|
TestSecurity |
|
1 /* 2 * TestSecurity.java 3 * 4 * Copyright (c) 1998-2001, The University of Sheffield. 5 * 6 * This file is part of GATE (see http://gate.ac.uk/), and is free 7 * software, licenced under the GNU Library General Public License, 8 * Version 2, June 1991 (in the distribution as file licence.html, 9 * and also available at http://gate.ac.uk/gate/licence.html). 10 * 11 * Kalina Bontcheva, 01/Oct/01 12 * 13 * $Id: TestSecurity.java,v 1.23 2001/11/12 21:37:45 marin Exp $ 14 */ 15 16 package gate.security; 17 18 import java.util.*; 19 import java.io.*; 20 import java.net.*; 21 import java.beans.*; 22 import java.lang.reflect.*; 23 import junit.framework.*; 24 25 import gate.*; 26 import gate.util.*; 27 import gate.corpora.*; 28 import gate.security.*; 29 30 /** Persistence test class 31 */ 32 public class TestSecurity extends TestCase 33 { 34 /** Debug flag */ 35 private static final boolean DEBUG = false; 36 private static final int ADMIN_GROUP_ID = 0; 37 private static final int ADMIN_USER_ID = 0; 38 39 private static final int SUAHILI_GROUP_ID = 101; 40 private static final int ENGLISH_GROUP_ID = 101; 41 42 43 /** JDBC URL */ 44 private static final String JDBC_URL = 45 // "jdbc:oracle:thin:GATEUSER/gate@192.168.128.7:1521:GATE04"; 46 //"jdbc:oracle:thin:GATEUSER/gate@192.168.128.207:1521:GATE03"; 47 // "jdbc:oracle:thin:GATEUSER/gate@onto-text:1521:GATE05"; 48 "jdbc:oracle:thin:GATEUSER/gate2@grindleford:1521:gatedb2"; 49 50 private boolean exceptionThrown = false; 51 52 /** Construction */ 53 public TestSecurity(String name) throws GateException { super(name); } 54 55 /** Fixture set up */ 56 public void setUp() throws Exception { 57 } // setUp 58 59 /** Put things back as they should be after running tests 60 * (reinitialise the CREOLE register). 61 */ 62 public void tearDown() throws Exception { 63 } // tearDown 64 65 66 public void testSecurityTables() throws Exception { 67 // AccessController ac = new AccessControllerImpl(JDBC_URL); 68 AccessController ac = Factory.createAccessController(JDBC_URL); 69 ac.open(); 70 71 User myUser = ac.findUser("kalina"); 72 Assert.assertNotNull(myUser); 73 Assert.assertEquals(myUser.getName(), "kalina"); 74 75 List myGroups = myUser.getGroups(); 76 77 Assert.assertNotNull(myGroups); 78 for (int i = 0; i< myGroups.size(); i++) { 79 Group myGroup = //ac.findGroup((Long) myGroups.get(i)); 80 (Group)myGroups.get(i); 81 if (i == 0) 82 Assert.assertEquals(myGroup.getName(), "English Language Group"); 83 else if (i == 1) 84 Assert.assertEquals(myGroup.getName(), "Suahili Group"); 85 //now it is allowed for the test user to be a member of more than these 86 //two groups, as it was creating a problem 87 }//for 88 89 Session mySession = ac.login("kalina", "sesame", 90 ac.findGroup("English Language Group").getID()); 91 Assert.assertNotNull(mySession); 92 // Assert.assertTrue(ac.isValidSession(mySession)); 93 94 } // testSecurityTables 95 96 97 98 public void testUserGroupManipulation() throws Exception { 99 100 //1. open security factory 101 AccessController ac = Factory.createAccessController(JDBC_URL); 102 ac.open(); 103 104 //1.1 list groups and users 105 List groups = ac.listGroups(); 106 Assert.assertNotNull(groups); 107 108 if(DEBUG) 109 Err.prln("+++ found ["+groups.size()+"] groups..."); 110 111 List users = ac.listUsers(); 112 Assert.assertNotNull(users); 113 if(DEBUG) 114 Err.prln("+++ found ["+users.size()+"] users..."); 115 116 //2. log into the securoty factory 117 Session adminSession = ac.login("ADMIN", "sesame",new Long(ADMIN_GROUP_ID)); 118 //check session 119 Assert.assertNotNull(adminSession); 120 //is session valid? 