gov.nih.nci.caintegrator.security.SecurityManagerImplTest.java Source code

Java tutorial

Introduction

Here is the source code for gov.nih.nci.caintegrator.security.SecurityManagerImplTest.java

Source

/**
 * Copyright 5AM Solutions Inc, ESAC, ScenPro & SAIC
 *
 * Distributed under the OSI-approved BSD 3-Clause License.
 * See http://ncip.github.com/caintegrator/LICENSE.txt for details.
 */
package gov.nih.nci.caintegrator.security;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import gov.nih.nci.caintegrator.application.study.AuthorizedStudyElementsGroup;
import gov.nih.nci.caintegrator.application.study.StudyConfiguration;
import gov.nih.nci.caintegrator.domain.application.UserWorkspace;
import gov.nih.nci.caintegrator.domain.translational.Study;
import gov.nih.nci.caintegrator.mockito.AbstractSecurityEnabledMockitoTest;
import gov.nih.nci.caintegrator.security.SecurityManagerImpl;
import gov.nih.nci.security.authorization.domainobjects.Group;
import gov.nih.nci.security.authorization.domainobjects.ProtectionElement;
import gov.nih.nci.security.exceptions.CSException;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.junit.Before;
import org.junit.Test;

public class SecurityManagerImplTest extends AbstractSecurityEnabledMockitoTest {
    private SecurityManagerImpl securityManager;
    private StudyConfiguration studyConfiguration;
    private AuthorizedStudyElementsGroup authorizedStudyElementsGroup;
    private static final String USER_DOES_NOT_EXIST = "userDoesNotExist";

    @Before
    public void setUp() throws Exception {
        securityManager = new SecurityManagerImpl();
        securityManager.setAuthorizationManagerFactory(authManagerFactory);

        authorizedStudyElementsGroup = new AuthorizedStudyElementsGroup();
        authorizedStudyElementsGroup.setId(Long.valueOf(1));
        authorizedStudyElementsGroup.setAuthorizedGroup(new Group());
        studyConfiguration = new StudyConfiguration();
        UserWorkspace workspace = new UserWorkspace();
        studyConfiguration.setUserWorkspace(workspace);
        workspace.setUsername("user");

        Group group = new Group();
        group.setGroupName("Authorized Group");
        ;
        group.setGroupDesc("This is an Authorized Group");
        AuthorizedStudyElementsGroup authorizedGroup = new AuthorizedStudyElementsGroup();
        authorizedGroup.setAuthorizedGroup(group);
        studyConfiguration.getAuthorizedStudyElementsGroups().add(authorizedGroup);
    }

    @Test
    public void testCreateProtectionElementUserExists() throws CSException {
        UserWorkspace userWorkspace = new UserWorkspace();
        userWorkspace.setUsername(USER_EXISTS);
        studyConfiguration.setUserWorkspace(userWorkspace);
        securityManager.createProtectionElement(studyConfiguration);
        verify(authManager, times(1)).createProtectionElement(any(ProtectionElement.class));
    }

    @Test
    public void testCreateProtectionElementUserDoesNotExist() throws CSException {
        UserWorkspace userWorkspace = new UserWorkspace();
        userWorkspace.setUsername(USER_DOES_NOT_EXIST);
        studyConfiguration.setUserWorkspace(userWorkspace);
        securityManager.createProtectionElement(studyConfiguration);
        verify(authManager, never()).createProtectionElement(any(ProtectionElement.class));
    }

    @Test
    public void testDeleteProtectionElement() throws CSException {
        securityManager.deleteProtectionElement(studyConfiguration);
        verify(authManager, atLeastOnce()).removeProtectionElement(anyString());
    }

    @Test
    public void testDeleteProtectionElementWithAuthorized() throws CSException {
        AuthorizedStudyElementsGroup authorizedStudyElementsGroup1 = new AuthorizedStudyElementsGroup();
        AuthorizedStudyElementsGroup authorizedStudyElementsGroup2 = new AuthorizedStudyElementsGroup();
        studyConfiguration.getAuthorizedStudyElementsGroups().add(authorizedStudyElementsGroup1);
        studyConfiguration.getAuthorizedStudyElementsGroups().add(authorizedStudyElementsGroup2);
        securityManager.deleteProtectionElement(studyConfiguration);
        verify(authManager, atLeastOnce()).removeProtectionElement(anyString());
    }

    @Test
    public void testInitializeFiltersForUserGroups() throws CSException {
        Session session = mock(Session.class);
        SessionFactory sessionFactory = mock(SessionFactory.class);
        when(session.getSessionFactory()).thenReturn(sessionFactory);
        securityManager.initializeFiltersForUserGroups(USERNAME, session);
        verify(sessionFactory, times(1)).getDefinedFilterNames();
    }

