From 842dec018047fe6b2238542daec6c73fa8f6f1da Mon Sep 17 00:00:00 2001 From: Andrei Stefan Date: Fri, 1 Feb 2008 15:35:20 +0000 Subject: [PATCH] --- .../acls/jdbc/BasicLookupStrategyTests.java | 182 ++++++++++++++++++ .../acls/jdbc/EhCacheBasedAclCacheTests.java | 8 +- 2 files changed, 188 insertions(+), 2 deletions(-) create mode 100644 core/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java diff --git a/core/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java b/core/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java new file mode 100644 index 0000000000..6d8e9a363a --- /dev/null +++ b/core/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java @@ -0,0 +1,182 @@ +package org.springframework.security.acls.jdbc; + +import java.util.Map; + +import junit.framework.Assert; +import junit.framework.TestCase; + +import org.springframework.context.support.AbstractXmlApplicationContext; +import org.springframework.context.support.ClassPathXmlApplicationContext; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.security.acls.AuditableAccessControlEntry; +import org.springframework.security.acls.MutableAcl; +import org.springframework.security.acls.domain.BasePermission; +import org.springframework.security.acls.objectidentity.ObjectIdentity; +import org.springframework.security.acls.objectidentity.ObjectIdentityImpl; +import org.springframework.security.acls.sid.PrincipalSid; + +/** + * Tests {@link BasicLookupStrategy} + * + * @author Andrei Stefan + */ +public class BasicLookupStrategyTests extends TestCase { + private AbstractXmlApplicationContext ctx; + + //~ Methods ======================================================================================================== + + private LookupStrategy getBasicLookupStrategy() { + ctx = new ClassPathXmlApplicationContext( + "classpath:org/springframework/security/acls/jdbc/applicationContext-test.xml"); + + return (LookupStrategy) ctx.getBean("lookupStrategy"); + } + + private void populateDatabase() { + JdbcTemplate jdbcTemplate = new JdbcTemplate((javax.sql.DataSource) this.ctx.getBean("dataSource")); + String query = "INSERT INTO acl_sid(ID,PRINCIPAL,SID) VALUES (1,1,'ben');" + + "INSERT INTO acl_class(ID,CLASS) VALUES (2,'org.springframework.security.TargetObject');" + + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (1,2,100,null,1,1);" + + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (2,2,101,1,1,1);" + + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (3,2,102,2,1,1);" + + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (1,1,0,1,1,1,0,0);" + + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (2,1,1,1,2,0,0,0);" + + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (3,2,0,1,8,1,0,0);" + + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (4,3,0,1,8,0,0,0);"; + jdbcTemplate.execute(query); + } + + private void emptyDatabase() { + JdbcTemplate jdbcTemplate = new JdbcTemplate((javax.sql.DataSource) this.ctx.getBean("dataSource")); + String query = "DELETE FROM acl_entry;" + "DELETE FROM acl_object_identity WHERE ID = 3;" + + "DELETE FROM acl_object_identity WHERE ID = 2;" + "DELETE FROM acl_object_identity WHERE ID = 1;" + + "DELETE FROM acl_class;" + "DELETE FROM acl_sid;"; + jdbcTemplate.execute(query); + } + + private void dropTables() { + JdbcTemplate jdbcTemplate = new JdbcTemplate((javax.sql.DataSource) this.ctx.getBean("dataSource")); + String query = "DROP TABLE acl_entry;" + "DROP TABLE acl_object_identity;" + "DROP TABLE acl_class;" + + "DROP TABLE acl_sid;"; + jdbcTemplate.execute(query); + } + + protected void tearDown() throws Exception { + super.tearDown(); + dropTables(); + if (this.ctx != null) { + this.ctx.close(); + } + } + + public void testAclsRetrievalWithDefaultBatchSize() throws Exception { + LookupStrategy strategy = getBasicLookupStrategy(); + populateDatabase(); + + ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100)); + ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101)); + ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102)); + + Map map = strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null); + checkEntries(topParentOid, middleParentOid, childOid, map); + } + + public void testAclsRetrievalFromCacheOnly() throws Exception { + LookupStrategy strategy = getBasicLookupStrategy(); + populateDatabase(); + + ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100)); + ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101)); + ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102)); + + // Objects were put in cache + strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null); + + // Let's empty the database to force acls retrieval from cache + emptyDatabase(); + Map map = strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null); + + checkEntries(topParentOid, middleParentOid, childOid, map); + } + + public void testAclsRetrievalWithCustomBatchSize() throws Exception { + LookupStrategy strategy = getBasicLookupStrategy(); + populateDatabase(); + + ObjectIdentity topParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100)); + ObjectIdentity middleParentOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101)); + ObjectIdentity childOid = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102)); + + // Set a batch size to allow multiple database queries in order to retrieve all acls + ((BasicLookupStrategy) strategy).setBatchSize(1); + Map map = strategy.readAclsById(new ObjectIdentity[] { topParentOid, middleParentOid, childOid }, null); + checkEntries(topParentOid, middleParentOid, childOid, map); + } + + private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid, Map map) + throws Exception { + assertEquals(3, map.size()); + + MutableAcl topParent = (MutableAcl) map.get(topParentOid); + MutableAcl middleParent = (MutableAcl) map.get(middleParentOid); + MutableAcl child = (MutableAcl) map.get(childOid); + + // Check the retrieved versions has IDs + Assert.assertNotNull(topParent.getId()); + Assert.assertNotNull(middleParent.getId()); + Assert.assertNotNull(child.getId()); + + // Check their parents were correctly retrieved + Assert.assertNull(topParent.getParentAcl()); + Assert.assertEquals(topParentOid, middleParent.getParentAcl().getObjectIdentity()); + Assert.assertEquals(middleParentOid, child.getParentAcl().getObjectIdentity()); + + // Check their ACEs were correctly retrieved + Assert.assertEquals(2, topParent.getEntries().length); + Assert.assertEquals(1, middleParent.getEntries().length); + Assert.assertEquals(1, child.getEntries().length); + + // Check object identities were correctly retrieved + Assert.assertEquals(topParentOid, topParent.getObjectIdentity()); + Assert.assertEquals(middleParentOid, middleParent.getObjectIdentity()); + Assert.assertEquals(childOid, child.getObjectIdentity()); + + // Check each entry + Assert.assertTrue(topParent.isEntriesInheriting()); + Assert.assertEquals(topParent.getId(), new Long(1)); + Assert.assertEquals(topParent.getOwner(), new PrincipalSid("ben")); + Assert.assertEquals(topParent.getEntries()[0].getId(), new Long(1)); + Assert.assertEquals(topParent.getEntries()[0].getPermission(), BasePermission.READ); + Assert.assertEquals(topParent.getEntries()[0].getSid(), new PrincipalSid("ben")); + Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[0]).isAuditFailure()); + Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[0]).isAuditSuccess()); + Assert.assertTrue(((AuditableAccessControlEntry) topParent.getEntries()[0]).isGranting()); + + Assert.assertEquals(topParent.getEntries()[1].getId(), new Long(2)); + Assert.assertEquals(topParent.getEntries()[1].getPermission(), BasePermission.WRITE); + Assert.assertEquals(topParent.getEntries()[1].getSid(), new PrincipalSid("ben")); + Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[1]).isAuditFailure()); + Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[1]).isAuditSuccess()); + Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries()[1]).isGranting()); + + Assert.assertTrue(middleParent.isEntriesInheriting()); + Assert.assertEquals(middleParent.getId(), new Long(2)); + Assert.assertEquals(middleParent.getOwner(), new PrincipalSid("ben")); + Assert.assertEquals(middleParent.getEntries()[0].getId(), new Long(3)); + Assert.assertEquals(middleParent.getEntries()[0].getPermission(), BasePermission.DELETE); + Assert.assertEquals(middleParent.getEntries()[0].getSid(), new PrincipalSid("ben")); + Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries()[0]).isAuditFailure()); + Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries()[0]).isAuditSuccess()); + Assert.assertTrue(((AuditableAccessControlEntry) middleParent.getEntries()[0]).isGranting()); + + Assert.assertTrue(child.isEntriesInheriting()); + Assert.assertEquals(child.getId(), new Long(3)); + Assert.assertEquals(child.getOwner(), new PrincipalSid("ben")); + Assert.assertEquals(child.getEntries()[0].getId(), new Long(4)); + Assert.assertEquals(child.getEntries()[0].getPermission(), BasePermission.DELETE); + Assert.assertEquals(child.getEntries()[0].getSid(), new PrincipalSid("ben")); + Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries()[0]).isAuditFailure()); + Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries()[0]).isAuditSuccess()); + Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries()[0]).isGranting()); + } +} \ No newline at end of file diff --git a/core/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java b/core/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java index d2f24f3b2b..966ecb7376 100644 --- a/core/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java +++ b/core/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java @@ -7,7 +7,7 @@ import junit.framework.TestCase; import net.sf.ehcache.Cache; import net.sf.ehcache.Ehcache; -import org.springframework.context.ApplicationContext; +import org.springframework.context.support.AbstractXmlApplicationContext; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; @@ -28,11 +28,12 @@ import org.springframework.security.providers.TestingAuthenticationToken; * @author Andrei Stefan */ public class EhCacheBasedAclCacheTests extends TestCase { + AbstractXmlApplicationContext ctx; //~ Methods ======================================================================================================== private Ehcache getCache() { - ApplicationContext ctx = MockApplicationContext.getContext(); + this.ctx = (AbstractXmlApplicationContext) MockApplicationContext.getContext(); return (Ehcache) ctx.getBean("eHCacheBackend"); } @@ -40,6 +41,9 @@ public class EhCacheBasedAclCacheTests extends TestCase { protected void tearDown() throws Exception { super.tearDown(); SecurityContextHolder.clearContext(); + if (ctx != null) { + ctx.close(); + } } public void testConstructorRejectsNullParameters() throws Exception {