io.personium.test.jersey.box.acl.AclTest.java Source code

Java tutorial

Introduction

Here is the source code for io.personium.test.jersey.box.acl.AclTest.java

Source

/**
 * personium.io
 * Copyright 2014 FUJITSU LIMITED
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.personium.test.jersey.box.acl;

    import static org.junit.Assert.assertEquals;
    import static org.junit.Assert.assertTrue;

    import java.util.ArrayList;
    import java.util.HashMap;
    import java.util.List;
    import java.util.Map;

    import org.apache.http.HttpStatus;
    import org.json.simple.JSONObject;
    import org.junit.Test;
    import org.junit.experimental.categories.Category;
    import org.junit.runner.RunWith;
    import org.w3c.dom.Element;
    import org.w3c.dom.NodeList;

    import com.sun.jersey.test.framework.JerseyTest;
    import com.sun.jersey.test.framework.WebAppDescriptor;

    import io.personium.core.PersoniumCoreException;
    import io.personium.core.auth.OAuth2Helper;
    import io.personium.test.categories.Integration;
    import io.personium.test.categories.Regression;
    import io.personium.test.categories.Unit;
    import io.personium.test.jersey.AbstractCase;
    import io.personium.test.jersey.ODataCommon;
    import io.personium.test.jersey.PersoniumIntegTestRunner;
    import io.personium.test.setup.Setup;
    import io.personium.test.unit.core.UrlUtils;
    import io.personium.test.utils.AccountUtils;
    import io.personium.test.utils.BoxUtils;
    import io.personium.test.utils.CellUtils;
    import io.personium.test.utils.DavResourceUtils;
    import io.personium.test.utils.EntityTypeUtils;
    import io.personium.test.utils.Http;
    import io.personium.test.utils.ResourceUtils;
    import io.personium.test.utils.RoleUtils;
    import io.personium.test.utils.TResponse;
    import io.personium.test.utils.TestMethodUtils;

    /**
     * BOXACL?.
     */
    @RunWith(PersoniumIntegTestRunner.class)
    @Category({ Unit.class, Integration.class, Regression.class })
    public class AclTest extends JerseyTest {

        private static final Map<String, String> INIT_PARAMS = new HashMap<String, String>();
        static {
            INIT_PARAMS.put("com.sun.jersey.config.property.packages", "io.personium.core.rs");
            INIT_PARAMS.put("com.sun.jersey.spi.container.ContainerRequestFilters",
                    "io.personium.core.jersey.filter.PersoniumCoreContainerFilter");
            INIT_PARAMS.put("com.sun.jersey.spi.container.ContainerResponseFilters",
                    "io.personium.core.jersey.filter.PersoniumCoreContainerFilter");
        }

        static final String TEST_CELL1 = "testcell1";
        static final String TEST_ROLE1 = "role4";
        static final String TEST_ROLE2 = "role5";
        static final String TOKEN = AbstractCase.MASTER_TOKEN_NAME;
        static final String BOX_NAME = "box1";
        static final String DEPTH = "0";
        static final String ACL_ALL_TEST = "box/acl-setting-all.txt";
        static final String ACL_SETTING_TEST = "box/acl-setting.txt";
        static final String ACL_NULL_TEST = "box/acl-null.txt";

        /**
         * .
         */
        public AclTest() {
            super(new WebAppDescriptor.Builder(INIT_PARAMS).build());
        }

    /**
     * BoxACLPrincipal?all??.
     */
    @Test
    public final void ACL Principal?all??() {

        try {
            // Principal:all
            // Privilege:read?ACLbox1?
            DavResourceUtils.setACL(null, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME, ACL_ALL_TEST,
                    null, "<D:read/>", "");

            // PROPFIND?ACL??
            TResponse tresponse = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME,
                    TOKEN, DEPTH, HttpStatus.SC_MULTI_STATUS);
            List<Map<String, List<String>>> list = new ArrayList<Map<String, List<String>>>();
            Map<String, List<String>> map = new HashMap<String, List<String>>();
            List<String> rolList = new ArrayList<String>();
            rolList.add("all");
            rolList.add("read");
            list.add(map);
            Element root = tresponse.bodyAsXml().getDocumentElement();
            String resorce = UrlUtils.box(TEST_CELL1, BOX_NAME);
            // UrlUtil???URL?????
            StringBuffer sb = new StringBuffer(resorce);
            sb.deleteCharAt(resorce.length() - 1);
            TestMethodUtils.aclResponseTest(root, sb.toString(), list, 1,
                    UrlUtils.roleResource(TEST_CELL1, BOX_NAME, ""), null);

