Java tutorial
/* * This program is free software; you can redistribute it and/or modify it under the * terms of the GNU General Public License, version 2 as published by the Free Software * Foundation. * * You should have received a copy of the GNU General Public License along with this * program; if not, you can obtain a copy at http://www.gnu.org/licenses/gpl-2.0.html * or from the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * * * Copyright 2006 - 2016 Pentaho Corporation. All rights reserved. */ package org.pentaho.platform.plugin.services.metadata; import static junit.framework.Assert.assertTrue; import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.Workspace; import javax.jcr.security.AccessControlException; import org.apache.commons.io.FileUtils; import org.apache.jackrabbit.api.JackrabbitWorkspace; import org.apache.jackrabbit.api.security.authorization.PrivilegeManager; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.pentaho.platform.api.engine.IAuthorizationPolicy; import org.pentaho.platform.api.engine.IConfiguration; import org.pentaho.platform.api.engine.IPentahoDefinableObjectFactory.Scope; import org.pentaho.platform.api.engine.IPentahoSession; import org.pentaho.platform.api.engine.IPluginManager; import org.pentaho.platform.api.engine.IUserRoleListService; import org.pentaho.platform.api.engine.security.userroledao.IPentahoRole; import org.pentaho.platform.api.engine.security.userroledao.IPentahoUser; import org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao; import org.pentaho.platform.api.mt.ITenant; import org.pentaho.platform.api.mt.ITenantManager; import org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver; import org.pentaho.platform.api.repository2.unified.IBackingRepositoryLifecycleManager; import org.pentaho.platform.api.repository2.unified.IUnifiedRepository; import org.pentaho.platform.api.repository2.unified.RepositoryFile; import org.pentaho.platform.config.SystemConfig; import org.pentaho.platform.core.mt.Tenant; import org.pentaho.platform.engine.core.system.PentahoSessionHolder; import org.pentaho.platform.engine.core.system.StandaloneSession; import org.pentaho.platform.engine.core.system.boot.PlatformInitializationException; import org.pentaho.platform.plugin.services.pluginmgr.DefaultPluginManager; import org.pentaho.platform.repository2.ClientRepositoryPaths; import org.pentaho.platform.repository2.unified.IRepositoryFileDao; import org.pentaho.platform.repository2.unified.ServerRepositoryPaths; import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryDumpToFile; import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryDumpToFile.Mode; import org.pentaho.platform.repository2.unified.jcr.PentahoJcrConstants; import org.pentaho.platform.repository2.unified.jcr.RepositoryFileProxyFactory; import org.pentaho.platform.repository2.unified.jcr.SimpleJcrTestUtils; import org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.TestPrincipalProvider; import org.pentaho.platform.repository2.unified.jcr.sejcr.CredentialsStrategy; import org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao; import org.pentaho.platform.security.userroledao.service.UserRoleDaoUserDetailsService; import org.pentaho.platform.security.userroledao.service.UserRoleDaoUserRoleListService; import org.pentaho.test.platform.engine.core.MicroPlatform; import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; import org.springframework.extensions.jcr.JcrCallback; import org.springframework.extensions.jcr.JcrTemplate; import org.springframework.extensions.jcr.SessionFactory; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.transaction.support.TransactionTemplate; /** * Class Description User: dkincade */ @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "classpath:/repository.spring.xml", "classpath:/repository-test-override.spring.xml" }) @SuppressWarnings("nls") public class MetadataRepositoryLifecycleManagerIT implements ApplicationContextAware { public static final String REPOSITORY_ADMIN_USERNAME = "pentahoRepoAdmin"; public static final String SINGLE_TENANT_AUTHENTICATED_AUTHORITY_NAME = "Authenticated"; private static final String TEST_TENANT_ID = "Pentaho"; private static final String TEST_USER_ID = "admin"; private static MicroPlatform mp = new MicroPlatform(); public static final String MAIN_TENANT_1 = "maintenant1"; private IUnifiedRepository repo; private IUserRoleListService userRoleListService; private boolean startupCalled; private String repositoryAdminUsername; private String adminAuthorityName; private String tenantAuthenticatedAuthorityName; private JcrTemplate testJcrTemplate; private IBackingRepositoryLifecycleManager manager; private IAuthorizationPolicy authorizationPolicy; private IBackingRepositoryLifecycleManager metadataRepositoryLifecycleManager; IUserRoleDao userRoleDao; private ITenantManager tenantManager; private String sysAdminAuthorityName; private String sysAdminUserName; private String superAdminRoleName; private IRepositoryFileDao repositoryFileDao; private Repository repository = null; private ITenant systemTenant = null; private ITenant testTenant; private ITenantedPrincipleNameResolver tenantedRoleNameUtils; private ITenantedPrincipleNameResolver tenantedUserNameUtils; private IRoleAuthorizationPolicyRoleBindingDao roleBindingDaoTarget; private static TransactionTemplate jcrTransactionTemplate; private JcrTemplate jcrTemplate; public static final String SYSTEM_PROPERTY = "spring.security.strategy"; @BeforeClass public static void beforeClass() throws Exception { System.setProperty(SYSTEM_PROPERTY, "MODE_GLOBAL"); PentahoSessionHolder.setStrategyName(PentahoSessionHolder.MODE_GLOBAL); FileUtils.deleteDirectory(new File("/tmp/jackrabbit-test-TRUNK")); SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL); } @AfterClass public static void afterClass() { PentahoSessionHolder.setStrategyName(PentahoSessionHolder.MODE_INHERITABLETHREADLOCAL); } @Before public void beforeTest() throws PlatformInitializationException { System.setProperty(SYSTEM_PROPERTY, "MODE_INHERITABLETHREADLOCAL"); mp = new MicroPlatform(); mp.defineInstance("tenantedUserNameUtils", tenantedUserNameUtils); mp.define(IPluginManager.class, DefaultPluginManager.class, Scope.GLOBAL); mp.defineInstance(IAuthorizationPolicy.class, authorizationPolicy); mp.defineInstance(ITenantManager.class, tenantManager); mp.define(ITenant.class, Tenant.class); mp.defineInstance("roleAuthorizationPolicyRoleBindingDaoTarget", roleBindingDaoTarget); mp.defineInstance(IRoleAuthorizationPolicyRoleBindingDao.class, roleBindingDaoTarget); mp.defineInstance("tenantedUserNameUtils", tenantedUserNameUtils); mp.defineInstance("tenantedRoleNameUtils", tenantedRoleNameUtils); mp.defineInstance("repositoryAdminUsername", repositoryAdminUsername); mp.define(IConfiguration.class, SystemConfig.class); mp.defineInstance("RepositoryFileProxyFactory", new RepositoryFileProxyFactory(this.jcrTemplate, this.repositoryFileDao)); mp.defineInstance("useMultiByteEncoding", new Boolean(false)); UserRoleDaoUserDetailsService userDetailsService = new UserRoleDaoUserDetailsService(); userDetailsService.setUserRoleDao(userRoleDao); List<String> systemRoles = new ArrayList<String>(); systemRoles.add("Administrator"); List<String> extraRoles = Arrays.asList(new String[] { "Authenticated", "Anonymous" }); String adminRole = "Admin"; userRoleListService = new UserRoleDaoUserRoleListService(userRoleDao, userDetailsService, tenantedUserNameUtils, systemRoles, extraRoles, adminRole); ((UserRoleDaoUserRoleListService) userRoleListService).setUserRoleDao(userRoleDao); ((UserRoleDaoUserRoleListService) userRoleListService).setUserDetailsService(userDetailsService); mp.defineInstance(IUserRoleListService.class, userRoleListService); mp.start(); loginAsRepositoryAdmin(); setAclManagement(); logout(); startupCalled = true; } @After public void afterTest() throws Exception { // null out fields to get back memory loginAsRepositoryAdmin(); SimpleJcrTestUtils.deleteItem(testJcrTemplate, ServerRepositoryPaths.getPentahoRootFolderPath()); logout(); repositoryAdminUsername = null; adminAuthorityName = null; tenantAuthenticatedAuthorityName = null; authorizationPolicy = null; testJcrTemplate = null; if (startupCalled) { manager.shutdown(); } // null out fields to get back memory repo = null; } private void cleanupUserAndRoles(final ITenant tenant) { loginAsRepositoryAdmin(); for (IPentahoRole role : userRoleDao.getRoles(tenant)) { try { userRoleDao.deleteRole(role); } catch (Exception e) { // System role deletion will throw Exception } } for (IPentahoUser user : userRoleDao.getUsers(tenant)) { userRoleDao.deleteUser(user); } } @Test public void testDoNewTenant() throws Exception { loginAsRepositoryAdmin(); ITenant systemTenant = tenantManager.createTenant(null, ServerRepositoryPaths.getPentahoRootFolderName(), adminAuthorityName, tenantAuthenticatedAuthorityName, "Anonymous"); userRoleDao.createUser(systemTenant, sysAdminUserName, "password", "", new String[] { adminAuthorityName }); ITenant mainTenant_1 = tenantManager.createTenant(systemTenant, MAIN_TENANT_1, adminAuthorityName, tenantAuthenticatedAuthorityName, "Anonymous"); userRoleDao.createUser(mainTenant_1, "admin", "password", "", new String[] { adminAuthorityName, tenantAuthenticatedAuthorityName }); login("admin", mainTenant_1, new String[] { adminAuthorityName, tenantAuthenticatedAuthorityName }); JcrRepositoryDumpToFile dumpToFile = new JcrRepositoryDumpToFile(testJcrTemplate, jcrTransactionTemplate, repositoryAdminUsername, "c:/build/testrepo_3", Mode.CUSTOM); dumpToFile.execute(); metadataRepositoryLifecycleManager.newTenant(mainTenant_1); String metadataPath = ClientRepositoryPaths.getEtcFolderPath() + "/metadata"; RepositoryFile metadataRepositoryPath = repo.getFile(metadataPath); assertTrue(metadataRepositoryPath.getPath() != null); // Nothing should change if we run it again metadataRepositoryLifecycleManager.newTenant(mainTenant_1); metadataPath = ClientRepositoryPaths.getEtcFolderPath() + "/metadata"; metadataRepositoryPath = repo.getFile(metadataPath); assertTrue(metadataRepositoryPath.getPath() != null); cleanupUserAndRoles(mainTenant_1); cleanupUserAndRoles(systemTenant); } @Test public void testDoNewUser() throws Exception { // Nothing to test metadataRepositoryLifecycleManager.newUser(null, null); } @Test public void testDoShutdown() throws Exception { // Nothing to test metadataRepositoryLifecycleManager.shutdown(); } @Test public void testDoStartup() throws Exception { // Nothing to test loginAsRepositoryAdmin(); metadataRepositoryLifecycleManager.startup(); } @Override public void setApplicationContext(final ApplicationContext applicationContext) throws BeansException { manager = (IBackingRepositoryLifecycleManager) applicationContext .getBean("backingRepositoryLifecycleManager"); SessionFactory jcrSessionFactory = (SessionFactory) applicationContext.getBean("jcrSessionFactory"); testJcrTemplate = new JcrTemplate(jcrSessionFactory); testJcrTemplate.setAllowCreate(true); testJcrTemplate.setExposeNativeSession(true); repositoryAdminUsername = (String) applicationContext.getBean("repositoryAdminUsername"); tenantAuthenticatedAuthorityName = (String) applicationContext .getBean("singleTenantAuthenticatedAuthorityName"); adminAuthorityName = (String) applicationContext.getBean("singleTenantAdminAuthorityName"); sysAdminAuthorityName = (String) applicationContext.getBean("superAdminAuthorityName"); sysAdminUserName = (String) applicationContext.getBean("superAdminUserName"); superAdminRoleName = (String) applicationContext.getBean("superAdminAuthorityName"); authorizationPolicy = (IAuthorizationPolicy) applicationContext.getBean("authorizationPolicy"); roleBindingDaoTarget = (IRoleAuthorizationPolicyRoleBindingDao) applicationContext .getBean("roleAuthorizationPolicyRoleBindingDaoTarget"); tenantManager = (ITenantManager) applicationContext.getBean("tenantMgrTxn"); repositoryFileDao = (IRepositoryFileDao) applicationContext.getBean("repositoryFileDao"); userRoleDao = (IUserRoleDao) applicationContext.getBean("userRoleDao"); tenantedUserNameUtils = (ITenantedPrincipleNameResolver) applicationContext .getBean("tenantedUserNameUtils"); tenantedRoleNameUtils = (ITenantedPrincipleNameResolver) applicationContext .getBean("tenantedRoleNameUtils"); metadataRepositoryLifecycleManager = (IBackingRepositoryLifecycleManager) applicationContext .getBean("metadataRepositoryLifecycleManager"); jcrTransactionTemplate = (TransactionTemplate) applicationContext.getBean("jcrTransactionTemplate"); repo = (IUnifiedRepository) applicationContext.getBean("unifiedRepository"); TestPrincipalProvider.userRoleDao = userRoleDao; TestPrincipalProvider.adminCredentialsStrategy = (CredentialsStrategy) applicationContext .getBean("jcrAdminCredentialsStrategy"); TestPrincipalProvider.repository = (Repository) applicationContext.getBean("jcrRepository"); jcrTemplate = (JcrTemplate) applicationContext.getBean("jcrTemplate"); } protected void loginAsRepositoryAdmin() { StandaloneSession pentahoSession = new StandaloneSession(repositoryAdminUsername); pentahoSession.setAuthenticated(repositoryAdminUsername); final Collection<? extends GrantedAuthority> repositoryAdminAuthorities = Arrays .asList(new GrantedAuthority[] { new SimpleGrantedAuthority(superAdminRoleName) }); final String password = "ignored"; UserDetails repositoryAdminUserDetails = new User(repositoryAdminUsername, password, true, true, true, true, repositoryAdminAuthorities); Authentication repositoryAdminAuthentication = new UsernamePasswordAuthenticationToken( repositoryAdminUserDetails, password, repositoryAdminAuthorities); PentahoSessionHolder.setSession(pentahoSession); // this line necessary for Spring Security's MethodSecurityInterceptor SecurityContextHolder.getContext().setAuthentication(repositoryAdminAuthentication); } protected void logout() { PentahoSessionHolder.removeSession(); SecurityContextHolder.getContext().setAuthentication(null); } protected void login(final String username, final ITenant tenant) { login(username, tenant, false); } /** * Logs in with given username. * * @param username username of user * @param tenant tenant to which this user belongs * @tenantAdmin true to add the tenant admin authority to the user's roles */ protected void login(final String username, final ITenant tenant, String[] roles) { StandaloneSession pentahoSession = new StandaloneSession(username); pentahoSession.setAuthenticated(tenant.getId(), username); PentahoSessionHolder.setSession(pentahoSession); pentahoSession.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId()); final String password = "password"; List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(); for (String roleName : roles) { authList.add(new SimpleGrantedAuthority(roleName)); } UserDetails userDetails = new User(username, password, true, true, true, true, authList); Authentication auth = new UsernamePasswordAuthenticationToken(userDetails, password, authList); PentahoSessionHolder.setSession(pentahoSession); // this line necessary for Spring Security's MethodSecurityInterceptor SecurityContextHolder.getContext().setAuthentication(auth); } /** * Logs in with given username. * * @param username username of user * @param tenant tenant to which this user belongs * @tenantAdmin true to add the tenant admin authority to the user's roles */ protected void login(final String username, final ITenant tenant, final boolean tenantAdmin) { StandaloneSession pentahoSession = new StandaloneSession(username); pentahoSession.setAuthenticated(username); pentahoSession.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId()); final String password = "password"; List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(); authList.add(new SimpleGrantedAuthority(tenantAuthenticatedAuthorityName)); if (tenantAdmin) { authList.add(new SimpleGrantedAuthority(adminAuthorityName)); } UserDetails userDetails = new User(username, password, true, true, true, true, authList); Authentication auth = new UsernamePasswordAuthenticationToken(userDetails, password, authList); PentahoSessionHolder.setSession(pentahoSession); // this line necessary for Spring Security's MethodSecurityInterceptor SecurityContextHolder.getContext().setAuthentication(auth); } private void setAclManagement() { testJcrTemplate.execute(new JcrCallback() { @Override public Object doInJcr(Session session) throws IOException, RepositoryException { PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session); Workspace workspace = session.getWorkspace(); PrivilegeManager privilegeManager = ((JackrabbitWorkspace) workspace).getPrivilegeManager(); try { privilegeManager.getPrivilege(pentahoJcrConstants.getPHO_ACLMANAGEMENT_PRIVILEGE()); } catch (AccessControlException ace) { privilegeManager.registerPrivilege(pentahoJcrConstants.getPHO_ACLMANAGEMENT_PRIVILEGE(), false, new String[0]); } session.save(); return null; } }); } }