    @Test
    public void testInitializeFiltersForUserGroupsUserDoesNotExist() throws CSException {
        Session session = mock(Session.class);
        SessionFactory sessionFactory = mock(SessionFactory.class);
        when(session.getSessionFactory()).thenReturn(sessionFactory);
        securityManager.initializeFiltersForUserGroups(USER_DOES_NOT_EXIST, session);
        verify(sessionFactory, never()).getDefinedFilterNames();
    }

    @Test
    public void retrieveManagedStudyConfigurations() throws CSException {
        Study study = new Study();
        Set<Study> studies = new HashSet<Study>();
        studies.add(study);
        study.setId(Long.valueOf(1));
        study.setStudyConfiguration(studyConfiguration);
        Set<StudyConfiguration> managedStudies = securityManager.retrieveManagedStudyConfigurations(USERNAME,
                studies);
        assertTrue(managedStudies.contains(studyConfiguration));
        assertEquals(1, managedStudies.size());
    }

    @Test
    public void retrieveManagedStudyConfigurationsUserDoesNotExist() throws CSException {
        Study study = new Study();
        Set<Study> studies = new HashSet<Study>();
        studies.add(study);
        study.setId(Long.valueOf(1));
        study.setStudyConfiguration(studyConfiguration);
        Set<StudyConfiguration> managedStudies = securityManager
                .retrieveManagedStudyConfigurations(USER_DOES_NOT_EXIST, studies);
        assertFalse(managedStudies.contains(studyConfiguration));
        assertEquals(0, managedStudies.size());
    }

    @Test
    public void testCreateProtectionElementForAuthorizedStudyElementsGroup() throws CSException {
        UserWorkspace userWorkspace = new UserWorkspace();
        userWorkspace.setUsername(USER_EXISTS);
        studyConfiguration.setUserWorkspace(userWorkspace);
        securityManager.createProtectionElement(studyConfiguration, authorizedStudyElementsGroup);
        verify(authManager, times(1)).createProtectionElement(any(ProtectionElement.class));

        // test with invalid user
        securityManager.deleteProtectionElement(authorizedStudyElementsGroup);

        userWorkspace = new UserWorkspace();
        userWorkspace.setUsername("NAMENOTFOUND");
        studyConfiguration.setUserWorkspace(userWorkspace);
        securityManager.createProtectionElement(studyConfiguration, authorizedStudyElementsGroup);
        verify(authManager, times(1)).createProtectionElement(any(ProtectionElement.class));

        // test if authorizedStudyElementsGroup ID column is null in database
        securityManager.deleteProtectionElement(authorizedStudyElementsGroup);
        authorizedStudyElementsGroup = new AuthorizedStudyElementsGroup();
        authorizedStudyElementsGroup.setId(null); // simulate null id
        Group group = new Group();
        group.setGroupName("Unit Test Group Name");
        authorizedStudyElementsGroup.setAuthorizedGroup(group);
        assertEquals("null", String.valueOf(authorizedStudyElementsGroup.getId()));
        userWorkspace = new UserWorkspace();
        userWorkspace.setUsername(USER_EXISTS);
        studyConfiguration.setUserWorkspace(userWorkspace);

        boolean thrown = false;
        try {
            securityManager.createProtectionElement(studyConfiguration, authorizedStudyElementsGroup);
        } catch (CSException e) {
            thrown = true;
        }
        assertTrue(thrown);
        verify(authManager, times(1)).createProtectionElement(any(ProtectionElement.class));
    }

    @Test
    public void testDeleteProtectionElementForAuthorizedStudyElementsGroup() throws CSException {
        securityManager.deleteProtectionElement(authorizedStudyElementsGroup);
        verify(authManager, times(1)).removeProtectionElement(anyString());
    }

    /**
     * Tests retrieval of unauthorized groups.
     * @throws CSException on error
     */
    @Test
    public void getUnauthorizedGroups() throws CSException {
        Collection<Group> groups = securityManager.getUnauthorizedGroups(studyConfiguration);
        assertFalse(groups.isEmpty());
        assertEquals(1, groups.size());

        Group group = groups.iterator().next();
        assertEquals("Group Name", group.getGroupName());

        Group authorizedGroup = new Group();
        authorizedGroup.setGroupName("Group Name");
        authorizedGroup.setGroupDesc("Group Description");

        AuthorizedStudyElementsGroup authorizedStudyElementGroup = new AuthorizedStudyElementsGroup();
        authorizedStudyElementGroup.setAuthorizedGroup(authorizedGroup);

        studyConfiguration.getAuthorizedStudyElementsGroups().add(authorizedStudyElementGroup);

        groups = securityManager.getUnauthorizedGroups(studyConfiguration);
        assertTrue(groups.isEmpty());
    }
}