            // account1?box1?
            // ?
            JSONObject json = ResourceUtils.getLocalTokenByPassAuth(TEST_CELL1, "account1", "password1", -1);
            // ?
            String tokenStr = (String) json.get(OAuth2Helper.Key.ACCESS_TOKEN);

            // Box1???GET?
            ResourceUtils.accessResource("", tokenStr, HttpStatus.SC_OK, Setup.TEST_BOX1, TEST_CELL1);
            // ?box1???GET?
            ResourceUtils.accessResource("", "", HttpStatus.SC_OK, Setup.TEST_BOX1, TEST_CELL1);
            // AuthorizationHedder???box1???GET?
            ResourceUtils.accessResourceNoAuth("", HttpStatus.SC_OK, TEST_CELL1);

            // Box1???PUT???
            DavResourceUtils.createWebDavFile(Setup.TEST_CELL1, tokenStr, "box/dav-put.txt", "hoge", Setup.TEST_BOX1,
                    "text.txt", HttpStatus.SC_FORBIDDEN);
            // ?box1???PUT???
            DavResourceUtils.createWebDavFile(Setup.TEST_CELL1, "", "box/dav-put.txt", "hoge", Setup.TEST_BOX1,
                    "text.txt", HttpStatus.SC_UNAUTHORIZED);
            // AuthorizationHedder???box1???PUT???
            DavResourceUtils.createWebDavFileNoAuthHeader(Setup.TEST_CELL1, "box/dav-put.txt", "hoge", Setup.TEST_BOX1,
                    "text.txt", HttpStatus.SC_UNAUTHORIZED);
        } finally {
            // ?
            DavResourceUtils.deleteWebDavFile("box/dav-delete.txt", Setup.TEST_CELL1, TOKEN,
                    "text.txt", -1, Setup.TEST_BOX1);

            // ACL???
            Http.request("box/acl-authtest.txt")
                    .with("cellPath", TEST_CELL1)
                    .with("colname", "")
                    .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                    .with("token", AbstractCase.MASTER_TOKEN_NAME)
                    .with("level", "")
                    .returns()
                    .statusCode(HttpStatus.SC_OK);
        }
    }

        /**
         * BoxACLPrincipal?all?role???.
         */
        @Test
        public final void BoxACL Principal?all?role?? ?() {
        try {
            // Principal:all Privilege:read
            // Principal:role1 Privilege:write
            // ?ACLbox1?
            setAclAllandRole(TEST_CELL1, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME,
                    "box/acl-setting-all-role.txt", "role1", "<D:read/>", "<D:write/>", "");

            // PROPFIND?ACL??
            CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME,
                    TOKEN, DEPTH, HttpStatus.SC_MULTI_STATUS);

            // account1?box1?
            // ?
            JSONObject json = ResourceUtils.getLocalTokenByPassAuth(TEST_CELL1, "account1", "password1", -1);
            // ?
            String tokenStr = (String) json.get(OAuth2Helper.Key.ACCESS_TOKEN);

            // Box1???GET?
            ResourceUtils.accessResource("", tokenStr, HttpStatus.SC_OK, Setup.TEST_BOX1, TEST_CELL1);
            // ?box1???GET?
            ResourceUtils.accessResource("", "", HttpStatus.SC_OK, Setup.TEST_BOX1, TEST_CELL1);
            // AuthorizationHedder???box1???GET?
            ResourceUtils.accessResourceNoAuth("", HttpStatus.SC_OK, TEST_CELL1);

