest { + + @Inject + private SecurityContext context; + + @Deployment + public static JavaArchive createDeployment() { + return Tests.createDeployment(); + } + + @Test + public void undefinedAuthorizerStrategy() { + try { + context.hasRole("role"); + } catch (AuthenticationException cause) { + assertEquals(ClassNotFoundException.class, cause.getCause().getClass()); + } + } +} diff --git a/impl/core/src/test/resources/security/authorization/selection/demoiselle.properties b/impl/core/src/test/resources/security/authorization/selection/demoiselle.properties new file mode 100644 index 0000000..e5ff914 --- /dev/null +++ b/impl/core/src/test/resources/security/authorization/selection/demoiselle.properties @@ -0,0 +1,36 @@ +# Demoiselle Framework +# Copyright (C) 2010 SERPRO +# ---------------------------------------------------------------------------- +# This file is part of Demoiselle Framework. +# +# Demoiselle Framework is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License version 3 +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License version 3 +# along with this program; if not, see +# or write to the Free Software Foundation, Inc., 51 Franklin Street, +# Fifth Floor, Boston, MA 02110-1301, USA. +# ---------------------------------------------------------------------------- +# Este arquivo é parte do Framework Demoiselle. +# +# O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou +# modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação +# do Software Livre (FSF). +# +# Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA +# GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou +# APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português +# para maiores detalhes. +# +# Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título +# "LICENCA.txt", junto com esse programa. Se não, acesse +# ou escreva para a Fundação do Software Livre (FSF) Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + +frameworkdemoiselle.security.authorizer.class=security.authorization.custom.CustomAuthorizer \ No newline at end of file -- libgit2 0.21.2