litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2492 Refine PolicyHelper class - create tests.

Browse source
This commit is contained in:
j2blake 2011-04-18 15:20:40 +00:00
parent 1943040e7d
commit e797657c8e
2 changed files with 207 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

62
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
View file

@ -60,30 +60,6 @@ public class PolicyHelper {
return !getRequiredAuthorizationsForServlet(servletClass).isEmpty();
}
/**
* What RequestedActions does this servlet require authorization for?
*/
public static Set<RequestedAction> getRequiredAuthorizationsForServlet(
Class<? extends VitroHttpServlet> clazz) {
Set<RequestedAction> result = new HashSet<RequestedAction>();
RequiresAuthorizationFor annotation = clazz
.getAnnotation(RequiresAuthorizationFor.class);
if (annotation != null) {
for (Class<? extends RequestedAction> actionClass : annotation
.value()) {
if (NoAction.class != actionClass) {
RequestedAction action = instantiateAction(actionClass);
if (action != null) {
result.add(action);
}
}
}
}
return result;
}
/**
* Are the actions that this servlet requires authorized for the current
* user by the current policies?
@ -91,6 +67,16 @@ public class PolicyHelper {
public static boolean areRequiredAuthorizationsSatisfied(
HttpServletRequest req, VitroHttpServlet servlet) {
Class<? extends VitroHttpServlet> servletClass = servlet.getClass();
return areRequiredAuthorizationsSatisfied(req, servletClass);
}
/**
* Are the actions that this servlet class requires authorized for the
* current user by the current policies?
*/
public static boolean areRequiredAuthorizationsSatisfied(
HttpServletRequest req,
Class<? extends VitroHttpServlet> servletClass) {
return areRequiredAuthorizationsSatisfied(req,
getRequiredAuthorizationsForServlet(servletClass));
}
@ -157,6 +143,34 @@ public class PolicyHelper {
|| (decision.getAuthorized() != Authorization.AUTHORIZED);
}
/**
* What RequestedActions does this servlet require authorization for?
*
* Keep this private, since it reveals how the Annotation is implemented. If
* we change the Annotation to include "or" and "and", then this method
* becomes meaningless with its current return type.
*/
private static Set<RequestedAction> getRequiredAuthorizationsForServlet(
Class<? extends VitroHttpServlet> clazz) {
Set<RequestedAction> result = new HashSet<RequestedAction>();
RequiresAuthorizationFor annotation = clazz
.getAnnotation(RequiresAuthorizationFor.class);
if (annotation != null) {
for (Class<? extends RequestedAction> actionClass : annotation
.value()) {
if (NoAction.class != actionClass) {
RequestedAction action = instantiateAction(actionClass);
if (action != null) {
result.add(action);
}
}
}
}
return result;
}
/**
* Instantiate actions from their classes. If any one of the classes cannot
* be instantiated, return null.

169
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelperTest.java Normal file
View file

@ -0,0 +1,169 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import static org.junit.Assert.*;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.apache.log4j.Level;
import org.junit.Before;
import org.junit.Test;
import stubs.javax.servlet.ServletContextStub;
import stubs.javax.servlet.http.HttpServletRequestStub;
import stubs.javax.servlet.http.HttpSessionStub;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
/**
* Test the basic top-level function of PolicyHelper.
*/
public class PolicyHelperTest extends AbstractTestClass {
private ServletContextStub ctx;
private HttpSessionStub session;
private HttpServletRequestStub req;
@Before
public void setLogging() {
setLoggerLevel(ServletPolicyList.class, Level.WARN);
}
@Before
public void setup() {
ctx = new ServletContextStub();
session = new HttpSessionStub();
session.setServletContext(ctx);
req = new HttpServletRequestStub();
req.setSession(session);
}
@Test
public void noAnnotation() {
createPolicy();
assertExpectedAuthorization("no actions required",
NoAnnotationServlet.class, true);
}
@Test
public void noRequirements() {
createPolicy();
assertExpectedAuthorization("no actions required",
NoRequirementsServlet.class, true);
}
@Test
public void oneRequirementFail() {
createPolicy();
assertExpectedAuthorization("requires Action1", Action1Servlet.class,
false);
}
@Test
public void oneRequirementSucceed() {
createPolicy(new Action1());
assertExpectedAuthorization("requires Action1", Action1Servlet.class,
true);
}
@Test
public void twoRequirementsFailOne() {
createPolicy(new Action1());
assertExpectedAuthorization("requires Actions 1 and 2",
Action1Action2Servlet.class, false);
}
@Test
public void twoRequirementsFailTwo() {
createPolicy(new Action2());
assertExpectedAuthorization("requires Actions 1 and 2",
Action1Action2Servlet.class, false);
}
@Test
public void twoRequirementsSucceed() {
createPolicy(new Action2(), new Action1());
assertExpectedAuthorization("requires Actions 1 and 2",
Action1Action2Servlet.class, true);
}
// ----------------------------------------------------------------------
// Helper methods
// ----------------------------------------------------------------------
private void createPolicy(RequestedAction... authorizedActions) {
ServletPolicyList.addPolicy(ctx, new MySimplePolicy(authorizedActions));
}
private void assertExpectedAuthorization(String label,
Class<? extends VitroHttpServlet> servletClass, boolean expected) {
boolean actual = PolicyHelper.areRequiredAuthorizationsSatisfied(req,
servletClass);
assertEquals(label, expected, actual);
}
// ----------------------------------------------------------------------
// Helper Classes
// ----------------------------------------------------------------------
public static class Action1 extends RequestedAction {
// actions must be public, with public constructor
}
public static class Action2 extends RequestedAction {
// actions must be public, with public constructor
}
// no annotation
private static class NoAnnotationServlet extends VitroHttpServlet {
/* no body */
}
@RequiresAuthorizationFor
private static class NoRequirementsServlet extends VitroHttpServlet {
/* no body */
}
@RequiresAuthorizationFor(Action1.class)
private static class Action1Servlet extends VitroHttpServlet {
/* no body */
}
@RequiresAuthorizationFor({ Action1.class, Action2.class })
private static class Action1Action2Servlet extends VitroHttpServlet {
/* no body */
}
private static class MySimplePolicy implements PolicyIface {
private final Set<RequestedAction> authorizedActions;
public MySimplePolicy(RequestedAction... authorizedActions) {
this.authorizedActions = new HashSet<RequestedAction>(
Arrays.asList(authorizedActions));
}
@Override
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
for (RequestedAction authorized : authorizedActions) {
if (authorized.getClass().equals(whatToAuth.getClass())) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,
"matched " + authorized.getClass().getSimpleName());
}
}
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "nope");
}
}
}