            // Box1???PUT?
            DavResourceUtils.createWebDavFile(Setup.TEST_CELL1, tokenStr, "box/dav-put.txt", "hoge", Setup.TEST_BOX1,
                    "text.txt", HttpStatus.SC_CREATED);
            // ?box1???PUT???
            DavResourceUtils.createWebDavFile(Setup.TEST_CELL1, "", "box/dav-put.txt", "hoge", Setup.TEST_BOX1,
                    "text.txt", HttpStatus.SC_UNAUTHORIZED);
            // AuthorizationHedder???box1???PUT???
            DavResourceUtils.createWebDavFileNoAuthHeader(Setup.TEST_CELL1, "box/dav-put.txt", "hoge", Setup.TEST_BOX1,
                    "text.txt", HttpStatus.SC_UNAUTHORIZED);
        } finally {
            // ?
            DavResourceUtils.deleteWebDavFile("box/dav-delete.txt", Setup.TEST_CELL1, TOKEN,
                    "text.txt", -1, Setup.TEST_BOX1);

            // ACL???
            Http.request("box/acl-authtest.txt")
                    .with("cellPath", TEST_CELL1)
                    .with("colname", "")
                    .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                    .with("token", AbstractCase.MASTER_TOKEN_NAME)
                    .with("level", "")
                    .returns()
                    .statusCode(HttpStatus.SC_OK);
        }
    }

        /**
         * BoxACL_?ACL??ACL?????????.
         */
        @Test
        public final void BoxACL _?ACL??ACL? ????????()
        {
            try {

                // ??????????
                // Principal:all
                // Privilege:read?ACLbox1?
                DavResourceUtils.setACL(null, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME, ACL_ALL_TEST, null,
                        "<D:read/>", "");

                // PROPFIND?ACL??
                TResponse tresponse = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME, TOKEN, DEPTH,
                        HttpStatus.SC_MULTI_STATUS);

                // ACE??????????
                NodeList list = tresponse.bodyAsXml().getElementsByTagNameNS("DAV:", "ace");
                assertTrue(tresponse.getBody(), list.getLength() > 0);

                // ?ACL??ACL?????
                DavResourceUtils.setACL(TEST_CELL1, TOKEN, HttpStatus.SC_OK, "", ACL_NULL_TEST, null, null, "");

                // PROPFIND?ACL??
                TResponse tresponse2 = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME, TOKEN, DEPTH,
                        HttpStatus.SC_MULTI_STATUS);
                // ACE??????
                NodeList list2 = tresponse2.bodyAsXml().getElementsByTagNameNS("DAV:", "ace");
                assertTrue(tresponse2.getBody(), list2.getLength() == 0);
            } finally {
                // ACL???
                Http.request("box/acl-authtest.txt").with("cellPath", TEST_CELL1).with("colname", "")
                        .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                        .with("token", AbstractCase.MASTER_TOKEN_NAME).with("level", "").returns()
                        .statusCode(HttpStatus.SC_OK);
            }
        }

        /**
         * Box????Role??ACL.
         */
        @Test
        public final void Box????Role??ACL () {
        String testBox = "testBox01";
        String testRole = "testRole01";
        try {
            // Box??
            BoxUtils.create(TEST_CELL1, testBox, TOKEN);

            // Box????Role??
            RoleUtils.create(TEST_CELL1, TOKEN, testRole, testBox, HttpStatus.SC_CREATED);

            // Box?Role?ACL
            DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox, "",
                    ACL_SETTING_TEST, testRole, testBox, "<D:read/>", "");

            // PROPFIND
            TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
                    TOKEN, HttpStatus.SC_MULTI_STATUS, testBox);

            // PROPFIND??
            List<Map<String, List<String>>> list = new ArrayList<Map<String, List<String>>>();
            Map<String, List<String>> map = new HashMap<String, List<String>>();
            List<String> rolList = new ArrayList<String>();
            rolList.add("read");
            list.add(map);
            map.put(testRole, rolList);
            Element root = res.bodyAsXml().getDocumentElement();
            String resorce = UrlUtils.box(TEST_CELL1, testBox);
            // UrlUtil???URL?????
            StringBuffer sb = new StringBuffer(resorce);
            sb.deleteCharAt(resorce.length() - 1);
            TestMethodUtils.aclResponseTest(root, sb.toString(), list, 1,
                    UrlUtils.roleResource(TEST_CELL1, testBox, ""), null);

        } finally {
            // Role?
            RoleUtils.delete(TEST_CELL1, TOKEN, testRole, testBox);

            // Box1?
            BoxUtils.delete(TEST_CELL1, TOKEN, testBox);
        }
    }

