protected void login(final String username) { securityApi.login(username, "password"); }
protected void logout() { securityApi.logout(); }
@Test(groups = "slow") public void testSanityOfPermissions() throws SecurityApiException { securityApi.addRoleDefinition("sanity1", ImmutableList.of("account:*", "*"), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity1", callContext), ImmutableList.of("*")); securityApi.addRoleDefinition("sanity2", ImmutableList.of("account:charge", "account:charge"), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity2", callContext), ImmutableList.of("account:charge")); securityApi.addRoleDefinition("sanity3", ImmutableList.of("account:charge", "account:credit", "account:*", "invoice:*"), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity3", callContext), ImmutableList.of("account:*", "invoice:*")); }
@Test(groups = "slow") public void testUpdateRoleDefinition() throws SecurityApiException { final String username = "siskiyou"; final String password = "siskiyou33"; securityApi.addRoleDefinition("original", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext); final AuthenticationToken goodToken = new UsernamePasswordToken(username, password); final List<String> roleDefinition = securityApi.getRoleDefinition("original", callContext); Assert.assertEquals(roleDefinition.size(), 3); Assert.assertTrue(roleDefinition.contains("account:*")); Assert.assertTrue(roleDefinition.contains("invoice:*")); Assert.assertTrue(roleDefinition.contains("tag:create_tag_definition")); securityApi.updateRoleDefinition("original", ImmutableList.of("account:*", "payment", "tag:create_tag_definition", "entitlement:create"), callContext); final List<String> updatedRoleDefinition = securityApi.getRoleDefinition("original", callContext); Assert.assertEquals(updatedRoleDefinition.size(), 4); Assert.assertTrue(updatedRoleDefinition.contains("account:*")); Assert.assertTrue(updatedRoleDefinition.contains("payment:*")); Assert.assertTrue(updatedRoleDefinition.contains("tag:create_tag_definition")); Assert.assertTrue(updatedRoleDefinition.contains("entitlement:create")); securityApi.updateRoleDefinition("original", ImmutableList.<String>of(), callContext); Assert.assertEquals(securityApi.getRoleDefinition("original", callContext).size(), 0); }
final String password = "supperCompli43cated"; securityApi.addRoleDefinition("root", ImmutableList.of("*"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("root"), callContext); final DelegatingSubject subject = new DelegatingSubject(securityManager); securityApi.updateUserPassword(username, newPassword, callContext); securityApi.invalidateUser(username, callContext);
@Test(groups = "slow") public void testAuthorization() throws SecurityApiException { final String username = "i like"; final String password = "c0ff33"; securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext); final AuthenticationToken goodToken = new UsernamePasswordToken(username, password); final Subject subject = securityManager.login(null, goodToken); subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); try { subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to delete tag definitions"); } catch (AuthorizationException e) { } subject.logout(); securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext); securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext); final Subject newSubject = securityManager.login(null, goodToken); newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); try { newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to create tag definitions"); } catch (AuthorizationException e) { } }
private void testInvalidPermissionScenario(final List<String> permissions) { try { securityApi.addRoleDefinition("failed", permissions, callContext); Assert.fail("Should fail permissions " + permissions + " were invalid"); } catch (SecurityApiException expected) { Assert.assertEquals(expected.getCode(), ErrorCode.SECURITY_INVALID_PERMISSIONS.getCode()); } }
@Test(groups = "fast") public void testRetrievePermissions() throws Exception { configureShiro(); // We don't want the Guice injected one (it has Shiro disabled) final SecurityApi securityApi = new DefaultSecurityApi(null); logout(); final Set<Permission> anonsPermissions = securityApi.getCurrentUserPermissions(callContext); Assert.assertEquals(anonsPermissions.size(), 0, "Invalid permissions: " + anonsPermissions); login("pierre"); final Set<Permission> pierresPermissions = securityApi.getCurrentUserPermissions(callContext); Assert.assertEquals(pierresPermissions.size(), 2); Assert.assertTrue(pierresPermissions.containsAll(ImmutableList.<Permission>of(Permission.INVOICE_CAN_CREDIT, Permission.INVOICE_CAN_ITEM_ADJUST))); login("stephane"); final Set<Permission> stephanesPermissions = securityApi.getCurrentUserPermissions(callContext); Assert.assertEquals(stephanesPermissions.size(), 1); Assert.assertTrue(stephanesPermissions.containsAll(ImmutableList.<Permission>of(Permission.PAYMENT_CAN_REFUND))); } }
