1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security;
18  
19  import java.security.Principal;
20  import java.util.Collection;
21  import java.util.Iterator;
22  import java.util.prefs.Preferences;
23  
24  import javax.security.auth.Subject;
25  import javax.security.auth.login.LoginContext;
26  import javax.security.auth.login.LoginException;
27  
28  import junit.framework.Test;
29  import junit.framework.TestSuite;
30  
31  import org.apache.jetspeed.security.impl.PassiveCallbackHandler;
32  import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
33  
34  /***
35   * <p>
36   * Unit testing for {@link UserManager}.
37   * </p>
38   * 
39   * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
40   */
41  public class TestUserManager extends AbstractSecurityTestcase
42  {
43  
44      /***
45       * @see junit.framework.TestCase#setUp()
46       */
47      protected void setUp() throws Exception
48      {
49          super.setUp();
50          destroyUserObject();
51      }
52  
53      /***
54       * @see junit.framework.TestCase#tearDown()
55       */
56      public void tearDown() throws Exception
57      {
58          destroyUserObject();
59          super.tearDown();
60      }
61  
62      public static Test suite()
63      {
64          return new TestSuite(TestUserManager.class);
65      }
66  
67      /***
68       * <p>
69       * Test add/remove user.
70       * </p>
71       */
72      public void testAddRemoveUser()
73      {
74          try
75          {
76              ums.addUser("anon", "password");
77          }
78          catch (SecurityException sex)
79          {
80              assertTrue("user already exists. exception caught: " + sex, false);
81          }
82  
83          try
84          {
85              ums.addUser("anon", "password");
86              assertTrue("user should already exists. exception not thrown.", false);
87          }
88          catch (SecurityException sex)
89          {
90          }
91          try
92          {
93              ums.removeUser("anon");
94          }
95          catch (SecurityException sex)
96          {
97              assertTrue("could not remove user. exception caught: " + sex, false);
98          }
99          if (ums.userExists("anon"))
100         {
101             assertTrue("user should have been removed: ", false);
102         }
103 
104     }
105 
106     /***
107      * <p>
108      * Test get user.
109      * </p>
110      */
111     public void testGetUser()
112     {
113         // Test when the user does not exist.
114         try
115         {
116             ums.getUser("test");
117             assertTrue("user does not exist. should have thrown an exception.", false);
118         }
119         catch (SecurityException sex)
120         {
121         }
122         // Test when the user exists.
123         User user = null;
124         try
125         {
126             ums.addUser("test", "password");
127             user = ums.getUser("test");
128         }
129         catch (SecurityException sex)
130         {
131             assertTrue("user exists. should not have thrown an exception.", false);
132         }
133         assertNotNull("user is null", user);
134         // Test the User JSSubject
135         Subject subject = user.getSubject();
136         assertNotNull("subject is null", subject);
137         // Asset user principal.
138         Principal userPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class);
139         assertNotNull("user principal is null", userPrincipal);
140         assertEquals("expected user principal full path == /user/test", "/user/test", SecurityHelper
141                 .getPreferencesFullPath(userPrincipal));
142         assertEquals("expected user principal name == test", "test", userPrincipal.getName());
143 
144         // Test the User Preferences.
145         Preferences preferences = user.getPreferences();
146         assertEquals("expected user node == /user/test", "/user/test", preferences.absolutePath());
147     }
148 
149     /***
150      * <p>
151      * Test get users in role.
152      * </p>
153      */
154     public void testGetUsersInRole()
155     {
156         // Init test.
157         try
158         {
159             ums.addUser("anonuser3", "password");
160             ums.addUser("anonuser4", "password");
161             rms.addRole("testuserrolemapping");
162             rms.addRole("testuserrolemapping.role1");
163             rms.addRole("testuserrolemapping.role2");
164             rms.addRoleToUser("anonuser3", "testuserrolemapping");
165             rms.addRoleToUser("anonuser3", "testuserrolemapping.role1");
166             rms.addRoleToUser("anonuser3", "testuserrolemapping.role2");
167             rms.addRoleToUser("anonuser4", "testuserrolemapping");
168         }
169         catch (SecurityException sex)
170         {
171             assertTrue("failed to init testGetUsersInRole(), " + sex, false);
172         }
173 
174         try
175         {
176             Collection users = ums.getUsersInRole("testuserrolemapping");
177             assertEquals("users size should be == 2", 2, users.size());
178         }
179         catch (SecurityException sex)
180         {
181             assertTrue("role exists. should not have thrown an exception: " + sex, false);
182         }
183 
184         // Cleanup test.