    /**
     * ?Box??????????Role???Box??????Role??ACL.
     */
    @Test
    public final void ?Box??????????Role???Box??????Role??ACL () {
        String testBox = "testBox_27481";
        String testRole = "testRole_27481";
        try {
            // Box??
            BoxUtils.create(TEST_CELL1, testBox, TOKEN);

            // Box????Role??
            RoleUtils.create(TEST_CELL1, TOKEN, testRole, testBox, HttpStatus.SC_CREATED);
            // Box??????Role??
            RoleUtils.create(TEST_CELL1, TOKEN, testRole, null, HttpStatus.SC_CREATED);

            // Box?Box?????Role?ACL
            DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox, "", ACL_SETTING_TEST,
                    testRole, null, "<D:read/>", "");

            // PROPFIND
            TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
                    TOKEN, HttpStatus.SC_MULTI_STATUS, testBox);

            // PROPFIND??
            List<Map<String, List<String>>> list = new ArrayList<Map<String, List<String>>>();
            Map<String, List<String>> map = new HashMap<String, List<String>>();
            List<String> rolList = new ArrayList<String>();
            rolList.add("read");
            list.add(map);
            map.put("../__/" + testRole, rolList);
            Element root = res.bodyAsXml().getDocumentElement();
            String resorce = UrlUtils.box(TEST_CELL1, testBox);
            // UrlUtil???URL?????
            StringBuffer sb = new StringBuffer(resorce);
            sb.deleteCharAt(resorce.length() - 1);
            TestMethodUtils.aclResponseTest(root, sb.toString(), list, 1,
                    UrlUtils.roleResource(TEST_CELL1, testBox, ""), null);

        } finally {
            // Role?(Box?????)
            RoleUtils.delete(TEST_CELL1, TOKEN, testRole, testBox);
            // Role?(Box??????)
            RoleUtils.delete(TEST_CELL1, TOKEN, testRole, null);
            // Box?
            BoxUtils.delete(TEST_CELL1, TOKEN, testBox);
        }
    }

        /**
         * ACL?URL????.
         */
        @Test
        public final void ACL ?URL????() {
        String testBox = "box1";
        String testRole = UrlUtils.roleResource("hogeCell", testBox, "role1");

        // Box1?Role?ACL
        DavResourceUtils.setACLwithRoleBaseUrl(TEST_CELL1, TOKEN, HttpStatus.SC_BAD_REQUEST, testBox, "",
                "box/acl-setting-baseurl.txt", testRole, "<D:read/>", "");

    }

    /**
     * baseUrl??.
     */
    @Test
    public final void baseUrl??()
        {
            String testBox1 = "testBox01";
            String testBox2 = "testBox02";
            String testRole02 = "testRole02";
            String testRole = "../testBox02/testRole02";
            try {
                // Box??
                BoxUtils.create(TEST_CELL1, testBox1, TOKEN);
                BoxUtils.create(TEST_CELL1, testBox2, TOKEN);

                // Role??
                RoleUtils.create(TEST_CELL1, TOKEN, testRole02, testBox2, HttpStatus.SC_CREATED);

                // Box?Role?ACL
                DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox1, "", ACL_SETTING_TEST,
                        testRole, testBox1, "<D:read/>", "");

                // PROPFIND
                TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt", TOKEN,
                        HttpStatus.SC_MULTI_STATUS, testBox1);

                // PROPFIND??
                List<Map<String, List<String>>> list = new ArrayList<Map<String, List<String>>>();
                Map<String, List<String>> map = new HashMap<String, List<String>>();
                List<String> rolList = new ArrayList<String>();
                rolList.add("read");
                list.add(map);
                map.put(UrlUtils.aclRelativePath("testBox02", testRole02), rolList);
                Element root = res.bodyAsXml().getDocumentElement();
                String resorce = UrlUtils.box(TEST_CELL1, testBox1);
                // UrlUtil???URL?????
                StringBuffer sb = new StringBuffer(resorce);
                sb.deleteCharAt(resorce.length() - 1);
                TestMethodUtils.aclResponseTest(root, sb.toString(), list, 1,
                        UrlUtils.roleResource(TEST_CELL1, testBox1, ""), null);

            } finally {

                // Role?
                RoleUtils.delete(TEST_CELL1, TOKEN, testRole02, testBox2);