121 Assert.assertTrue(true == ac.isValidSession(adminSession)); 122 //assert session is privieged 123 Assert.assertTrue(adminSession.isPrivilegedSession()); 124 125 //3. create a new user and group 126 User myUser; 127 try { 128 myUser = ac.createUser("myUser", "myPassword",adminSession); 129 } catch (gate.security.SecurityException ex) { 130 //user kalina hasn't got enough priviliges, so login as admin 131 adminSession = ac.login("ADMIN", "sesame", ac.findGroup("ADMINS").getID()); 132 //assert session is privieged 133 Assert.assertTrue(adminSession.isPrivilegedSession()); 134 135 myUser = ac.createUser("myUser", "myPassword",adminSession); 136 } 137 138 //is the user aded to the security factory? 139 Assert.assertNotNull(ac.findUser("myUser")); 140 //is the user in the security factory equal() to what we put there? 141 Assert.assertEquals(myUser,ac.findUser("myUser")); 142 //is the key correct? 143 Assert.assertEquals(myUser.getName(),ac.findUser("myUser").getName()); 144 145 146 147 Group myGroup = ac.createGroup("myGroup",adminSession); 148 //is the group aded to the security factory? 149 Assert.assertNotNull(ac.findGroup("myGroup")); 150 //is the group in the security factory equal() to what we put there? 151 Assert.assertEquals(myGroup,ac.findGroup("myGroup")); 152 //is the key correct? 153 Assert.assertEquals(myGroup.getName(), "myGroup"); 154 155 156 157 //4. add user to group 158 myGroup.addUser(myUser, adminSession); 159 //is the user added to the group? 160 Assert.assertTrue(myGroup.getUsers().contains(myUser)); 161 162 //4.1 does the user know he's member of the group now? 163 Assert.assertTrue(myUser.getGroups().contains(myGroup)); 164 165 //5. change group name 166 String oldName = myGroup.getName(); 167 myGroup.setName("my new group", adminSession); 168 //is the name changed? 169 Assert.assertEquals("my new group",myGroup.getName()); 170 //test objectModification propagation 171 //[does change of group name reflect change of keys in the collections 172 //of the security factory?] 173 Assert.assertNotNull(ac.findGroup("my new group")); 174 //check that there is nothing hashed 175 //with the old key 176 exceptionThrown = false; 177 try { ac.findGroup(oldName); } 178 catch(SecurityException sex) {exceptionThrown = true;} 179 Assert.assertTrue(exceptionThrown); 180 181 //5.5 change user name 182 oldName = myUser.getName(); 183 myUser.setName("my new user", adminSession); 184 //is the name changed? 185 Assert.assertEquals("my new user",myUser.getName()); 186 //test objectModification propagation 187 //[does change of user name reflect change of keys in the collections 188 //of the security factory?] 189 Assert.assertNotNull(ac.findUser("my new user")); 190 //check that there is nothing hashed 191 //with the old key 192 exceptionThrown = false; 193 try { ac.findUser(oldName); } 194 catch(SecurityException sex) {exceptionThrown = true;} 195 Assert.assertTrue(exceptionThrown); 196 197 //5.6. restore name 198 myUser.setName(oldName, adminSession); 199 200 //6. get users 201 List myUsers = myGroup.getUsers(); 202 Assert.assertNotNull(myUsers); 203 for (int i = 0; i< myUsers.size(); i++) { 204 //verify that there are no junk users 205 //i.e. evry user in the collection is known by the security factory 206 User myUser1 = ac.findUser(((User)myUsers.get(i)).getID()); 207 //verify that the user is aware he's nmember of the group 208 Assert.assertTrue(myUser1.getGroups().contains(myGroup)); 209 210 211 }//for 212 213 //7. change name again 214 myGroup.setName("my new group again", adminSession); 215 //is the name changed? 