1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.audit;
18  
19  import java.sql.Connection;
20  import java.sql.PreparedStatement;
21  import java.sql.ResultSet;
22  import java.sql.SQLException;
23  
24  import junit.framework.Test;
25  import junit.framework.TestSuite;
26  
27  import org.apache.jetspeed.audit.impl.ActivityBean;
28  import org.apache.jetspeed.components.util.DatasourceEnabledSpringTestCase;
29  
30  /***
31   * Test Audit Activity
32   * 
33   * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
34   * @version $Id: $
35   */
36  public class TestAuditActivity extends DatasourceEnabledSpringTestCase
37  {
38  
39      private AuditActivity audit = null;
40  
41      /*
42       * (non-Javadoc)
43       * 
44       * @see junit.framework.TestCase#tearDown()
45       */
46      protected void tearDown() throws Exception
47      {
48          ctx.close();
49          super.tearDown();
50      }
51  
52      /***
53       * Start the tests.
54       * 
55       * @param args
56       *            the arguments. Not used
57       */
58      public static void main(String args[])
59      {
60          junit.awtui.TestRunner.main(new String[]
61          { TestAuditActivity.class.getName()});
62  
63      }
64  
65      protected void setUp() throws Exception
66      {
67          super.setUp();
68          
69          this.audit = (AuditActivity) ctx.getBean("org.apache.jetspeed.audit.AuditActivity");
70          assertNotNull("audit activity service not found ", this.audit);
71      }
72      
73      public void clearDBs()
74      {
75          try
76          {
77              Connection con = audit.getDataSource().getConnection();
78  
79              PreparedStatement psmt = con
80                      .prepareStatement("DELETE FROM ADMIN_ACTIVITY");
81              psmt.execute();
82              psmt.close();
83              psmt = con.prepareStatement("DELETE FROM USER_ACTIVITY");
84              psmt.execute();
85              psmt.close();
86              if (con != null) con.close();
87          } catch (SQLException e)
88          {
89              fail("problem with database connection:" + e.toString());
90          }
91      }
92  
93      public int count(String query)
94      {
95          int val = -1;
96          try
97          {
98              Connection con = audit.getDataSource().getConnection();
99  
100             PreparedStatement psmt = con.prepareStatement(query);
101             ResultSet rs = psmt.executeQuery();
102 
103             if (rs.next())
104             {
105                 val = rs.getInt(1);
106             }
107             psmt.close();
108             if (con != null) con.close();
109         } catch (SQLException e)
110         {
111             fail("problem with database connection:" + e.toString());
112         }
113         return val;
114     }
115 
116     public int countAdminActivity()
117     {
118         return count("SELECT count(*) from ADMIN_ACTIVITY");
119     }
120 
121     public int countUserActivity()
122     {
123         return count("SELECT count(*) from USER_ACTIVITY");
124     }
125  
126     public static Test suite()
127     {
128         // All methods starting with "test" will be executed in the test suite.
129         return new TestSuite(TestAuditActivity.class);
130     }
131 
132     public void testUserActivity() throws Exception
133     {
134         assertNotNull("Audit Activity service is null", audit);
135         clearDBs();
136 
137         audit.setEnabled(true);
138         assertTrue(audit.getEnabled());
139         
140         // Log User Activity
141         audit.logUserActivity(USER, IP1, AuditActivity.AUTHENTICATION_SUCCESS, MSG_AUTHENTICATION_SUCCESS);
142         audit.logUserActivity(USER, IP1, AuditActivity.AUTHENTICATION_FAILURE, MSG_AUTHENTICATION_FAILURE);
143         
144         int userCount = this.countUserActivity();
145         assertEquals(userCount, 2);
146         
147         ActivityBean userBean = lookupUserActivity(USER_QUERY, AuditActivity.AUTHENTICATION_SUCCESS);
148         assertEquals(userBean.getActivity(), AuditActivity.AUTHENTICATION_SUCCESS);
149         assertEquals(userBean.getCategory(), AuditActivity.CAT_USER_AUTHENTICATION);
150         assertEquals(userBean.getUserName(), USER);
151         assertNotNull(userBean.getTimestamp());
152         assertEquals(userBean.getIpAddress(), IP1);
153         assertEquals(userBean.getDescription(), MSG_AUTHENTICATION_SUCCESS);
154         
155         userBean = lookupUserActivity(USER_QUERY, AuditActivity.AUTHENTICATION_FAILURE);
156         assertEquals(userBean.getActivity(), AuditActivity.AUTHENTICATION_FAILURE);