                // Box1?
                BoxUtils.delete(TEST_CELL1, TOKEN, testBox1);
                BoxUtils.delete(TEST_CELL1, TOKEN, testBox2);
            }
        }

        /**
         * BOXACL?href?URL????.
         */
        @Test
        public final void BOXACL?href?URL? ???() {
        String testBox1 = "testBox01";
        String testRole = "testRole02";
        try {
            // Box??
            BoxUtils.create(TEST_CELL1, testBox1, TOKEN);

            // Role??
            RoleUtils.create(TEST_CELL1, TOKEN, testRole, testBox1, HttpStatus.SC_CREATED);

            // Box?Role?ACL
            DavResourceUtils.setACLwithRoleBaseUrl(TEST_CELL1, TOKEN, HttpStatus.SC_OK, testBox1, "",
                    "box/acl-setting-baseurl.txt", UrlUtils.roleResource(TEST_CELL1, testBox1, testRole),
                    "<D:read/>", "");

            // PROPFIND
            TResponse res = DavResourceUtils.propfind("box/propfind-box-allprop.txt",
                    TOKEN, HttpStatus.SC_MULTI_STATUS, testBox1);

            // PROPFIND??
            List<Map<String, List<String>>> list = new ArrayList<Map<String, List<String>>>();
            Map<String, List<String>> map = new HashMap<String, List<String>>();
            List<String> rolList = new ArrayList<String>();
            rolList.add("read");
            list.add(map);
            map.put(testRole, rolList);
            Element root = res.bodyAsXml().getDocumentElement();
            String resorce = UrlUtils.box(TEST_CELL1, testBox1);
            // UrlUtil???URL?????
            StringBuffer sb = new StringBuffer(resorce);
            sb.deleteCharAt(resorce.length() - 1);
            TestMethodUtils.aclResponseTest(root, sb.toString(), list, 1,
                    UrlUtils.roleResource(TEST_CELL1, testBox1, ""), null);

        } finally {

            // Role?
            RoleUtils.delete(TEST_CELL1, TOKEN, testRole, testBox1);

            // Box1?
            BoxUtils.delete(TEST_CELL1, TOKEN, testBox1);
        }
    }

        /**
         * BOXACL?requireSchemaAuth????????.
         */
        @Test
        public final void BOXACL?requireSchemaAuth ????????()
        {
            try {

                String requireSchamaAuthz = "public";
                // Principal:all
                // Privilege:read?ACLbox1?
                DavResourceUtils.setACL(null, TOKEN, HttpStatus.SC_OK, TEST_CELL1 + "/" + BOX_NAME, ACL_ALL_TEST, null,
                        "<D:read/>", requireSchamaAuthz);

                // PROPFIND?ACL??
                TResponse tresponse = CellUtils.propfind(TEST_CELL1 + "/" + BOX_NAME, TOKEN, DEPTH,
                        HttpStatus.SC_MULTI_STATUS);
                List<Map<String, List<String>>> list = new ArrayList<Map<String, List<String>>>();
                Map<String, List<String>> map = new HashMap<String, List<String>>();
                List<String> rolList = new ArrayList<String>();
                rolList.add("all");
                rolList.add("read");
                list.add(map);
                Element root = tresponse.bodyAsXml().getDocumentElement();
                String resorce = UrlUtils.box(TEST_CELL1, BOX_NAME);
                // UrlUtil???URL?????
                StringBuffer sb = new StringBuffer(resorce);
                sb.deleteCharAt(resorce.length() - 1);
                TestMethodUtils.aclResponseTest(root, sb.toString(), list, 1,
                        UrlUtils.roleResource(TEST_CELL1, BOX_NAME, ""), requireSchamaAuthz);

            } finally {
                // ACL???
                Http.request("box/acl-authtest.txt").with("cellPath", TEST_CELL1).with("colname", "")
                        .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                        .with("token", AbstractCase.MASTER_TOKEN_NAME).with("level", "").returns()
                        .statusCode(HttpStatus.SC_OK);
            }
        }

        /**
         * BoxACL????.
         */
        @Test
        public final void BoxACL ????()
        {

