gate.security.TestSecurity (Java2HTML)

1   /*
2    *  TestSecurity.java
3    *
4    *  Copyright (c) 1998-2005, The University of Sheffield.
5    *
6    *  This file is part of GATE (see http://gate.ac.uk/), and is free
7    *  software, licenced under the GNU Library General Public License,
8    *  Version 2, June 1991 (in the distribution as file licence.html,
9    *  and also available at http://gate.ac.uk/gate/licence.html).
10   *
11   *  Kalina Bontcheva, 01/Oct/01
12   *
13   *  $Id: TestSecurity.java,v 1.29 2005/01/11 13:51:36 ian Exp $
14   */
15  
16  package gate.security;
17  
18  import java.util.List;
19  
20  import junit.framework.*;
21  
22  import gate.*;
23  import gate.Factory;
24  import gate.Gate;
25  import gate.util.*;
26  
27  /** Persistence test class
28    */
29  public class TestSecurity extends TestCase
30  {
31    /** Debug flag */
32    private static final boolean DEBUG = false;
33    private static final int ADMIN_GROUP_ID = 0;
34    private static final int ADMIN_USER_ID = 0;
35  
36    private static final int SUAHILI_GROUP_ID = 101;
37    private static final int ENGLISH_GROUP_ID = 101;
38  
39  
40    /** JDBC URL */
41    private static String JDBC_URL;
42  
43    private boolean exceptionThrown = false;
44  
45    /** Construction */
46    public TestSecurity(String name) throws GateException { super(name); }
47  
48    /** Fixture set up */
49    public void setUp() throws Exception {
50      if (! DataStoreRegister.getConfigData().containsKey("url-test"))
51        throw new GateRuntimeException("DB URL not configured in gate.xml");
52      else
53        JDBC_URL =
54          (String) DataStoreRegister.getConfigData().get("url-test");
55    } // setUp
56  
57    /** Put things back as they should be after running tests
58      * (reinitialise the CREOLE register).
59      */
60    public void tearDown() throws Exception {
61    } // tearDown
62  
63  
64    public void testSecurityTables() throws Exception {
65  //    AccessController ac = new AccessControllerImpl(JDBC_URL);
66      AccessController ac = Factory.createAccessController(JDBC_URL);
67      ac.open();
68  
69      User myUser = ac.findUser("kalina");
70      Assert.assertNotNull(myUser);
71      Assert.assertEquals(myUser.getName(), "kalina");
72  
73      List myGroups = myUser.getGroups();
74  
75      Assert.assertNotNull(myGroups);
76      for (int i = 0; i< myGroups.size(); i++) {
77        Group myGroup = //ac.findGroup((Long) myGroups.get(i));
78          (Group)myGroups.get(i);
79        if (i == 0)
80          Assert.assertEquals(myGroup.getName(), "English Language Group");
81        else if (i == 1)
82          Assert.assertEquals(myGroup.getName(), "Suahili Group");
83        //now it is allowed for the test user to be a member of more than these
84        //two groups, as it was creating a problem
85      }//for
86  
87      Session mySession = ac.login("kalina", "sesame",
88                                ac.findGroup("English Language Group").getID());
89      Assert.assertNotNull(mySession);
90  //    Assert.assertTrue(ac.isValidSession(mySession));
91  
92    } // testSecurityTables
93  
94  
95  
96    public void testUserGroupManipulation() throws Exception {
97  
98      //1. open security factory
99      AccessController ac = Factory.createAccessController(JDBC_URL);
100     ac.open();
101 
102     //1.1 list groups and users
103     List groups = ac.listGroups();
104     Assert.assertNotNull(groups);
105 
106     if(DEBUG)
107       Err.prln("+++ found ["+groups.size()+"] groups...");
108 
109     List users = ac.listUsers();
110     Assert.assertNotNull(users);
111     if(DEBUG)
112       Err.prln("+++ found ["+users.size()+"] users...");
113 
114     //2. log into the securoty factory
115     Session adminSession = ac.login("ADMIN", "sesame",new Long(ADMIN_GROUP_ID));
116     //check session
117     Assert.assertNotNull(adminSession);
118     //is session valid?
