From 7b42d818ec0c02e1f830a39d90f011ce827b2866 Mon Sep 17 00:00:00 2001 From: Emerson Oliveira Date: Thu, 12 Sep 2013 16:25:45 -0300 Subject: [PATCH] Refatoração e adição de testes para o RequiredPermissionInterceptor --- impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizer2.java | 57 --------------------------------------------------------- impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizerClassAndMethod.java | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest.java | 33 +++++++++++++++------------------ impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest2.java | 99 --------------------------------------------------------------------------------------------------- impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutLoggedInTest.java | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutParamTest.java | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 241 insertions(+), 174 deletions(-) delete mode 100644 impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizer2.java create mode 100644 impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizerClassAndMethod.java delete mode 100644 impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest2.java create mode 100644 impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutLoggedInTest.java create mode 100644 impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutParamTest.java diff --git a/impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizer2.java b/impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizer2.java deleted file mode 100644 index 80601e1..0000000 --- a/impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizer2.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Demoiselle Framework - * Copyright (C) 2010 SERPRO - * ---------------------------------------------------------------------------- - * This file is part of Demoiselle Framework. - * - * Demoiselle Framework is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License version 3 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License version 3 - * along with this program; if not, see - * or write to the Free Software Foundation, Inc., 51 Franklin Street, - * Fifth Floor, Boston, MA 02110-1301, USA. - * ---------------------------------------------------------------------------- - * Este arquivo é parte do Framework Demoiselle. - * - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação - * do Software Livre (FSF). - * - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português - * para maiores detalhes. - * - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título - * "LICENCA.txt", junto com esse programa. Se não, acesse - * ou escreva para a Fundação do Software Livre (FSF) Inc., - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. - */ -package security.interceptor.requiredpermission; - -import br.gov.frameworkdemoiselle.security.Authorizer; - -public class CustomAuthorizer2 implements Authorizer { - - private static final long serialVersionUID = 1L; - - @Override - public boolean hasRole(String role) { - return "role".equals(role); - } - - @Override - public boolean hasPermission(String resource, String operation) { - System.out.println("###" + resource + " " + operation + "###"); - return "DummyProtectedClassAuthorizedWithoutParams$Proxy$_$$_WeldSubclass".equals(resource) - && ("setDummyAttrib".equals(operation) || "getDummyAttrib".equals(operation)); - } - -} diff --git a/impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizerClassAndMethod.java b/impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizerClassAndMethod.java new file mode 100644 index 0000000..bc46f98 --- /dev/null +++ b/impl/core/src/test/java/security/interceptor/requiredpermission/CustomAuthorizerClassAndMethod.java @@ -0,0 +1,56 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.interceptor.requiredpermission; + +import br.gov.frameworkdemoiselle.security.Authorizer; + +public class CustomAuthorizerClassAndMethod implements Authorizer { + + private static final long serialVersionUID = 1L; + + @Override + public boolean hasRole(String role) { + return "role".equals(role); + } + + @Override + public boolean hasPermission(String resource, String operation) { + return "DummyProtectedClassAuthorizedWithoutParams$Proxy$_$$_WeldSubclass".equals(resource) + && ("setDummyAttrib".equals(operation) || "getDummyAttrib".equals(operation)); + } + +} diff --git a/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest.java b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest.java index 47cbfd3..429b379 100644 --- a/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest.java +++ b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest.java @@ -46,7 +46,6 @@ import org.jboss.arquillian.junit.Arquillian; import