            String box2 = "box2";
            String roleNotDelete = "role001";
            String roleDelete = "role002";
            try {
                // box2?????
                RoleUtils.create(TEST_CELL1, TOKEN, roleNotDelete, box2, HttpStatus.SC_CREATED);
                RoleUtils.create(TEST_CELL1, TOKEN, roleDelete, box2, HttpStatus.SC_CREATED);

                // ACLtestcell1/box2?
                DavResourceUtils.setACLwithBox(TEST_CELL1, AbstractCase.BEARER_MASTER_TOKEN, HttpStatus.SC_OK, box2, "",
                        "box/acl-2role-setting.txt", roleNotDelete, roleDelete, box2, "<D:read/>", "<D:write/>", "");

                // role
                RoleUtils.delete(TEST_CELL1, TOKEN, roleDelete, box2, HttpStatus.SC_NO_CONTENT);

                // PROPFIND?testcell1/box2?ACL?
                TResponse tresponse = DavResourceUtils.propfind("box/propfind-box-allprop.txt", TOKEN,
                        HttpStatus.SC_MULTI_STATUS, box2);

                // role002??????=ace????
                NodeList list = tresponse.bodyAsXml().getElementsByTagNameNS("DAV:", "ace");
                assertTrue(tresponse.getBody(), list.getLength() == 1);

                // role001????
                assertTrue(tresponse.getBody(), list.item(0).getTextContent().indexOf(roleNotDelete) > -1);

            } finally {
                // ?
                RoleUtils.delete(TEST_CELL1, TOKEN, roleNotDelete, box2, -1);
                RoleUtils.delete(TEST_CELL1, TOKEN, roleDelete, box2, -1);

                // ACL???
                Http.request("box/acl-authtest.txt").with("cellPath", TEST_CELL1).with("colname", "")
                        .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                        .with("token", AbstractCase.MASTER_TOKEN_NAME).with("level", "").returns()
                        .statusCode(HttpStatus.SC_OK);
            }
        }

        /**
         * BoxACL????.
         */
        @Test
        public final void BoxACL ????()
        {

            String box2 = "box2";
            String roleDelete = "role002";
            try {
                // box2?????
                RoleUtils.create(TEST_CELL1, TOKEN, roleDelete, null, HttpStatus.SC_CREATED);

                // ACLtestcell1/box2?
                DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_OK, box2, "", ACL_SETTING_TEST,
                        roleDelete, null, "<D:read/>", "");

                // role
                RoleUtils.delete(TEST_CELL1, TOKEN, roleDelete, null, HttpStatus.SC_NO_CONTENT);

                // PROPFIND?testcell1/box2?ACL?
                TResponse tresponse = DavResourceUtils.propfind("box/propfind-box-allprop.txt", TOKEN,
                        HttpStatus.SC_MULTI_STATUS, box2);

                // role002??????=principal???
                NodeList list = tresponse.bodyAsXml().getElementsByTagNameNS("DAV:", "principal");
                assertTrue(tresponse.getBody(), list.getLength() == 0);

            } finally {
                // ?
                RoleUtils.delete(TEST_CELL1, TOKEN, roleDelete, null, -1);

                // ACL???
                Http.request("box/acl-authtest.txt").with("cellPath", TEST_CELL1).with("colname", "")
                        .with("roleBaseUrl", UrlUtils.roleResource(TEST_CELL1, null, ""))
                        .with("token", AbstractCase.MASTER_TOKEN_NAME).with("level", "").returns()
                        .statusCode(HttpStatus.SC_OK);
            }
        }

        /**
         * ???Box???404?????.
         */
        @Test
        public final void ???Box???404?????()
        {
            // ???Box?ACL
            TResponse res = DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_NOT_FOUND, "noneExistBox",
                    "", ACL_SETTING_TEST, "role", "noneExistBox", "<D:read/>", "");
            String boxUrl = UrlUtils.boxRoot(TEST_CELL1, "noneExistBox");
            PersoniumCoreException expectedException = PersoniumCoreException.Dav.BOX_NOT_FOUND.params(boxUrl);
            ODataCommon.checkErrorResponseBody(res, expectedException.getCode(), expectedException.getMessage());
        }

