VIVO-761 Unit tests and clean-up

2014-04-28 11:59:05 -04:00 · 2014-04-28 11:59:05 -04:00 · 9a8c378732
commit 9a8c378732
parent 20ba75d1d2
8 changed files with 197 additions and 340 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PublishByRolePermission.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PublishByRolePermission.java
@ -8,7 +8,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishDataProperty;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishDataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.publish.PublishObjectProperty;
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@ -45,7 +45,7 @@ public class PolicyHelper {
 	 */
 	public static boolean isAuthorizedForActions(HttpServletRequest req,
 			AuthorizationRequest... actions) {
-		return isAuthorizedForActions(req, AuthorizationRequest.and(actions));
+		return isAuthorizedForActions(req, AuthorizationRequest.andAll(actions));
 	}

 	/**
@ -54,14 +54,14 @@ public class PolicyHelper {
 	 */
 	public static boolean isAuthorizedForActions(HttpServletRequest req,
 			Iterable<? extends AuthorizationRequest> actions) {
-		return isAuthorizedForActions(req, AuthorizationRequest.and(actions));
+		return isAuthorizedForActions(req, AuthorizationRequest.andAll(actions));
 	}
 	
 	/**
 	 * Are these actions authorized for the current user by the current
 	 * policies?
 	 */
-	public static boolean isAuthorizedForActions(HttpServletRequest req,
+	private static boolean isAuthorizedForActions(HttpServletRequest req,
 			AuthorizationRequest ar) {
 		PolicyIface policy = ServletPolicyList.getPolicies(req);
 		IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(req);
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java
@ -22,8 +22,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 *  and return the first AUTHORIZED or UNAUTHROIZED decision.  INCONCLUSIVE
 *  or null decisions will be ignored and the next policy on the list will
 *  be queried. 
- *   
- * @author bdc34
 */
 public class PolicyList extends ArrayList<PolicyIface> implements PolicyIface{
    private static final Log log = LogFactory.getLog(PolicyList.class.getName());
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequest.java
@ -36,11 +36,11 @@ public abstract class AuthorizationRequest {
 	// Static convenience methods
 	// ----------------------------------------------------------------------

-	public static AuthorizationRequest and(AuthorizationRequest... ars) {
-		return and(Arrays.asList(ars));
+	public static AuthorizationRequest andAll(AuthorizationRequest... ars) {
+		return andAll(Arrays.asList(ars));
 	}

