@Test public void test_deny_when_invalid_user_given() { Assert.assertFalse(isPermitted(strictHandler, Mockito.mock(ReqContext.class), "execute", function)); Assert.assertFalse(isPermitted(strictHandler, null, "execute", function)); Assert.assertFalse(isPermitted(permissiveHandler, Mockito.mock(ReqContext.class), "execute", function)); Assert.assertFalse(isPermitted(permissiveHandler, null, "execute", function)); }
@Test public void test_invocation_authorization_strict() { for (String operation : new String[]{ "fetchRequest", "failRequest", "result" }) { Assert.assertFalse("Deny " + operation + " to unauthorized user for correct function", isPermitted(strictHandler, aliceContext, operation, function)); Assert.assertFalse("Deny " + operation + " to user for incorrect function when strict", isPermitted(strictHandler, charlieContext, operation, wrongFunction)); Assert.assertTrue("allow " + operation + " to authorized user for correct function", isPermitted(strictHandler, charlieContext, operation, function)); } }
@Test public void test_invocation_authorization_permissive() { for (String operation : new String[]{ "fetchRequest", "failRequest", "result" }) { Assert.assertFalse("Deny " + operation + " to unauthorized user for correct function", isPermitted(permissiveHandler, bobContext, operation, function)); Assert.assertTrue("Allow " + operation + " to user for incorrect function when permissive", isPermitted(permissiveHandler, charlieContext, operation, wrongFunction)); Assert.assertTrue("allow " + operation + " to authorized user", isPermitted(permissiveHandler, charlieContext, operation, function)); } }
@Test public void test_client_authorization_strict() { Assert.assertFalse("Deny execute to unauthroized user", isPermitted(strictHandler, ReqContext.context(), "execute", function)); Assert.assertFalse("Deny execute to valid user for incorrect function", isPermitted(strictHandler, aliceContext, "execute", wrongFunction)); Assert.assertTrue("Allow execute to authorized kerb user for correct function", isPermitted(strictHandler, aliceKerbContext, "execute", function)); Assert.assertTrue("Allow execute to authorized user for correct function", isPermitted(strictHandler, aliceContext, "execute", function)); }
@Test public void test_client_authorization_permissive() { Assert.assertFalse("deny execute to unauthorized user for correct function", isPermitted(permissiveHandler, ReqContext.context(), "execute", function)); Assert.assertTrue("allow execute for user for incorrect function when permissive", isPermitted(permissiveHandler, aliceContext, "execute", wrongFunction)); Assert.assertTrue("allow execute for user for incorrect function when permissive", isPermitted(permissiveHandler, aliceKerbContext, "execute", wrongFunction)); Assert.assertTrue("allow execute to authorized user for correct function", isPermitted(permissiveHandler, bobContext, "execute", function)); }
@Test public void test_partial_authorization() { Assert.assertFalse("Deny execute to unauthroized user", isPermitted(strictHandler, ReqContext.context(), "execute", partialFunction)); Assert.assertTrue("Allow execute to authorized kerb user for correct function", isPermitted(strictHandler, aliceKerbContext, "execute", partialFunction)); Assert.assertFalse("Deny fetchRequest to unauthorized user for correct function", isPermitted(strictHandler, aliceKerbContext, "fetchRequest", partialFunction)); }
@Test public void test_deny_when_no_function_given() { Assert.assertFalse(strictHandler.permit(aliceContext, "execute", new HashMap())); Assert.assertFalse(isPermitted(strictHandler, aliceContext, "execute", null)); Assert.assertFalse(permissiveHandler.permit(bobContext, "execute", new HashMap())); Assert.assertFalse(isPermitted(permissiveHandler, bobContext, "execute", null)); }