        /**
         * roleBaseUrl????Box???400?????.
         */
        @Test
        public final void roleBaseUrl????Box???400?????()
        {
        String testBox = "testBox01";
        String testRole = "testRole01";
        try {
            // Box??
            BoxUtils.create(TEST_CELL1, testBox, TOKEN);

            // Box????Role??
            RoleUtils.create(TEST_CELL1, TOKEN, testRole, testBox, HttpStatus.SC_CREATED);

            // ???Box?ACL
            DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_BAD_REQUEST, testBox, "",
                    ACL_SETTING_TEST, testRole, "noneExistBox", "<D:read/>", "");

        } finally {
            // Role?
            RoleUtils.delete(TEST_CELL1, TOKEN, testRole, testBox);

            // Box1?
            BoxUtils.delete(TEST_CELL1, TOKEN, testBox);
        }
    }

    /**
     * ???Cellxml:base???BoxACL???400?????.
     */
    @Test
    public final void ???Cellxml_base???BoxACL ???400?????()
        {
            String testBox = "testBox01";
            String testRole = "testRole01";
            try {
                // Box??
                BoxUtils.create(TEST_CELL1, testBox, TOKEN);

                // Box????Role??
                RoleUtils.create(TEST_CELL1, TOKEN, testRole, testBox, HttpStatus.SC_CREATED);

                // ???Cellxml:base???ACL
                DavResourceUtils.setACLwithRoleBaseUrl(TEST_CELL1, TOKEN, HttpStatus.SC_BAD_REQUEST, testBox, "",
                        testRole, ACL_SETTING_TEST, UrlUtils.roleResource("notExistsCell", "__", testRole), "<D:read/>",
                        "");

            } finally {
                // Role?
                RoleUtils.delete(TEST_CELL1, TOKEN, testRole, testBox);

                // Box1?
                BoxUtils.delete(TEST_CELL1, TOKEN, testBox);
            }
        }

    /**
     * Role???????Box?????400?????.
     */
    @Test
    public final void Role???????Box?????400?????()
        {
            String testBox = "testBox01";
            String testRole = "testRole01";
            try {
                // Box??
                BoxUtils.create(TEST_CELL1, testBox, TOKEN);

                // Box?????Role??
                createRole(TEST_CELL1, TOKEN, testRole, HttpStatus.SC_CREATED);

                // Box?Role?ACL
                DavResourceUtils.setACLwithBox(TEST_CELL1, TOKEN, HttpStatus.SC_BAD_REQUEST, testBox, "",
                        ACL_SETTING_TEST, testRole, testBox, "<D:read/>", "");
            } finally {
                // Role?
                RoleUtils.delete(TEST_CELL1, TOKEN, testRole, null);

                // Box1?
                BoxUtils.delete(TEST_CELL1, TOKEN, testBox);
            }
        }

    /**
     * principal??????400?????.
     */
    @Test
    public final void principal??? ???400?????()
        {
            String body = "<D:acl xmlns:D='DAV:' xml:base='" + UrlUtils.roleResource(TEST_CELL1, null, Setup.TEST_BOX1)
                    + "'>" + "<D:ace>" + "<D:principal>" + "<D:test/>" + "</D:principal>" + "<D:grant>"
                    + "<D:privilege>" + "<D:all/>" + "</D:privilege>" + "</D:grant>" + "</D:ace>" + "</D:acl>";
            TResponse res = Http.request("box/acl-setting-none-body.txt").with("cell", TEST_CELL1)
                    .with("box", Setup.TEST_BOX1).with("colname", Setup.TEST_ODATA)
                    .with("token", AbstractCase.MASTER_TOKEN_NAME).with("body", body).returns()
                    .statusCode(HttpStatus.SC_BAD_REQUEST);
            res.checkErrorResponse(PersoniumCoreException.Dav.XML_VALIDATE_ERROR.getCode(),
                    PersoniumCoreException.Dav.XML_VALIDATE_ERROR.getMessage());
        }