-	public static AuthorizationRequest and(
+	public static AuthorizationRequest andAll(
 			Iterable<? extends AuthorizationRequest> ars) {
 		AuthorizationRequest result = AUTHORIZED;
 		for (AuthorizationRequest ar : ars) {
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ActionsTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ActionsTest.java
@ -1,152 +0,0 @@
-/* $This file is distributed under the terms of the license in /doc/license.txt$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.log4j.Level;
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import stubs.javax.servlet.ServletContextStub;
-import stubs.javax.servlet.http.HttpServletRequestStub;
-import stubs.javax.servlet.http.HttpSessionStub;
-import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-/**
- * Test the function of PolicyHelper in authorizing simple actions.
- */
-public class PolicyHelper_ActionsTest extends AbstractTestClass {
-	private ServletContextStub ctx;
-	private HttpSessionStub session;
-	private HttpServletRequestStub req;
-
-	@Before
-	public void setLogging() {
-		setLoggerLevel(ServletPolicyList.class, Level.WARN);
-	}
-
-	@Before
-	public void setup() {
-		ctx = new ServletContextStub();
-
-		session = new HttpSessionStub();
-		session.setServletContext(ctx);
-
-		req = new HttpServletRequestStub();
-		req.setSession(session);
-	}
-
-	// ----------------------------------------------------------------------
-	// Action-level tests
-	// ----------------------------------------------------------------------
-
-	@Ignore
-	@Test
-	public void authorizedForActionsNull() {
-//		createPolicy();
-//		assertEquals("null actions", true,
-//				PolicyHelper.isAuthorizedForActions(req, (Actions) null));
-	}
-
-	@Ignore
-	@Test
-	public void authorizedForActionsEmpty() {
-//		createPolicy();
-//		assertEquals("empty actions", true,
-//				PolicyHelper.isAuthorizedForActions(req, new Actions()));
-	}
-
-	@Ignore
-	@Test
-	public void authorizedForActionsOneClausePass() {
-//		createPolicy(new Action1(), new Action2());
-//		assertEquals("one clause pass", true,
-//				PolicyHelper.isAuthorizedForActions(req, new Actions(
-//						new Action1(), new Action2())));
-	}
-
-	@Ignore
-	@Test
-	public void authorizedForActionsOneClauseFail() {
-//		createPolicy(new Action2());
-//		assertEquals("one clause fail", false,
-//				PolicyHelper.isAuthorizedForActions(req, new Actions(
-//						new Action1(), new Action2())));
-	}
-
-	@Ignore
-	@Test
-	public void authorizedForActionsMultipleClausesPass() {
-//		createPolicy(new Action3());
-//		assertEquals("multiple clauses pass", true,
-//				PolicyHelper.isAuthorizedForActions(req, new Actions(
-//						new Action1(), new Action2()).or(new Action3())));
-	}
-
-	@Ignore
-	@Test
-	public void authorizedForActionsMultipleClausesFail() {
-//		createPolicy(new Action1());
-//		assertEquals("multiple clauses fail", false,
-//				PolicyHelper.isAuthorizedForActions(req, new Actions(
-//						new Action1(), new Action2()).or(new Action3())));
-	}
-
-	// ----------------------------------------------------------------------
-	// Helper methods
-	// ----------------------------------------------------------------------
-
-	private void createPolicy(RequestedAction... authorizedActions) {
-		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(authorizedActions));
-	}
-
-	// ----------------------------------------------------------------------
-	// Helper Classes
-	// ----------------------------------------------------------------------
-
-	public static class Action1 extends RequestedAction {
-		// actions must be public, with public constructor
-	}
-
-	public static class Action2 extends RequestedAction {
-		// actions must be public, with public constructor
-	}
-
-	public static class Action3 extends RequestedAction {
-		// actions must be public, with public constructor
-	}
-
-	private static class MySimplePolicy implements PolicyIface {
-		private final Set<RequestedAction> authorizedActions;
-
-		public MySimplePolicy(RequestedAction... authorizedActions) {
-			this.authorizedActions = new HashSet<RequestedAction>(
-					Arrays.asList(authorizedActions));
-		}
-
-		@Override
-		public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-				RequestedAction whatToAuth) {
-			for (RequestedAction authorized : authorizedActions) {
-				if (authorized.getClass().equals(whatToAuth.getClass())) {
-					return new BasicPolicyDecision(Authorization.AUTHORIZED,
-							"matched " + authorized.getClass().getSimpleName());
-				}
-
-			}
-			return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "nope");
-		}
-
-	}
-}
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_AuthorizationRequestTest.java
@ -2,22 +2,144 @@

 package edu.cornell.mannlib.vitro.webapp.auth.policy;