org.jboss.shrinkwrap.api.spec.JavaArchive; import org.junit.After; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; @@ -62,13 +61,13 @@ public class RequiredPermissionInterceptorTest { @Inject private DummyProtectedClassAuthorized protectedClassAuthorized; - + @Inject private DummyProtectedClassUnauthorized protectedClassUnAuthorized; @Inject private DummyProtectedMethods protectedMethods; - + @Inject private DummyProtectedClassAndMethod protectedClassAndMethod; @@ -91,11 +90,11 @@ public class RequiredPermissionInterceptorTest { public void activeContext() { SessionContext sessionContext = Beans.getReference(SessionContext.class); sessionContext.activate(); - + securityContext.login(); } - @Test(expected=AuthorizationException.class) + @Test(expected = AuthorizationException.class) public void callProtectedClassAttribNotAuthorized() { protectedClassUnAuthorized.getDummyAttrib(); } @@ -106,37 +105,35 @@ public class RequiredPermissionInterceptorTest { assertEquals("Test", protectedClassAuthorized.getDummyAttrib()); } - @Test(expected=AuthorizationException.class) - public void callProtectedMethodNotAuthorized(){ + @Test(expected = AuthorizationException.class) + public void callProtectedMethodNotAuthorized() { protectedMethods.setDummyAttribUnauthorized("Not Authorized"); } - + @Test - public void callProtectedMethodAuthorized(){ + public void callProtectedMethodAuthorized() { protectedMethods.setDummyAttribAuthorized("Authorized"); assertEquals("Authorized", protectedMethods.getDummyAttrib()); } - + /** * This test aim to verify the priority of method authorization over class authorization */ @Test - public void callNotAnnotatedMethod(){ - try{ + public void callNotAnnotatedMethod() { + try { protectedClassAndMethod.setDummyAttribWithClassAuthorization("Class not authorized"); fail(); - }catch(AuthorizationException cause){ + } catch (AuthorizationException cause) { } - + protectedClassAndMethod.setDummyAttribWithAuthorization("Method authorized"); } - - - + @After public void deactiveContext() { securityContext.logout(); - + SessionContext ctx = Beans.getReference(SessionContext.class); ctx.deactivate(); } diff --git a/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest2.java b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest2.java deleted file mode 100644 index dc5fc17..0000000 --- a/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorTest2.java +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Demoiselle Framework - * Copyright (C) 2010 SERPRO - * ---------------------------------------------------------------------------- - * This file is part of Demoiselle Framework. - * - * Demoiselle Framework is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License version 3 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License version 3 - * along with this program; if not, see - * or write to the Free Software Foundation, Inc., 51 Franklin Street, - * Fifth Floor, Boston, MA 02110-1301, USA. - * ---------------------------------------------------------------------------- - * Este arquivo é parte do Framework Demoiselle. - * - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação - * do Software Livre (FSF). - * - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português - * para maiores detalhes. - * - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título - * "LICENCA.txt", junto com esse programa. Se não, acesse - * ou escreva para a Fundação do Software Livre (FSF) Inc., - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. - */ -package security.interceptor.requiredpermission; - -import static junit.framework.Assert.assertEquals; -import static org.junit.Assert.fail; - -import javax.inject.Inject; - -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.junit.Arquillian; -import org.jboss.shrinkwrap.api.spec.JavaArchive; -import org.junit.After; -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; - -import security.interceptor.loggedin.CustomAuthenticator; -import test.Tests; -import br.gov.frameworkdemoiselle.context.SessionContext; -import br.gov.frameworkdemoiselle.security.AuthorizationException; -import br.gov.frameworkdemoiselle.security.SecurityContext; -import br.gov.frameworkdemoiselle.util.Beans; - -@RunWith(Arquillian.class) -public class RequiredPermissionInterceptorTest2 { - - @Inject - private DummyProtectedClassAuthorizedWithoutParams protectedClassAuthorizedWithoutParams; - - @Inject - private SecurityContext securityContext; - - @Deployment - public static JavaArchive createDeployment() { - JavaArchive deployment = Tests.createDeployment(); - deployment.addClass(DummyProtectedClassAuthorizedWithoutParams.class); - deployment.addClass(CustomAuthenticator.class); - deployment.addClass(CustomAuthorizer2.class); - return deployment; - } - - @Before - public