157         assertEquals(userBean.getCategory(), AuditActivity.CAT_USER_AUTHENTICATION);
158         assertEquals(userBean.getUserName(), USER);
159         assertNotNull(userBean.getTimestamp());
160         assertEquals(userBean.getIpAddress(), IP1);
161         assertEquals(userBean.getDescription(), MSG_AUTHENTICATION_FAILURE);        
162 
163         // Test logging User Attribute activity
164         audit.logUserAttributeActivity(USER, IP1, AuditActivity.USER_ADD_ATTRIBUTE, ATTRIBUTE_NAME_1, ATTRIBUTE_VALUE_BEFORE_1, ATTRIBUTE_VALUE_AFTER_1, MSG_ATTRIBUTE);
165         
166         userBean = lookupUserActivity(USER_QUERY, AuditActivity.USER_ADD_ATTRIBUTE);
167         assertEquals(userBean.getActivity(), AuditActivity.USER_ADD_ATTRIBUTE);
168         assertEquals(userBean.getCategory(), AuditActivity.CAT_USER_ATTRIBUTE);
169         assertEquals(userBean.getUserName(), USER);
170         assertNotNull(userBean.getTimestamp());
171         assertEquals(userBean.getIpAddress(), IP1);
172         assertEquals(userBean.getDescription(), MSG_ATTRIBUTE);        
173         assertEquals(userBean.getBeforeValue(), ATTRIBUTE_VALUE_BEFORE_1);
174         assertEquals(userBean.getAfterValue(), ATTRIBUTE_VALUE_AFTER_1);
175         
176         
177         // Log Admin Activity
178         audit.logAdminUserActivity(ADMIN_USER, IP1, USER, AuditActivity.USER_CREATE, MSG_ADDING_USER);
179         audit.logAdminCredentialActivity(ADMIN_USER, IP1, USER, AuditActivity.PASSWORD_CHANGE_SUCCESS, MSG_CHANGING_PW);
180         audit.logAdminAttributeActivity(ADMIN_USER, IP1, USER, AuditActivity.USER_ADD_ATTRIBUTE, ATTRIBUTE_NAME_1, ATTRIBUTE_VALUE_BEFORE_1, ATTRIBUTE_VALUE_AFTER_1, MSG_ATTRIBUTE);
181         
182         int adminCount = this.countAdminActivity();
183         assertEquals(adminCount, 3);
184         
185         ActivityBean adminBean = lookupAdminActivity(ADMIN_QUERY, AuditActivity.USER_CREATE);
186         assertEquals(adminBean.getActivity(), AuditActivity.USER_CREATE);
187         assertEquals(adminBean.getCategory(), AuditActivity.CAT_ADMIN_USER_MAINTENANCE);
188         assertEquals(adminBean.getAdmin(), ADMIN_USER);
189         assertEquals(adminBean.getUserName(), USER);
190         assertNotNull(adminBean.getTimestamp());
191         assertEquals(adminBean.getIpAddress(), IP1);
192         assertEquals(adminBean.getDescription(), MSG_ADDING_USER);
193         assertTrue(adminBean.getName() == null || adminBean.getName().equals(""));
194         assertTrue(adminBean.getBeforeValue() == null || adminBean.getBeforeValue().equals(""));
195         assertTrue(adminBean.getAfterValue() == null || adminBean.getAfterValue().equals(""));
196 
197         adminBean = lookupAdminActivity(ADMIN_QUERY, AuditActivity.PASSWORD_CHANGE_SUCCESS);
198         assertEquals(adminBean.getActivity(), AuditActivity.PASSWORD_CHANGE_SUCCESS);
199         assertEquals(adminBean.getCategory(), AuditActivity.CAT_ADMIN_CREDENTIAL_MAINTENANCE);
200         assertEquals(adminBean.getAdmin(), ADMIN_USER);
201         assertEquals(adminBean.getUserName(), USER);
202         assertNotNull(adminBean.getTimestamp());
203         assertEquals(adminBean.getIpAddress(), IP1);
204         assertEquals(adminBean.getDescription(), MSG_CHANGING_PW);
205         assertTrue(adminBean.getName() == null || adminBean.getName().equals(""));
206         assertTrue(adminBean.getBeforeValue() == null || adminBean.getBeforeValue().equals(""));
207         assertTrue(adminBean.getAfterValue() == null || adminBean.getAfterValue().equals(""));
208 
209         adminBean = lookupAdminActivity(ADMIN_QUERY, AuditActivity.USER_ADD_ATTRIBUTE);
210         assertEquals(adminBean.getActivity(), AuditActivity.USER_ADD_ATTRIBUTE);
211         assertEquals(adminBean.getCategory(), AuditActivity.CAT_ADMIN_ATTRIBUTE_MAINTENANCE);
212         assertEquals(adminBean.getAdmin(), ADMIN_USER);
213         assertEquals(adminBean.getUserName(), USER);
214         assertNotNull(adminBean.getTimestamp());
215         assertEquals(adminBean.getIpAddress(), IP1);
216         assertEquals(adminBean.getDescription(), MSG_ATTRIBUTE);
217         assertEquals(adminBean.getName(), ATTRIBUTE_NAME_1);
218         assertEquals(adminBean.getBeforeValue(), ATTRIBUTE_VALUE_BEFORE_1);
219         assertEquals(adminBean.getAfterValue(), ATTRIBUTE_VALUE_AFTER_1);
220         
221         audit.setEnabled(false);
222         assertFalse(audit.getEnabled());
223         audit.logAdminAttributeActivity(ADMIN_USER, IP1, USER, AuditActivity.USER_ADD_ATTRIBUTE, ATTRIBUTE_NAME_1, ATTRIBUTE_VALUE_BEFORE_1, ATTRIBUTE_VALUE_AFTER_1, MSG_ATTRIBUTE);        
224         adminCount = this.countAdminActivity();
225         assertEquals(adminCount, 3);        
226     }