+import static org.junit.Assert.*;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import stubs.javax.servlet.ServletContextStub;
+import stubs.javax.servlet.http.HttpServletRequestStub;
+import stubs.javax.servlet.http.HttpSessionStub;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
+
 /**
- * Test the ability of the Policy Helper to authorize a variety of simple or complex AuthorizationRequests
+ * Test the ability of the Policy Helper to authorize a variety of simple or
+ * complex AuthorizationRequests
 */
 public class PolicyHelper_AuthorizationRequestTest {
+	private ServletContextStub ctx;
+	private HttpServletRequestStub req;
+	private AuthorizationRequest nullAr = null;
+
+	@Before
+	public void setup() {
+		ctx = new ServletContextStub();
+
+		HttpSessionStub session = new HttpSessionStub();
+		session.setServletContext(ctx);
+
+		req = new HttpServletRequestStub();
+		req.setSession(session);
+	}
+
+	// ----------------------------------------------------------------------
+	// Helper methods
+	// ----------------------------------------------------------------------
+
+	private void createPolicy(RequestedAction... authorizedActions) {
+		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(authorizedActions));
+	}
+
+	@Test
+	public void authorizedForActionsNull() {
+		createPolicy();
+		assertTrue("null actions",
+				PolicyHelper.isAuthorizedForActions(req, nullAr));
+	}
+
+	@Test
+	public void authorizedForActionsEmpty() {
+		createPolicy();
+		assertTrue("empty actions", PolicyHelper.isAuthorizedForActions(req));
+	}
+
+	@Test
+	public void authorizedForActionsAndPass() {
+		createPolicy(new Action1(), new Action2());
+		assertTrue("and pass", PolicyHelper.isAuthorizedForActions(req,
+				new Action1(), new Action2()));
+	}
+
+	@Test
+	public void authorizedForActionsAndFail() {
+		createPolicy(new Action2());
+		assertFalse("and fail", PolicyHelper.isAuthorizedForActions(req,
+				new Action1(), new Action2()));
+	}
+
+	@Test
+	public void authorizedForActionsAndOrPass() {
+		createPolicy(new Action3());
+		assertTrue(
+				"and-or pass",
+				PolicyHelper.isAuthorizedForActions(req,
+						new Action1().and(new Action2()).or(new Action3())));
+	}
+
+	@Test
+	public void authorizedForActionsAndOrFail() {
+		createPolicy(new Action1());
+		assertFalse(
+				"and-or fail",
+				PolicyHelper.isAuthorizedForActions(req,
+						new Action1().and(new Action2()).or(new Action3())));
+	}
+
+	@Test
+	public void authorizedByACombinationOfPolicies() {
+		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(new Action1()));
+		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(new Action2()));
+		assertTrue("combination of policies",
+				PolicyHelper.isAuthorizedForActions(req, new Action2(),
+						new Action1()));
+	}
+
+	// ----------------------------------------------------------------------
+	// Helper Classes
+	// ----------------------------------------------------------------------
+
+	public static class Action1 extends RequestedAction {
+		// actions must be public, with public constructor
+	}
+
+	public static class Action2 extends RequestedAction {
+		// actions must be public, with public constructor
+	}
+
+	public static class Action3 extends RequestedAction {
+		// actions must be public, with public constructor
+	}
+
+	private static class MySimplePolicy implements PolicyIface {
+		private final Set<RequestedAction> authorizedActions;
+
+		public MySimplePolicy(RequestedAction... authorizedActions) {
+			this.authorizedActions = new HashSet<RequestedAction>(
+					Arrays.asList(authorizedActions));
+		}
+
+		@Override
+		public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
+				RequestedAction whatToAuth) {
+			for (RequestedAction authorized : authorizedActions) {
+				if (authorized.getClass().equals(whatToAuth.getClass())) {
+					return new BasicPolicyDecision(Authorization.AUTHORIZED,
+							"matched " + authorized.getClass().getSimpleName());
+				}
+
+			}
+			return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "nope");
+		}
+
+	}