void activeContext() { - SessionContext sessionContext = Beans.getReference(SessionContext.class); - sessionContext.activate(); - - securityContext.login(); - } - - @Test - public void callProtectedClassAttribNotAuthorized() { - protectedClassAuthorizedWithoutParams.setDummyAttrib("Test"); - assertEquals("Test", protectedClassAuthorizedWithoutParams.getDummyAttrib()); - } - - @After - public void deactiveContext() { - securityContext.logout(); - - SessionContext ctx = Beans.getReference(SessionContext.class); - ctx.deactivate(); - } -} diff --git a/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutLoggedInTest.java b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutLoggedInTest.java new file mode 100644 index 0000000..5349344 --- /dev/null +++ b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutLoggedInTest.java @@ -0,0 +1,74 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.interceptor.requiredpermission; + +import static org.junit.Assert.fail; + +import javax.inject.Inject; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import security.athentication.custom.CustomAuthenticator; +import test.Tests; +import br.gov.frameworkdemoiselle.security.NotLoggedInException; + +@RunWith(Arquillian.class) +public class RequiredPermissionInterceptorWithoutLoggedInTest { + + @Inject + private DummyProtectedClassAuthorized protectedClassAuthorized; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(); + deployment.addClass(CustomAuthenticator.class); + deployment.addClass(CustomAuthorizer.class); + deployment.addClass(DummyProtectedClassAuthorized.class); + return deployment; + } + + @Test(expected = NotLoggedInException.class) + public void correctRoleOnClass() { + protectedClassAuthorized.setDummyAttrib("Not LoggedIn"); + fail(); + } + +} diff --git a/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutParamTest.java b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutParamTest.java new file mode 100644 index 0000000..9b26832 --- /dev/null +++ b/impl/core/src/test/java/security/interceptor/requiredpermission/RequiredPermissionInterceptorWithoutParamTest.java @@ -0,0 +1,96 @@ +/* + * Demoiselle Framework + * Copyright (C) 2010 SERPRO + * ---------------------------------------------------------------------------- + * This file is part of Demoiselle Framework. + * + * Demoiselle Framework is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License version 3 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License version 3 + * along with this program; if not, see + * or write to the Free Software Foundation, Inc., 51 Franklin Street, + * Fifth Floor, Boston, MA 02110-1301, USA. + * ---------------------------------------------------------------------------- + * Este arquivo é parte do Framework Demoiselle. + * + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação + * do Software Livre (FSF). + * + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português + * para maiores detalhes. + * + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título + * "LICENCA.txt", junto com esse programa. Se não, acesse + * ou escreva para a Fundação do Software Livre (FSF) Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. + */ +package security.interceptor.requiredpermission; + +import static junit.framework.Assert.assertEquals; + +import javax.inject.Inject; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +import security.interceptor.loggedin.CustomAuthenticator; +import test.Tests; +import br.gov.frameworkdemoiselle.context.SessionContext; +import br.gov.frameworkdemoiselle.security.SecurityContext; +import br.gov.frameworkdemoiselle.util.Beans; + +@RunWith(Arquillian.class) +public class RequiredPermissionInterceptorWithoutParamTest { + + @Inject + private DummyProtectedClassAuthorizedWithoutParams protectedClassAuthorizedWithoutParams; + + @Inject + private SecurityContext securityContext; + + @Deployment + public static JavaArchive createDeployment() { + JavaArchive deployment = Tests.createDeployment(); + deployment.addClass(DummyProtectedClassAuthorizedWithoutParams.class); + deployment.addClass(CustomAuthenticator.class); + deployment.addClass(CustomAuthorizerClassAndMethod.class); + return deployment; + } + + @Before + public void activeContext() { + SessionContext sessionContext = Beans.getReference(SessionContext.class); + sessionContext.activate(); + + securityContext.login(); + } + + @Test + public void callProtectedClassAttribNotAuthorized() { + protectedClassAuthorizedWithoutParams.setDummyAttrib("Test"); + assertEquals("Test", protectedClassAuthorizedWithoutParams.getDummyAttrib()); + } + + @After + public void deactiveContext() { + securityContext.logout(); + + SessionContext ctx = Beans.getReference(SessionContext.class); + ctx.deactivate(); + } +} -- libgit2 0.21.2