Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.usergrid.security; import java.util.UUID; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.usergrid.management.UserInfo; import org.apache.usergrid.persistence.entities.User; import org.apache.usergrid.security.shiro.CustomPermission; import org.apache.usergrid.security.shiro.principals.ApplicationUserPrincipal; import org.apache.usergrid.utils.UUIDUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.UnavailableSecurityManagerException; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.subject.Subject; import org.apache.shiro.subject.support.SubjectThreadState; import org.apache.shiro.util.LifecycleUtils; import org.apache.shiro.util.ThreadState; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; public class CustomResolverTest { public static final Logger logger = LoggerFactory.getLogger(CustomResolverTest.class); private static ThreadState subjectThreadState; @BeforeClass public static void setSecurityManager() { DefaultSecurityManager manager = new DefaultSecurityManager(); SecurityUtils.setSecurityManager(manager); } @AfterClass public static void tearDownShiro() { doClearSubject(); try { org.apache.shiro.mgt.SecurityManager securityManager = SecurityUtils.getSecurityManager(); LifecycleUtils.destroy(securityManager); } catch (UnavailableSecurityManagerException e) { // we don't care about this when cleaning up the test environment // (for example, maybe the subclass is a unit test and it didn't // need a SecurityManager instance because it was using only // mock Subject instances) } SecurityUtils.setSecurityManager(null); } private static void doClearSubject() { if (subjectThreadState != null) { subjectThreadState.clear(); subjectThreadState = null; } } /** * Allows subclasses to set the currently executing {@link Subject} instance. * * @param subject the Subject instance */ protected void setSubject(Subject subject) { doClearSubject(); subjectThreadState = new SubjectThreadState(subject); subjectThreadState.bind(); } @Test public void testResolver() throws Exception { testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/foo", "applications:get:00000000-0000-0000-0000-000000000001:/foo"); testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar"); testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz"); testImplies(false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/"); testImplies(false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz"); testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/**", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz"); testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*/boz/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz"); testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*/boz/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz/biz"); testImplies(true, "applications:get:00000000-0000-0000-0000-000000000001:/bar/*/boz/*", "applications:get:00000000-0000-0000-0000-000000000001:/bar/3b270ee0-a2d7-11e2-b8ac-f14ec968db08/boz" + "/b53761a-a2d7-11e2-abbb-11f6def11e98"); testImplies(false, "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/*/boz/*", "applications:get:00000000-0000-0000-0000-000000000001:/foo/bar/baz/boz/biz/box"); } @Test public void userMeSubstitution() { User fakeUser = new User(); fakeUser.setUuid(UUIDUtils.newTimeUUID()); fakeUser.setUsername("testusername"); UUID appId = UUIDUtils.newTimeUUID(); UserInfo info = new UserInfo(appId, fakeUser.getProperties()); ApplicationUserPrincipal principal = new ApplicationUserPrincipal(appId, info); Subject subject = new Subject.Builder(SecurityUtils.getSecurityManager()) .principals(new SimplePrincipalCollection(principal, "usergrid")).buildSubject(); setSubject(subject); testImplies(true, "/users/mefake@usergrid.org/**", "/users/mefake@usergrid.org/permissions"); //test substitution testImplies(true, "/users/me/**", String.format("/users/%s/permissions", fakeUser.getUsername())); testImplies(true, "/users/me/**", String.format("/users/%s/permissions", fakeUser.getUuid())); } public void testImplies(boolean expected, String s1, String s2) { CustomPermission p1 = new CustomPermission(s1); CustomPermission p2 = new CustomPermission(s2); if (expected) { assertTrue(p1.implies(p2)); } else { assertFalse(p1.implies(p2)); } } }