216 Assert.assertEquals("my new group again",myGroup.getName()); 217 218 //8. try to log the user in 219 Session mySession = ac.login("myUser", "myPassword", 220 ac.findGroup("my new group again").getID()); 221 //check session 222 Assert.assertNotNull(mySession); 223 //is valid session? 224 Assert.assertTrue(true == ac.isValidSession(mySession)); 225 226 //9. logout 227 ac.logout(mySession); 228 //is session invalidated? 229 Assert.assertTrue(false == ac.isValidSession(mySession)); 230 231 //10. try to perform an operation with invalid session 232 exceptionThrown = false; 233 try { 234 myGroup.removeUser(myUser,mySession); 235 } 236 catch(SecurityException ex) { 237 exceptionThrown = true; 238 if(DEBUG) 239 Err.prln("++++ OK, got exception ["+ex.getMessage()+"]"); 240 } 241 Assert.assertTrue(true == exceptionThrown); 242 243 //10.1 login again 244 mySession = ac.login("myUser", "myPassword", 245 ac.findGroup("my new group again").getID()); 246 //check session 247 Assert.assertNotNull(mySession); 248 //is valid session? 249 Assert.assertTrue(true == ac.isValidSession(mySession)); 250 251 //11. try to delete group 252 ac.deleteGroup(myGroup, adminSession); 253 //is the group deleted? 254 exceptionThrown = false; 255 try { 256 ac.findGroup(myGroup.getName()); 257 } 258 catch(SecurityException se) { 259 260 if(DEBUG) 261 Err.prln("++ OK, got exception"); 262 263 exceptionThrown = true; 264 } 265 Assert.assertTrue(exceptionThrown); 266 267 //11.1 does the user know that he's no longer member of the group? 268 Assert.assertTrue(false == myUser.getGroups().contains(myGroup)); 269 270 //11.2 is the user's sesion invalidated? 271 Assert.assertTrue(false == ac.isValidSession(mySession)); 272 273 //11.3 add the user to new group 274 Group suahiliGrp = ac.findGroup(new Long(this.SUAHILI_GROUP_ID)); 275 Assert.assertNotNull(suahiliGrp); 276 suahiliGrp.addUser(myUser,adminSession); 277 //11.4 check if the group knows the user is now mmeber 278 Assert.assertTrue(suahiliGrp.getUsers().contains(myUser)); 279 //11.5 check if the user know he's member of the group 280 Assert.assertTrue(myUser.getGroups().contains(suahiliGrp)); 281 //11.6 login again [with the new group] 282 Session newSession = ac.login("myUser","myPassword",suahiliGrp.getID()); 283 //11.7 check session 284 Assert.assertTrue(ac.isValidSession(newSession)); 285 286 287 //12. check that the sessions are invalidated if the 288 //group/user in the session is deleted 289 290 //12.1 delete user 291 ac.deleteUser(myUser,adminSession); 292 //12.2 assert he's deleted from the Security Controller 293 exceptionThrown = false; 294 try { 295 ac.findUser(myUser.getName()); 296 } 297 catch(SecurityException se) { 298 299 if(DEBUG) 300 Err.prln("++ OK, got exception"); 301 302 exceptionThrown = true; 303 } 304 Assert.assertTrue(exceptionThrown); 305 //12.3 assert the group has deleted the user as member 306 Assert.assertTrue(false == suahiliGrp.getUsers().contains(myUser)); 307 //12.4 assert the session is invalidated 308 Assert.assertTrue(false == ac.isValidSession(newSession)); 309 310 //13. check objectModification events 311 312 //14. 313 314 } // testUserGroupManipulation 315 316 317 318 /** Test suite routine for the test runner */ 319 public static Test suite() { 320 return new TestSuite(TestSecurity.class); 321 } // suite 322 323 public static void main(String[] args){ 324 try{ 325 Gate.setLocalWebServer(false); 326 Gate.setNetConnected(false); 327 Gate.init(); 328 TestSecurity test = new TestSecurity(""); 329 330 test.setUp(); 331 test.testSecurityTables(); 332 test.tearDown(); 333 334 test.setUp(); 335 test.testUserGroupManipulation(); 336 test.tearDown(); 337 338 }catch(Exception e){ 339 e.printStackTrace(); 340 } 341 } 342 } // class TestPersist 343
|
TestSecurity |
|