185         try
186         {
187             ums.removeUser("anonuser3");
188             ums.removeUser("anonuser4");
189             rms.removeRole("testuserrolemapping");
190         }
191         catch (SecurityException sex)
192         {
193             assertTrue("could not remove user and role. exception caught: " + sex, false);
194         }
195     }
196 
197     /***
198      * <p>
199      * Test get users in group.
200      * </p>
201      */
202     public void testGetUsersInGroup()
203     {
204         // Init test.
205         try
206         {
207             ums.addUser("anonuser2", "password");
208             ums.addUser("anonuser3", "password");
209             ums.addUser("anonuser4", "password");
210             gms.addGroup("testgroup1");
211             gms.addGroup("testgroup1.group1");
212             gms.addUserToGroup("anonuser2", "testgroup1.group1");
213             gms.addUserToGroup("anonuser3", "testgroup1.group1");
214             gms.addUserToGroup("anonuser4", "testgroup1.group1");
215         }
216         catch (SecurityException sex)
217         {
218             assertTrue("failed to init testGetUsersInGroup(), " + sex, false);
219         }
220 
221         try
222         {
223             Collection users = ums.getUsersInGroup("testgroup1.group1");
224             assertEquals("users size should be == 3", 3, users.size());
225         }
226         catch (SecurityException sex)
227         {
228             assertTrue("group exists. should not have thrown an exception: " + sex, false);
229         }
230 
231         // Cleanup test.
232         try
233         {
234             ums.removeUser("anonuser2");
235             ums.removeUser("anonuser3");
236             ums.removeUser("anonuser4");
237             gms.removeGroup("testgroup1");
238         }
239         catch (SecurityException sex)
240         {
241             assertTrue("could not remove user and group. exception caught: " + sex, false);
242         }
243     }
244 
245     /***
246      * <p>
247      * Test set password.
248      * </p>
249      */
250     public void testSetPassword()
251     {
252         try
253         {
254             ums.addUser("anon", "password");
255             ums.setPassword("anon", "password", "newpassword");
256 
257             LoginContext loginContext = null;
258             // Test that the user can log in with the new password.
259             try
260             {
261                 PassiveCallbackHandler pch = new PassiveCallbackHandler("anon", "newpassword");
262                 loginContext = new LoginContext("Jetspeed", pch);
263                 loginContext.login();
264                 loginContext.logout();
265             }
266             catch (LoginException le)
267             {
268                 le.printStackTrace();
269                 assertTrue("failed to login user with new password.", false);
270             }
271         }
272         catch (SecurityException sex)
273         {
274         }
275     }
276 
277     /***
278      * <p>
279      * Test get users.
280      * </p>
281      * 
282      * @throws Exception Throws an exception.
283      */
284     public void testGetUsers() throws Exception
285     {
286         ums.addUser("one", "one-pw");
287         ums.addUser("two", "two-pw");
288         ums.addUser("three", "three-pw");
289         int count = 0;
290         Iterator it = ums.getUsers("");
291         while (it.hasNext())
292         {
293             User user = (User) it.next();
294             Iterator principals = user.getSubject().getPrincipals().iterator();
295             while (principals.hasNext())
296             {
297                 Principal principal = (Principal) principals.next();
298                 System.out.println("principal = " + principal.getName());
299                 if (principal.getName().equals("one"))
300                 {
301                     count++;
302                 }
303                 else if (principal.getName().equals("two"))
304                 {
305                     count++;
306                 }
307                 else if (principal.getName().equals("three"))
308                 {
309                     count++;
310                 }
311             }
312         }
313         assertTrue("user count should be 3", count == 3);
314         ums.removeUser("one");
315         ums.removeUser("two");
316         ums.removeUser("three");
317     }
318 
319     /***
320      * <p>
321      * Destroy user test object.
322      * </p>
323      */
324     protected void destroyUserObject()
325     {
326         try
327         {
328             if (ums.userExists("anon"))
329                 ums.removeUser("anon");
330             if (ums.userExists("test"))
331                 ums.removeUser("test");
332         }
333         catch (SecurityException sex)
334         {
335             System.out.println("could not remove test users. exception caught: " + sex);
336         }
337     }
338 
339 }