/*
* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.registry.ws.client.test;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.ws.client.registry.WSRegistryServiceClient;
public class UserSecurityTest extends TestSetup {
private WSRegistryServiceClient everyOneRegistry = null;
public UserSecurityTest(String text) {
super(text);
}
@Override
protected void setUp() throws Exception {
// TODO Auto-generated method stub
super.setUp();
try {
everyOneRegistry = new WSRegistryServiceClient(serverURL, "testuser1", "testuser1", configContext);
} catch (RegistryException e) {
fail("everyone role was not able to authenticate - check permissions");
}
}
// Since user manager does not have a WS API at the time of this test
// users and permissions were manually removed/added from resources before this test was conducted
// /testuser1/testuser1 is created - with /testuser1 having no permissions for the everyone role
public void testCheckEveryoneRoleDeniedPermissions() {
try {
Resource onlyAdminAcessResource = registry.newResource();
registry.put("/testuser1/adminresource", onlyAdminAcessResource);
} catch (Exception e) {
// TODO Auto-generated catch block
}
try {
Resource everyoneResource = everyOneRegistry.newResource();
everyoneResource.setContent("this is a test resource");
everyOneRegistry.put("/testuser1/everyoneresource", everyoneResource );
fail("Everyone should not be able to add a resource");
} catch (Exception e) {
}
try {
everyOneRegistry.move("/testuser1/adminresource", "/newtestuser1");
fail("Everyone should not be able to move resource");
} catch (Exception e) {
}
}
public void testCheckEveryoneRoleAllowedPermissions() {
try {
Resource everoneAccessAccessResource = registry.newResource();
registry.put("/testuser1/testuser1/everyoneAccessResource", everoneAccessAccessResource);
} catch (Exception e) {
}
try {
Resource everyoneResource = everyOneRegistry.newResource();
everyoneResource.setContent("this is a test resource");
everyOneRegistry.put("/testuser1/testuser1/everyoneresource", everyoneResource );
fail("Everyone should not be able to add a resource");
} catch (Exception e) {
}
try {
everyOneRegistry.move("/testuser1/testuser1/adminresource", "/newtestuser2");
fail("Everyone should not be able to move resource");
} catch (Exception e) {
}
}
public void testCheckAdminRolePermissions() {
try {
Resource everyoneResource = registry.newResource();
registry.put("/testuser1/testuser1/everyoneresource", everyoneResource);
} catch (Exception e) {
fail("everyone role was not able to add resource - please modify permissions");
}
try {
Resource adminResource = registry.newResource();
adminResource.setContent("this is a test resource");
registry.put("/testuser1/everyoneresource", adminResource );
} catch (Exception e) {
fail("Admin should be able to add any resource");
}
try {
registry.move("/testuser1/everyoneresource", "/newtestuser3");
} catch (Exception e) {
fail("Admin should be able to move resource");
}
}
}