1   /*
2    *   @(#) $Id: RelatedProtectedItemFilterTest.java 321002 2005-10-14 04:52:52Z trustin $
3    *
4    *   Copyright 2004 The Apache Software Foundation
5    *
6    *   Licensed under the Apache License, Version 2.0 (the "License");
7    *   you may not use this file except in compliance with the License.
8    *   You may obtain a copy of the License at
9    *
10   *       http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing, software
13   *   distributed under the License is distributed on an "AS IS" BASIS,
14   *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *   See the License for the specific language governing permissions and
16   *   limitations under the License.
17   *
18   */
19  package org.apache.ldap.server.authz.support;
20  
21  import java.util.ArrayList;
22  import java.util.Collection;
23  import java.util.Collections;
24  import java.util.HashSet;
25  import java.util.Set;
26  
27  import javax.naming.Name;
28  import javax.naming.NamingException;
29  import javax.naming.directory.Attributes;
30  import javax.naming.directory.BasicAttribute;
31  import javax.naming.directory.BasicAttributes;
32  
33  import junit.framework.Assert;
34  import junit.framework.TestCase;
35  
36  import org.apache.ldap.common.aci.ACITuple;
37  import org.apache.ldap.common.aci.AuthenticationLevel;
38  import org.apache.ldap.common.aci.ProtectedItem;
39  import org.apache.ldap.common.aci.ProtectedItem.MaxValueCountItem;
40  import org.apache.ldap.common.aci.ProtectedItem.RestrictedByItem;
41  import org.apache.ldap.common.filter.PresenceNode;
42  import org.apache.ldap.common.name.LdapName;
43  import org.apache.ldap.server.event.ExpressionEvaluator;
44  import org.apache.ldap.server.schema.AttributeTypeRegistry;
45  import org.apache.ldap.server.schema.OidRegistry;
46  import org.apache.ldap.server.subtree.RefinementEvaluator;
47  import org.apache.ldap.server.subtree.RefinementLeafEvaluator;
48  
49  /***
50   * Tests {@link RelatedUserClassFilter}.
51   *
52   * @author The Apache Directory Project
53   * @version $Rev: 321002 $, $Date: 2005-10-14 00:52:52 -0400 (Fri, 14 Oct 2005) $
54   */
55  public class RelatedProtectedItemFilterTest extends TestCase
56  {
57      private static final Collection EMPTY_COLLECTION =
58          Collections.unmodifiableCollection( new ArrayList() );
59      private static final Set EMPTY_SET =
60          Collections.unmodifiableSet( new HashSet() );
61      
62      private static final Name GROUP_NAME;
63      private static final Name USER_NAME;
64      private static final Set USER_NAMES = new HashSet();
65      private static final Set GROUP_NAMES = new HashSet();
66      
67      private static final AttributeTypeRegistry ATTR_TYPE_REGISTRY_A = new DummyAttributeTypeRegistry( false );
68      private static final AttributeTypeRegistry ATTR_TYPE_REGISTRY_B = new DummyAttributeTypeRegistry( true );
69      private static final OidRegistry OID_REGISTRY = new DummyOidRegistry();
70  
71      private static final RelatedProtectedItemFilter filterA;
72      private static final RelatedProtectedItemFilter filterB;
73  
74      
75      static
76      {
77          try
78          {
79              GROUP_NAME = new LdapName( "ou=test,ou=groups,ou=system" );
80              USER_NAME = new LdapName( "ou=test, ou=users, ou=system" );
81              
82              filterA = new RelatedProtectedItemFilter(
83                      ATTR_TYPE_REGISTRY_A,
84                      new RefinementEvaluator(
85                              new RefinementLeafEvaluator( OID_REGISTRY ) ),
86                      new ExpressionEvaluator( OID_REGISTRY, ATTR_TYPE_REGISTRY_A ) );
87  
88              filterB = new RelatedProtectedItemFilter(
89                      ATTR_TYPE_REGISTRY_B,
90                      new RefinementEvaluator(
91                              new RefinementLeafEvaluator( OID_REGISTRY ) ),
92                      new ExpressionEvaluator( OID_REGISTRY, ATTR_TYPE_REGISTRY_B ) );
93          }
94          catch( NamingException e )
95          {
96              throw new Error();
97          }
98  
99          USER_NAMES.add( USER_NAME );
100         GROUP_NAMES.add( GROUP_NAME );
101     }
102     
103     public void testZeroTuple() throws Exception
104     {
105         Assert.assertEquals(
106                 0, filterA.filter(
107                         EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE,
108                         null, null, null, null, null, null, null, null, null, null ).size() );
109     }
110     
111     public void testEntry() throws Exception
112     {
113         Collection tuples = getTuples( ProtectedItem.ENTRY );
114         
115         Assert.assertEquals(
116                 1, filterA.filter(
117                         tuples, OperationScope.ENTRY, null, null, null,
118                         null, AuthenticationLevel.NONE, null, null, null, null, null ).size() );
119     }
120     
121     public void testAllUserAttributeTypes() throws Exception
122     {
123         Collection tuples = getTuples( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES );
124         
125         // Test wrong scope
126         Assert.assertEquals(
127                 0, filterA.filter(
128                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
129                         null, null, null,
130                         "userAttr", null, null, null ).size() );
131         
132         tuples = getTuples( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES );
133 
134         Assert.assertEquals(
135                 1, filterA.filter(
136                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
137                         null, null, null,
138                         "userAttr", null, null, null ).size() );
139         
140         /* Not used anymore
141         Assert.assertEquals(
142                 0, filterB.filter(
143                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