    /**
     * ????Account??Role?????????????Role???????????_403?????.
     * ??#34823???????Role?????500???
     */
    @Test
    public final void ????Account??Role???????? ?????Role???????????_403?????()
        {
            String cellName = "cellAclTest";
            String boxName = "boxAclTest";
            String colName = "colAclTest";
            String account = "accountAclTest";
            String role1 = "roleAclTest1";
            String role2 = "roleAclTest2";
            try {
                // ?????Box?Collection?ACL???Role?????ACL??<acl><ace/></acl>????ace???
                CellUtils.create(cellName, AbstractCase.MASTER_TOKEN_NAME, -1);
                BoxUtils.create(cellName, boxName, AbstractCase.MASTER_TOKEN_NAME, -1);
                DavResourceUtils.createODataCollection(AbstractCase.MASTER_TOKEN_NAME, -1, cellName, boxName, colName);
                AccountUtils.create(AbstractCase.MASTER_TOKEN_NAME, cellName, account, "password", -1);
                RoleUtils.create(cellName, AbstractCase.MASTER_TOKEN_NAME, role1, boxName, -1);
                AccountUtils.createLinkWithRole(AbstractCase.MASTER_TOKEN_NAME, cellName, boxName, account, role1, -1);

                // Box?ACL
                Http.request("box/acl-setting-single.txt").with("cell", cellName).with("box", boxName)
                        .with("token", AbstractCase.MASTER_TOKEN_NAME).with("role1", role1)
                        .with("roleBaseUrl", UrlUtils.roleResource(cellName, boxName, role1)).returns().statusCode(-1);

                // Collection?ACL
                Http.request("box/acl-setting-single.txt").with("cell", cellName).with("box", boxName + "/" + colName)
                        .with("token", AbstractCase.MASTER_TOKEN_NAME).with("role1", role1)
                        .with("roleBaseUrl", UrlUtils.roleResource(cellName, boxName, role1)).returns().statusCode(-1);

                // ?Role????????
                JSONObject json = ResourceUtils.getLocalTokenByPassAuth(cellName, account, "password", -1);
                String accessToken = json.get("access_token").toString();

                // ACL???Role?
                AccountUtils.deleteLinksWithRole(cellName, boxName, AbstractCase.MASTER_TOKEN_NAME, account, role1, -1);
                RoleUtils.delete(cellName, AbstractCase.MASTER_TOKEN_NAME, role1, boxName);

                // ??Role??????????ace??????????ACL??????Role??
                RoleUtils.create(cellName, AbstractCase.MASTER_TOKEN_NAME, role2, boxName, -1);
                AccountUtils.createLinkWithRole(AbstractCase.MASTER_TOKEN_NAME, cellName, boxName, account, role2, -1);

                // ????
                // Box????(403?????)
                DavResourceUtils.createODataCollection(accessToken, HttpStatus.SC_FORBIDDEN, cellName, boxName,
                        "dummycol");
                // Collection????(403?????)
                EntityTypeUtils.create(cellName, accessToken, boxName, colName, "dummyEntityType",
                        HttpStatus.SC_FORBIDDEN);
            } finally {
                CellUtils.bulkDeletion(AbstractCase.BEARER_MASTER_TOKEN, cellName);
            }
        }

    /**
     * ACL.
     * @param cell ??
     * @param token 
     * @param code ??
     * @param path ??
     * @param settingFile ACL
     * @param role ACL??PrincipalRole
     * @param privilege1 ACL???1
     * @param privilege2 ACL???2
     * @param level ?level
     * @return ?
     */
    private static TResponse setAclAllandRole(String cell, String token, int code, String path,
            String settingFile, String role, String privilege1, String privilege2, String level) {
        TResponse tresponseWebDav = null;
        // ACL?
        tresponseWebDav = Http.request(settingFile)
                .with("cellPath", cell)
                .with("colname", path)
                .with("token", token)
                .with("role", role)
                .with("privilege1", privilege1)
                .with("privilege2", privilege2)
                .with("roleBaseUrl", UrlUtils.roleResource(cell, null, ""))
                .with("level", level)
                .returns()
                .statusCode(code);
        return tresponseWebDav;
    }

        /**
         * Role??.
         * @param cellName ??
         * @param token 
         * @param roleName ??
         * @param code ?
         */
        @SuppressWarnings("unchecked")
        public static void createRole(final String cellName, final String token, final String roleName,
                final int code) {
            JSONObject body = new JSONObject();
            body.put("Name", roleName);

            TResponse res = Http.request("role-create.txt").with("token", token).with("cellPath", cellName)
                    .with("body", body.toString()).returns();

            assertEquals(code, res.getStatusCode());

        }

    }