-/**Test plan
- * <pre>
- * isAuthorizedForActions with array, including empty, null, contains one or more, or contains nulls.
- * isAuthorizedForActions with collection, including empty, null, contains one or more, or contains nulls.
- *   All of this is tested by AuthorizationRequestTest?
- *   
- * isAuthorizedForActions with simple and complete AuthorizationRequests
- *   Simple success or failure (perhaps by INCONCLUSIVE) against one or more policies.
- *   AND satisfied by one policy or by two policies
- *   OR satisfied by one UNAUTHORIZED and one AUTHORIZED
- *   Complex structure of AND and OR satisfied in different ways by different policies.
- * </pre>
- */
 }
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyListTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyListTest.java
@ -1,156 +0,0 @@
-/* $This file is distributed under the terms of the license in /doc/license.txt$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.policy;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import junit.framework.Assert;
-
-import org.junit.Ignore;
-import org.junit.Test;
-
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
-
-public class PolicyListTest {
-
-	@Ignore
-    @Test
-    public void basicPolicyListTest() {
-//
-//        List<PolicyIface> polis = new ArrayList<PolicyIface>();
-//        polis.add( new SimplePolicy() );
-//        PolicyIface policy = new PolicyList( polis );
-//        PolicyDecision decision = policy.isAuthorized(null, new UnauthorizedAction());
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        decision = policy.isAuthorized(null, new AuthorizedAction());
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-    }
-    
-    /**
-     * Tests the handling of the AnyRequestedAction by the PolicyList.
-     */
-	@Ignore
-    @Test 
-    public void anyActionTest(){        
-//        List<PolicyIface> polis = new ArrayList<PolicyIface>();
-//        polis.add( new SimplePolicy() );
-//        PolicyIface policy = new PolicyList( polis );
-//        
-//        AnyRequestedAction act = new AnyRequestedAction( new UnauthorizedAction() );
-//        PolicyDecision decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new UnauthorizedAction() , new UnauthorizedAction());
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new UnauthorizedAction(),new UnauthorizedAction(),new UnauthorizedAction());
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new AuthorizedAction() );
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new AuthorizedAction(),new UnauthorizedAction() );
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new UnauthorizedAction(),new AuthorizedAction() );
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new UnauthorizedAction(),new UnauthorizedAction(),new AuthorizedAction());
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new UnauthorizedAction(),new AuthorizedAction(),new AuthorizedAction());
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AnyRequestedAction( new AuthorizedAction(),new AuthorizedAction(),new AuthorizedAction());
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-    }
-    
-    /**
-     * Tests the handling of the AllRequestedAction by the PolicyList.
-     */
-	@Ignore
-    @Test
-    public void andActionTest(){
-//        List<PolicyIface> polis = new ArrayList<PolicyIface>();
-//        polis.add( new SimplePolicy() );
-//        PolicyIface policy = new PolicyList( polis );        
-//        
-//        AllRequestedAction act = new AllRequestedAction( new UnauthorizedAction(), new UnauthorizedAction(), new UnauthorizedAction());        
-//        PolicyDecision decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AllRequestedAction( new UnauthorizedAction() );        
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AllRequestedAction( new UnauthorizedAction() , new AuthorizedAction() );        
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AllRequestedAction( new AuthorizedAction() , new UnauthorizedAction() );        
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AllRequestedAction( new AuthorizedAction() , new AuthorizedAction() ,new UnauthorizedAction() );        
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.UNAUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AllRequestedAction( new AuthorizedAction()  );        
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-//        
-//        act = new AllRequestedAction( new AuthorizedAction() , new AuthorizedAction(), new AuthorizedAction() );        
-//        decision = policy.isAuthorized(null, act);
-//        Assert.assertNotNull( decision );
-//        Assert.assertEquals(Authorization.AUTHORIZED, decision.getAuthorized() );
-    }
-
-    
-    /**
-     * policy that only responds to Unauthorized and Authorized actions.
-     */
-    public class SimplePolicy implements PolicyIface {
-
-        @Override
-        public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
-                RequestedAction whatToAuth) {
-//            if( whatToAuth instanceof UnauthorizedAction )
-//                return new BasicPolicyDecision( Authorization.UNAUTHORIZED, "SimplePolicy unauthorized");
-//            if( whatToAuth instanceof AuthorizedAction )
-//                return new BasicPolicyDecision( Authorization.AUTHORIZED, "SimplePolicy authorized");
-//            else
-                return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "SimplePolicy INCONCLUSIVE");
-        }
-        
-        
-    }
-}
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AuthorizationRequestTest.java
@ -2,19 +2,64 @@

 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;

+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;

 /**
 * Test the functions of the base class.
 */
 public class AuthorizationRequestTest extends AbstractTestClass {
-	/**
-	 * Test plan
-	 * 
-	 * <pre>
-	 * Static and methods work even if the list or array is empty or null, or contains a null.
-	 * 
-	 * Instance and and or work with nulls.
-	 * </pre>
-	 */
+	private MyAuth one = new MyAuth("one");
+	private MyAuth two = new MyAuth("two");
+
+	@Test
+	public void and() {
+		assertEquals("and", "(MyAuth[one] && MyAuth[two])", one.and(two)
+				.toString());
+	}
+
+	@Test
+	public void andNull() {
+		assertEquals("andNull", "MyAuth[one]", one.and(null).toString());
+	}
+
+	@Test
+	public void or() {
+		assertEquals("or", "(MyAuth[one] || MyAuth[two])", one.or(two)
+				.toString());
+	}
+
+	@Test
+	public void orNull() {
+		assertEquals("orNull", "MyAuth[one]", one.or(null).toString());
+	}
+
+	// ----------------------------------------------------------------------
+	// Helper classes
+	// ----------------------------------------------------------------------
+
+	private static class MyAuth extends AuthorizationRequest {
+		private final String name;
+
+		public MyAuth(String name) {
+			this.name = name;
+		}
+
+		@Override
+		public boolean isAuthorized(IdentifierBundle ids, PolicyIface policy) {
+			throw new RuntimeException(
+					"AuthorizationRequest.isAuthorized() not implemented.");
+		}
+
+		@Override
+		public String toString() {
+			return "MyAuth[" + name + "]";
+		}
+
+	}
 }