144                         null, null, null,
145                         "opAttr", null, null, null ).size() );
146         */  
147     }
148     
149     public void testAllUserAttributeTypesAndValues() throws Exception
150     {
151         Collection tuples = getTuples( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES );
152 
153         // Test wrong scope
154         Assert.assertEquals(
155                 0, filterA.filter(
156                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
157                         null, null, null,
158                         "userAttr", null, null, null ).size() );
159         
160         tuples = getTuples( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES );
161 
162         Assert.assertEquals(
163                 1, filterA.filter(
164                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
165                         null, null, null,
166                         "userAttr", null, null, null ).size() );
167         
168         /* Not used anymore
169         Assert.assertEquals(
170                 0, filterB.filter(
171                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
172                         null, null, null,
173                         "opAttr", null, null, null ).size() );
174         */  
175     }
176     
177     public void testAllAttributeValues() throws Exception
178     {
179         Collection attrTypes = new ArrayList();
180         attrTypes.add( "attrA" );
181         Collection tuples = getTuples( new ProtectedItem.AllAttributeValues( attrTypes ) );
182 
183         // Test wrong scope
184         Assert.assertEquals(
185                 0, filterA.filter(
186                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
187                         null, null, null,
188                         "attrA", null, null, null ).size() );
189         
190         tuples = getTuples( new ProtectedItem.AllAttributeValues( attrTypes ) );
191 
192         Assert.assertEquals(
193                 1, filterA.filter(
194                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
195                         null, null, null,
196                         "attrA", null, null, null ).size() );
197         
198         Assert.assertEquals(
199                 0, filterB.filter(
200                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
201                         null, null, null,
202                         "attrB", null, null, null ).size() );  
203     }
204     
205     public void testAttributeType() throws Exception
206     {
207         Collection attrTypes = new ArrayList();
208         attrTypes.add( "attrA" );
209         Collection tuples = getTuples( new ProtectedItem.AttributeType( attrTypes ) );
210 
211         // Test wrong scope
212         Assert.assertEquals(
213                 0, filterA.filter(
214                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
215                         null, null, null,
216                         "attrA", null, null, null ).size() );
217         
218         tuples = getTuples( new ProtectedItem.AttributeType( attrTypes ) );
219 
220         Assert.assertEquals(
221                 1, filterA.filter(
222                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
223                         null, null, null,
224                         "attrA", null, null, null ).size() );
225         
226         Assert.assertEquals(
227                 0, filterA.filter(
228                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
229                         null, null, null,
230                         "attrB", null, null, null ).size() );  
231     }
232     
233     public void testAttributeValue() throws Exception
234     {
235         Collection attributes = new ArrayList();
236         attributes.add( new BasicAttribute( "attrA", "valueA" ) );
237         Collection tuples = getTuples( new ProtectedItem.AttributeValue( attributes ) );
238 
239         // Test wrong scope
240         Assert.assertEquals(
241                 0, filterA.filter(
242                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
243                         null, null, null,
244                         "attrA", null, null, null ).size() );
245         tuples = getTuples( new ProtectedItem.AttributeValue( attributes ) );
246         Assert.assertEquals(
247                 0, filterA.filter(
248                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
249                         null, null, null,
250                         "attrA", null, null, null ).size() );
251         
252         
253         tuples = getTuples( new ProtectedItem.AttributeValue( attributes ) );
254 
255         Assert.assertEquals(
256                 1, filterA.filter(
257                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
258                         null, null, null,
259                         "attrA", "valueA", null, null ).size() );
260         
261         Assert.assertEquals(
262                 0, filterA.filter(
263                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
264                         null, null, null,
265                         "attrA", "valueB", null, null ).size() );  
266 
267         tuples = getTuples( new ProtectedItem.AttributeValue( attributes ) );
268 
269         Assert.assertEquals(
270                 0, filterA.filter(
271                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
272                         null, null, null,
273                         "attrB", "valueA", null, null ).size() );  
274     }
275     
276     public void testClasses() throws Exception
277     {
278         // TODO I don't know how to test with Refinement yet.
279     }
280 
281     public void testMaxImmSub() throws Exception
282     {
283         Collection tuples = getTuples( new ProtectedItem.MaxImmSub( 2 ) );
284 
285         // Should always retain ruples.