119     Assert.assertTrue(true == ac.isValidSession(adminSession));
120     //assert session is privieged
121     Assert.assertTrue(adminSession.isPrivilegedSession());
122 
123     //3. create a new user and group
124     User myUser;
125     try {
126       myUser = ac.createUser("myUser", "myPassword",adminSession);
127     } catch (gate.security.SecurityException ex) {
128       //user kalina hasn't got enough priviliges, so login as admin
129       adminSession = ac.login("ADMIN", "sesame", ac.findGroup("ADMINS").getID());
130       //assert session is privieged
131       Assert.assertTrue(adminSession.isPrivilegedSession());
132 
133       myUser = ac.createUser("myUser", "myPassword",adminSession);
134     }
135 
136     //is the user aded to the security factory?
137     Assert.assertNotNull(ac.findUser("myUser"));
138     //is the user in the security factory equal() to what we put there?
139     Assert.assertEquals(myUser,ac.findUser("myUser"));
140     //is the key correct?
141     Assert.assertEquals(myUser.getName(),ac.findUser("myUser").getName());
142 
143 
144 
145     Group myGroup = ac.createGroup("myGroup",adminSession);
146     //is the group aded to the security factory?
147     Assert.assertNotNull(ac.findGroup("myGroup"));
148     //is the group in the security factory equal() to what we put there?
149     Assert.assertEquals(myGroup,ac.findGroup("myGroup"));
150     //is the key correct?
151     Assert.assertEquals(myGroup.getName(), "myGroup");
152 
153 
154 
155     //4. add user to group
156     myGroup.addUser(myUser, adminSession);
157     //is the user added to the group?
158     Assert.assertTrue(myGroup.getUsers().contains(myUser));
159 
160     //4.1 does the user know he's member of the group now?
161     Assert.assertTrue(myUser.getGroups().contains(myGroup));
162 
163     //5. change group name
164     String oldName = myGroup.getName();
165     myGroup.setName("my new group", adminSession);
166     //is the name changed?
167     Assert.assertEquals("my new group",myGroup.getName());
168     //test objectModification propagation
169     //[does change of group name reflect change of keys in the collections
170     //of the security factory?]
171     Assert.assertNotNull(ac.findGroup("my new group"));
172     //check that there is nothing hashed
173     //with the old key
174     exceptionThrown = false;
175     try { ac.findGroup(oldName); }
176     catch(SecurityException sex) {exceptionThrown = true;}
177     Assert.assertTrue(exceptionThrown);
178 
179     //5.5 change user name
180     oldName = myUser.getName();
181     myUser.setName("my new user", adminSession);
182     //is the name changed?
183     Assert.assertEquals("my new user",myUser.getName());
184     //test objectModification propagation
185     //[does change of user name reflect change of keys in the collections
186     //of the security factory?]
187     Assert.assertNotNull(ac.findUser("my new user"));
188     //check that there is nothing hashed
189     //with the old key
190     exceptionThrown = false;
191     try { ac.findUser(oldName); }
192     catch(SecurityException sex) {exceptionThrown = true;}
193     Assert.assertTrue(exceptionThrown);
194 
195     //5.6. restore name
196     myUser.setName(oldName, adminSession);
197 
198     //6. get users
199     List myUsers = myGroup.getUsers();
200     Assert.assertNotNull(myUsers);
201     for (int i = 0; i< myUsers.size(); i++) {
202       //verify that there are no junk users
203       //i.e. evry user in the collection is known by the security factory
204       User myUser1 = ac.findUser(((User)myUsers.get(i)).getID());
205       //verify that the user is aware he's nmember of the group
206       Assert.assertTrue(myUser1.getGroups().contains(myGroup));
207 
208 
209     }//for
210 
211     //7. change name again
212     myGroup.setName("my new group again", adminSession);
213     //is the name changed?
214     Assert.assertEquals("my new group again",myGroup.getName());
215 
216     //8. try to log the user in
217     Session mySession = ac.login("myUser", "myPassword",
218                               ac.findGroup("my new group again").getID());
219     //check session
220     Assert.assertNotNull(mySession);
221     //is valid session?