public void assertAuthorized(final Annotation annotation) throws AuthorizationException { if (!(annotation instanceof RequiresPermissions)) { return; } final RequiresPermissions requiresPermissions = (RequiresPermissions) annotation; try { securityApi.checkCurrentUserPermissions(ImmutableList.<Permission>copyOf(requiresPermissions.value()), requiresPermissions.logical(), context); } catch (SecurityApiException e) { if (e.getCause() != null && e.getCause() instanceof AuthorizationException) { throw (AuthorizationException) e.getCause(); } else if (e.getCause() != null) { throw new AuthorizationException(e.getCause()); } else { throw new AuthorizationException(e); } } } }
@Test(groups = "slow") public void testEmptyPermissions() throws SecurityApiException { securityApi.addRoleDefinition("sanity1", null, callContext); validateUserRoles(securityApi.getRoleDefinition("sanity1", callContext), ImmutableList.<String>of()); securityApi.addRoleDefinition("sanity2", ImmutableList.<String>of(), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity2", callContext), ImmutableList.<String>of()); }
private void login(final String username) { securityApi.login(username, "password"); }
protected void logout() { securityApi.logout(); }
private void testInvalidPermissionScenario(final List<String> permissions) { try { securityApi.addRoleDefinition("failed", permissions, callContext); Assert.fail("Should fail permissions " + permissions + " were invalid"); } catch (SecurityApiException expected) { Assert.assertEquals(expected.getCode(), ErrorCode.SECURITY_INVALID_PERMISSIONS.getCode()); } }
@Test(groups = "fast") public void testRetrievePermissions() throws Exception { configureShiro(); // We don't want the Guice injected one (it has Shiro disabled) final SecurityApi securityApi = new DefaultSecurityApi(null); logout(); final Set<Permission> anonsPermissions = securityApi.getCurrentUserPermissions(callContext); Assert.assertEquals(anonsPermissions.size(), 0, "Invalid permissions: " + anonsPermissions); login("pierre"); final Set<Permission> pierresPermissions = securityApi.getCurrentUserPermissions(callContext); Assert.assertEquals(pierresPermissions.size(), 2); Assert.assertTrue(pierresPermissions.containsAll(ImmutableList.<Permission>of(Permission.INVOICE_CAN_CREDIT, Permission.INVOICE_CAN_ITEM_ADJUST))); login("stephane"); final Set<Permission> stephanesPermissions = securityApi.getCurrentUserPermissions(callContext); Assert.assertEquals(stephanesPermissions.size(), 1); Assert.assertTrue(stephanesPermissions.containsAll(ImmutableList.<Permission>of(Permission.PAYMENT_CAN_REFUND))); } }
public void assertAuthorized(final Annotation annotation) throws AuthorizationException { if (!(annotation instanceof RequiresPermissions)) { return; } final RequiresPermissions requiresPermissions = (RequiresPermissions) annotation; try { securityApi.checkCurrentUserPermissions(ImmutableList.<Permission>copyOf(requiresPermissions.value()), requiresPermissions.logical(), context); } catch (SecurityApiException e) { if (e.getCause() != null && e.getCause() instanceof AuthorizationException) { throw (AuthorizationException) e.getCause(); } else if (e.getCause() != null) { throw new AuthorizationException(e.getCause()); } else { throw new AuthorizationException(e); } } } }
@Test(groups = "slow") public void testSanityOfPermissions() throws SecurityApiException { securityApi.addRoleDefinition("sanity1", ImmutableList.of("account:*", "*"), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity1", callContext), ImmutableList.of("*")); securityApi.addRoleDefinition("sanity2", ImmutableList.of("account:charge", "account:charge"), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity2", callContext), ImmutableList.of("account:charge")); securityApi.addRoleDefinition("sanity3", ImmutableList.of("account:charge", "account:credit", "account:*", "invoice:*"), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity3", callContext), ImmutableList.of("account:*", "invoice:*")); }
protected void login(final String username) { securityApi.login(username, "password"); }
@AfterMethod(groups = "slow") public void afterMethod() throws Exception { if (hasFailed()) { return; } securityApi.logout(); stopTestFramework(testListener, busService, subscriptionBaseService, entitlementService); }
@Test(groups = "slow") public void testEmptyPermissions() throws SecurityApiException { securityApi.addRoleDefinition("sanity1", null, callContext); validateUserRoles(securityApi.getRoleDefinition("sanity1", callContext), ImmutableList.<String>of()); securityApi.addRoleDefinition("sanity2", ImmutableList.<String>of(), callContext); validateUserRoles(securityApi.getRoleDefinition("sanity2", callContext), ImmutableList.<String>of()); }
protected void login(final String authHeader) throws UnsupportedEncodingException { if (authHeader == null) { return; } final String[] authHeaderChunks = authHeader.split(" "); if (authHeaderChunks.length < 2) { return; } final String credentials = new String(BaseEncoding.base64().decode(authHeaderChunks[1]), "UTF-8"); final int p = credentials.indexOf(":"); if (p == -1) { return; } final String login = credentials.substring(0, p).trim(); final String password = credentials.substring(p + 1).trim(); osgiKillbillAPI.getSecurityApi().login(login, password); } }