286         Assert.assertEquals(
287                 1, filterA.filter(
288                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
289                         null, null, null,
290                         "attrA", null, null, null ).size() );
291     }
292     
293     public void testMaxValueCount() throws Exception
294     {
295         Collection mvcItems = new ArrayList();
296         mvcItems.add( new MaxValueCountItem( "attrA", 3 ) );
297         Collection tuples = getTuples( new ProtectedItem.MaxValueCount( mvcItems ) );
298 
299         // Test wrong scope
300         Assert.assertEquals(
301                 0, filterA.filter(
302                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
303                         null, null, null,
304                         "attrA", null, null, null ).size() );
305         tuples = getTuples( new ProtectedItem.MaxValueCount( mvcItems ) );
306         Assert.assertEquals(
307                 0, filterA.filter(
308                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
309                         null, null, null,
310                         "attrA", null, null, null ).size() );
311         
312         tuples = getTuples( new ProtectedItem.MaxValueCount( mvcItems ) );
313 
314         Assert.assertEquals(
315                 1, filterA.filter(
316                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
317                         null, null, null,
318                         "attrA", null, null, null ).size() );
319         
320         Assert.assertEquals(
321                 0, filterA.filter(
322                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
323                         null, null, null,
324                         "attrB", null, null, null ).size() );  
325     }
326     
327     public void testRangeOfValues() throws Exception
328     {
329         Attributes entry = new BasicAttributes();
330         entry.put( "attrA", "valueA" );
331         Collection tuples = getTuples( new ProtectedItem.RangeOfValues( new PresenceNode( "attrA" ) ) );
332 
333         Assert.assertEquals(
334                 1, filterA.filter(
335                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
336                         null, null, new LdapName( "ou=testEntry" ),
337                         null, null, entry, null ).size() );
338         
339         entry.remove( "attrA" );
340         Assert.assertEquals(
341                 0, filterA.filter(
342                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
343                         null, null, new LdapName( "ou=testEntry" ),
344                         null, null, entry, null ).size() );  
345     }
346     
347     public void testRestrictedBy() throws Exception
348     {
349         Collection rbItems = new ArrayList();
350         rbItems.add( new RestrictedByItem( "attrA", "attrB" ) );
351         Collection tuples = getTuples( new ProtectedItem.RestrictedBy( rbItems ) );
352 
353         // Test wrong scope
354         Assert.assertEquals(
355                 0, filterA.filter(
356                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
357                         null, null, null,
358                         "attrA", null, null, null ).size() );
359         tuples = getTuples( new ProtectedItem.RestrictedBy( rbItems ) );
360         Assert.assertEquals(
361                 0, filterA.filter(
362                         tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME,
363                         null, null, null,
364                         "attrA", null, null, null ).size() );
365         
366         tuples = getTuples( new ProtectedItem.RestrictedBy( rbItems ) );
367 
368         Assert.assertEquals(
369                 1, filterA.filter(
370                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
371                         null, null, null,
372                         "attrA", null, null, null ).size() );
373         
374         Assert.assertEquals(
375                 0, filterA.filter(
376                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
377                         null, null, null,
378                         "attrB", null, null, null ).size() );  
379     }
380     
381     public void testSelfValue() throws Exception
382     {
383         Collection attrTypes = new ArrayList();
384         attrTypes.add( "attrA" );
385         Collection tuples = getTuples( new ProtectedItem.SelfValue( attrTypes ) );
386         
387         Attributes entry = new BasicAttributes();
388         entry.put( "attrA", USER_NAME );
389 
390         // Test wrong scope
391         Assert.assertEquals(
392                 0, filterA.filter(
393                         tuples, OperationScope.ENTRY, null, null, USER_NAME,
394                         null, null, null,
395                         "attrA", null, entry, null ).size() );
396         
397         tuples = getTuples( new ProtectedItem.SelfValue( attrTypes ) );
398 
399         Assert.assertEquals(
400                 1, filterA.filter(
401                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
402                         null, null, null,
403                         "attrA", null, entry, null ).size() );
404         
405         entry.remove( "attrA" );
406         Assert.assertEquals(
407                 0, filterA.filter(
408                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
409                         null, null, null,
410                         "attrA", null, entry, null ).size() );  
411 
412         tuples = getTuples( new ProtectedItem.SelfValue( attrTypes ) );
413         Assert.assertEquals(
414                 0, filterA.filter(
415                         tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
416                         null, null, null,
417                         "attrB", null, entry, null ).size() );  
418     }
419     
420     private static Collection getTuples( ProtectedItem protectedItem )
421     {
422         Collection protectedItems = new ArrayList();
423         protectedItems.add( protectedItem );
424         
425         Collection tuples = new ArrayList();
426         tuples.add( new ACITuple(
427                 EMPTY_COLLECTION, AuthenticationLevel.NONE, protectedItems,
428                 EMPTY_SET, true, 0 ) );
429         
430         return tuples;
431     }
432 }