testapp.test.CSMAuthTest.java Source code

Java tutorial

Introduction

Here is the source code for testapp.test.CSMAuthTest.java

Source

/*
 * Copyright Northwestern University and SemanticBits, LLC
 * 
 * Distributed under the OSI-approved BSD 3-Clause License.
 * See http://ncip.github.com/ctms-commons/LICENSE.txt for details.
 */
package testapp.test;

import gov.nih.nci.cabig.ctms.acegi.csm.AbstractCSMTestCase;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Properties;

import junit.framework.Test;
import junit.framework.TestSuite;

import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.TestingAuthenticationToken;
import org.dbunit.DBTestCase;
import org.dbunit.PropertiesBasedJdbcDatabaseTester;
import org.dbunit.dataset.IDataSet;
import org.dbunit.dataset.xml.FlatXmlDataSet;
import org.dbunit.operation.DatabaseOperation;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.cfg.Configuration;
import org.hibernate.tool.hbm2ddl.SchemaExport;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.orm.hibernate3.HibernateTransactionManager;
import org.springframework.orm.hibernate3.LocalSessionFactoryBean;
import org.springframework.orm.hibernate3.SessionFactoryUtils;

import testapp.bean.Person;
import testapp.dao.PersonDao;

public class CSMAuthTest extends AbstractCSMTestCase {

    public CSMAuthTest() {
        super();
    }

    public CSMAuthTest(String name) {
        super(name);
    }

    public static void main(String[] args) {
        junit.textui.TestRunner.run(suite());
    }

    public static Test suite() {
        TestSuite suite = new TestSuite();
        suite.addTest(new CSMAuthTest("testDomainObjectSecurity"));
        return suite;
    }

    public String[] getConfigFileLocations() {
        return new String[] { "applicationContext*-test.xml" };
    }

    public void setUp() throws Exception {
        super.setUp();

        ApplicationContext appCtx = getApplicationContext();
        HibernateTransactionManager txMgr = (HibernateTransactionManager) appCtx.getBean("transactionManager");
        Session session = SessionFactoryUtils.getSession(txMgr.getSessionFactory(), true);
        if (session != null) {
            session.clear();
        }
        LocalSessionFactoryBean sessionFactoryBean = (LocalSessionFactoryBean) appCtx.getBean("&sessionFactory");
        sessionFactoryBean.createDatabaseSchema();

    }

    public void testDomainObjectSecurity() {
        try {

            ApplicationContext applicationContext = getApplicationContext();

            PersonDao dao = (PersonDao) applicationContext.getBean("personDao");

            switchUser("user2", new String[] { "ROLE_normal_user" });
            Person p = new Person();
            p.setName("user2_one");
            Long user2person1Id = null;
            try {
                user2person1Id = dao.save(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented save operation (1)");
            }

            p = dao.findById(user2person1Id);
            p.setName("user2_one_updated");
            try {
                dao.update(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented udpate operation (1)");
            }

            switchUser("user1", new String[] { "ROLE_admin_user" });
            p = new Person();
            p.setName("user1_one");
            Long user1person1Id = null;
            try {
                user1person1Id = dao.save(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented save operation (2)");
            }

            p = dao.findById(user1person1Id);
            p.setName("user1_one_updated");
            try {
                dao.update(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented udpate operation (2)");
            }

            p = dao.findById(user2person1Id);
            p.setName("user2_one_updated_again");
            try {
                dao.update(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented udpate operation (3)");
            }

            switchUser("user2", new String[] { "ROLE_normal_user" });
            p = dao.findById(user1person1Id);
            p.setName("user1_one_updated_again");
            try {
                dao.update(p);
                fail("Should have prevented udpate operation (1)");
            } catch (Exception ex) {
                assertTrue(true);
            }

            switchUser("user3", new String[] { "ROLE_restricted_user" });
            p = new Person();
            p.setName("user3_one");
            Long user3person1Id = null;
            try {
                user3person1Id = dao.save(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented save operation (4)");
            }

            p = dao.findById(user3person1Id);
            p.setName("user3_one_updated");
            try {
                dao.update(p);
            } catch (Exception ex) {
                ex.printStackTrace();
                fail("Should not have prevented udpate operation (5)");
            }
            p = dao.findById(user2person1Id);
            assertNull("Should not have retrieved person (1)", p);

        } catch (Exception ex) {
            ex.printStackTrace();
            fail("Error testing domain object authorization: " + ex.getMessage());
        }
    }

    private void switchUser(String userName, String[] roles) {
        GrantedAuthority[] authorities = new GrantedAuthority[roles.length];
        for (int i = 0; i < roles.length; i++) {
            authorities[i] = new GrantedAuthorityImpl(roles[i]);
        }
        Authentication auth = new TestingAuthenticationToken(userName, "ignored", authorities);
        auth.setAuthenticated(true);
        SecurityContextHolder.getContext().setAuthentication(auth);
    }

}