227     
228     private static String USER_QUERY = "SELECT * FROM USER_ACTIVITY WHERE ACTIVITY = ?";
229     private static String ADMIN_QUERY = "SELECT * FROM ADMIN_ACTIVITY WHERE ACTIVITY = ?";
230     
231     private static String MSG_AUTHENTICATION_SUCCESS = "logging on via Jetspeed Portal";
232     private static String MSG_AUTHENTICATION_FAILURE = "failure logging on via Jetspeed Portal";
233     private static String MSG_ADDING_USER = "adding new user";
234     private static String MSG_CHANGING_PW = "changing password";
235     private static String MSG_ATTRIBUTE = "Attribute added for user";
236     
237     private static String ADMIN_USER = "admin";
238     private static String USER = "nelson";
239     private static String IP1 = "123.234.145.156";
240     private static String ATTRIBUTE_NAME_1 = "attribute1";
241     private static String ATTRIBUTE_VALUE_BEFORE_1 = "value1BEFORE";
242     private static String ATTRIBUTE_VALUE_AFTER_1 = "value1AFTER";
243     
244 
245     private ActivityBean lookupUserActivity(String query, String keyActivity) throws SQLException
246     {
247         Connection con = null;
248         PreparedStatement pstmt = null;
249         ResultSet rs = null;        
250         try
251         {
252             con = audit.getDataSource().getConnection();
253             pstmt = con.prepareStatement(query);
254             pstmt.setString(1, keyActivity);
255             rs = pstmt.executeQuery();
256             rs.next();
257             ActivityBean bean = new ActivityBean();
258             bean.setActivity(rs.getString(1));
259             bean.setCategory(rs.getString(2));
260             bean.setUserName(rs.getString(3));
261             bean.setTimestamp(rs.getTimestamp(4));
262             bean.setIpAddress(rs.getString(5));
263             bean.setName(rs.getString(6));
264             bean.setBeforeValue(rs.getString(7));
265             bean.setAfterValue(rs.getString(8));            
266             bean.setDescription(rs.getString(9));
267             return bean;
268         }
269         catch (SQLException e)
270         {
271             throw e;
272         }
273         finally
274         {
275             if (pstmt != null)
276             {
277                 pstmt.close();
278             }
279             if (rs != null)
280             {
281                 rs.close();
282             }            
283             if (con != null)
284             {
285                 try
286                 {
287                     con.close();
288                 }
289                 catch (SQLException ee)
290                 {}
291             }
292         }        
293     }
294 
295     private ActivityBean lookupAdminActivity(String query, String keyActivity) throws SQLException
296     {
297         Connection con = null;
298         PreparedStatement pstmt = null;
299         ResultSet rs = null;
300         try
301         {
302             con = audit.getDataSource().getConnection();
303             pstmt = con.prepareStatement(query);
304             pstmt.setString(1, keyActivity);
305             rs = pstmt.executeQuery();
306             rs.next();
307             ActivityBean bean = new ActivityBean();
308             bean.setActivity(rs.getString(1));
309             bean.setCategory(rs.getString(2));
310             bean.setAdmin(rs.getString(3));
311             bean.setUserName(rs.getString(4));
312             bean.setTimestamp(rs.getTimestamp(5));
313             bean.setIpAddress(rs.getString(6));
314             bean.setName(rs.getString(7));
315             bean.setBeforeValue(rs.getString(8));
316             bean.setAfterValue(rs.getString(9));
317             bean.setDescription(rs.getString(10));
318             return bean;
319         }
320         catch (SQLException e)
321         {
322             throw e;
323         }
324         finally
325         {
326             if (pstmt != null)
327             {
328                 pstmt.close();
329             }
330             if (rs != null)
331             {
332                 rs.close();
333             }
334             if (con != null)
335             {
336                 try
337                 {
338                     con.close();
339                 }
340                 catch (SQLException ee)
341                 {}
342             }
343         }        
344     }    
345 
346     protected String[] getConfigurations()
347     {
348         return new String[]
349         { "statistics.xml", "transaction.xml", "boot/datasource.xml"};
350     }
351 
352     protected String[] getBootConfigurations()
353     {
354         return new String[]
355         { "boot/datasource.xml"};
356     }
357     
358 }