222     Assert.assertTrue(true == ac.isValidSession(mySession));
223 
224     //9. logout
225     ac.logout(mySession);
226     //is session invalidated?
227     Assert.assertTrue(false == ac.isValidSession(mySession));
228 
229     //10. try to perform an operation with invalid session
230     exceptionThrown = false;
231     try {
232       myGroup.removeUser(myUser,mySession);
233     }
234     catch(SecurityException ex) {
235       exceptionThrown = true;
236       if(DEBUG)
237         Err.prln("++++ OK, got exception ["+ex.getMessage()+"]");
238     }
239     Assert.assertTrue(true == exceptionThrown);
240 
241     //10.1 login again
242     mySession = ac.login("myUser", "myPassword",
243                               ac.findGroup("my new group again").getID());
244     //check session
245     Assert.assertNotNull(mySession);
246     //is valid session?
247     Assert.assertTrue(true == ac.isValidSession(mySession));
248 
249     //11. try to delete group
250     ac.deleteGroup(myGroup, adminSession);
251     //is the group deleted?
252     exceptionThrown = false;
253     try {
254       ac.findGroup(myGroup.getName());
255     }
256     catch(SecurityException se) {
257       if(DEBUG)
258         Err.prln("++ OK, got exception");
259 
260       exceptionThrown = true;
261     }
262     Assert.assertTrue(exceptionThrown);
263 
264     //11.1 does the user know that he's no longer member of the group?
265     Assert.assertTrue(false == myUser.getGroups().contains(myGroup));
266 
267     //11.2 is the user's sesion invalidated?
268     Assert.assertTrue(false == ac.isValidSession(mySession));
269 
270     //11.3 add the user to new group
271     Group suahiliGrp = ac.findGroup(new Long(TestSecurity.SUAHILI_GROUP_ID));
272     Assert.assertNotNull(suahiliGrp);
273     suahiliGrp.addUser(myUser,adminSession);
274     //11.4 check if the group knows the user is now mmeber
275     Assert.assertTrue(suahiliGrp.getUsers().contains(myUser));
276     //11.5 check if the user know he's member of the group
277     Assert.assertTrue(myUser.getGroups().contains(suahiliGrp));
278     //11.6 login again [with the new group]
279     Session newSession = ac.login("myUser","myPassword",suahiliGrp.getID());
280     //11.7 check session
281     Assert.assertTrue(ac.isValidSession(newSession));
282 
283 
284     //12. check that the sessions are invalidated if the
285     //group/user in the session is deleted
286 
287     //12.1 delete user
288     ac.deleteUser(myUser, adminSession);
289     //12.2 assert he's deleted from the Security Controller
290     exceptionThrown = false;
291     try {
292       ac.findUser(myUser.getName());
293     }
294     catch(SecurityException se) {
295 
296       if(DEBUG)
297         Err.prln("++ OK, got exception");
298 
299       exceptionThrown = true;
300     }
301     Assert.assertTrue(exceptionThrown);
302     //12.3 assert the group has deleted the user as member
303     Assert.assertTrue(false == suahiliGrp.getUsers().contains(myUser));
304     //12.4 assert the session is invalidated
305     Assert.assertTrue(false == ac.isValidSession(newSession));
306 
307     //13. check objectModification events
308 
309     //14.
310 
311   } // testUserGroupManipulation
312 
313 
314 
315   /** Test suite routine for the test runner */
316   public static Test suite() {
317     return new TestSuite(TestSecurity.class);
318   } // suite
319 
320   public static void main(String[] args){
321     try{
322       Gate.setLocalWebServer(false);
323       Gate.setNetConnected(false);
324       Gate.init();
325       TestSecurity test = new TestSecurity("");
326 
327       test.setUp();
328       test.testSecurityTables();
329       test.tearDown();
330 
331       test.setUp();
332       test.testUserGroupManipulation();
333       test.tearDown();
334 
335     }catch(Exception e){
336       e.printStackTrace();
337     }
338   }
339 } // class TestPersist
340