LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

CCM NG: Annotations for authorization are now added to all repository and and manager beans in ccm-core 

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4166 8810af33-2d31-482b-a856-94f89814c4df
pull/2/head
jensp 2016-06-17 19:46:50 +00:00
parent 9f66872c80
commit 864094a5dd
39 changed files with 1484 additions and 574 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
View File

@ -23,13 +23,15 @@ package org.libreccm.categorization;
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public final class CategorizationConstants {
public static final String CAT_XML_NS = "http://categorization.libreccm.org";
public static final String MANAGE_CATEGORIES_PRIVILEGE = "manage_categories";
public static final String MANAGE_CATEGORY_PRIVILEGE = "manage_category";
public static final String MANAGE_CATEGORY_OBJECTS_PRIVILEGE
= "manage_category_objects";
public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains";
private CategorizationConstants() {
//Nothing
}
}

10
ccm-core/src/main/java/org/libreccm/categorization/Category.java
View File

@ -24,6 +24,7 @@ import org.hibernate.validator.constraints.NotBlank;
import org.libreccm.core.CcmObject;
import org.libreccm.core.DefaultEntityGraph;
import org.libreccm.l10n.LocalizedString;
import org.libreccm.security.InheritsPermissions;
import java.io.Serializable;
import java.util.ArrayList;
@ -90,7 +91,8 @@ import javax.validation.constraints.Pattern;
)
})
@DefaultEntityGraph("Category.withSubCategoriesAndObjects")
public class Category extends CcmObject implements Serializable {
public class Category extends CcmObject implements InheritsPermissions,
Serializable {
private static final long serialVersionUID = -7250208963391878547L;
@ -317,6 +319,12 @@ public class Category extends CcmObject implements Serializable {
public void setCategoryOrder(final long categoryOrder) {
this.categoryOrder = categoryOrder;
}
@Override
public CcmObject getParent() {
return getParentCategory();
}
@Override
public int hashCode() {

157
ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java
View File

@ -18,10 +18,15 @@
*/
package org.libreccm.categorization;
import static org.libreccm.categorization.CategorizationConstants.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.core.CcmObject;
import org.libreccm.core.CcmObjectRepository;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import org.libreccm.security.Shiro;
import java.util.ArrayList;
import java.util.List;
@ -57,6 +62,9 @@ public class CategoryManager {
@Inject
private EntityManager entityManager;
@Inject
private Shiro shiro;
/**
* Assigns an category to an object.
*
@ -74,9 +82,13 @@ public class CategoryManager {
* @param category The category to which the object should be assigned. Can
* never be {@code null}.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void addObjectToCategory(final CcmObject object,
final Category category) {
public void addObjectToCategory(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
final Category category) {
if (object == null) {
throw new IllegalArgumentException(
"Null can't be added to a category.");
@ -96,9 +108,15 @@ public class CategoryManager {
object.addCategory(categorization);
category.addObject(categorization);
entityManager.persist(categorization);
categoryRepo.save(category);
ccmObjectRepo.save(object);
// To saving a category requires the manage_category privilege which
// may has not been granted to a user which is allowed to assign objects
// to a category. Therefore we bypass the this authorisation check here
// by executing CategoryRepository#save(Category) as the system user.
shiro.getSystemUser().execute(() -> {
entityManager.persist(categorization);
categoryRepo.save(category);
ccmObjectRepo.save(object);
});
}
/**
@ -121,9 +139,12 @@ public class CategoryManager {
* object is <em>not</em>
* assigned to the provided category.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void removeObjectFromCategory(final CcmObject object,
final Category category)
public void removeObjectFromCategory(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
final Category category)
throws ObjectNotAssignedToCategoryException {
if (object == null) {
@ -154,23 +175,25 @@ public class CategoryManager {
return;
}
object.removeCategory(categorization);
category.removeObject(categorization);
entityManager.remove(categorization);
categoryRepo.save(category);
ccmObjectRepo.save(object);
shiro.getSystemUser().execute(() -> {
object.removeCategory(categorization);
category.removeObject(categorization);
entityManager.remove(categorization);
categoryRepo.save(category);
ccmObjectRepo.save(object);
final List<Categorization> categories = object.getCategories();
for (int i = 0; i < categories.size(); i++) {
categories.get(i).setCategoryOrder(i);
entityManager.merge(categories.get(i));
}
final List<Categorization> categories = object.getCategories();
for (int i = 0; i < categories.size(); i++) {
categories.get(i).setCategoryOrder(i);
entityManager.merge(categories.get(i));
}
final List<Categorization> objects = category.getObjects();
for (int i = 0; i < objects.size(); i++) {
objects.get(i).setObjectOrder(i);
entityManager.merge(objects.get(i));
}
final List<Categorization> objects = category.getObjects();
for (int i = 0; i < objects.size(); i++) {
objects.get(i).setObjectOrder(i);
entityManager.merge(objects.get(i));
}
});
}
/**
@ -187,9 +210,12 @@ public class CategoryManager {
* object is not assigned to
* the provided category.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void increaseObjectOrder(final CcmObject object,
final Category category)
public void increaseObjectOrder(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
final Category category)
throws ObjectNotAssignedToCategoryException {
if (object == null) {
@ -241,7 +267,7 @@ public class CategoryManager {
categorization.setObjectOrder(nextOrder);
nextCategorization.setObjectOrder(order);
categoryRepo.save(category);
shiro.getSystemUser().execute(() -> categoryRepo.save(category));
}
/**
@ -258,9 +284,12 @@ public class CategoryManager {
* object is not assigned to
* the provided category.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void decreaseObjectOrder(final CcmObject object,
final Category category)
public void decreaseObjectOrder(
final CcmObject object,
@RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
final Category category)
throws ObjectNotAssignedToCategoryException {
if (object == null) {
@ -312,7 +341,7 @@ public class CategoryManager {
categorization.setObjectOrder(prevOrder);
prevCategorization.setObjectOrder(order);
categoryRepo.save(category);
shiro.getSystemUser().execute(() -> categoryRepo.save(category));
}
/**
@ -346,9 +375,13 @@ public class CategoryManager {
* @param parentCategory The category to which the category is added as
* subcategory. Can't be {@code null}.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void addSubCategoryToCategory(final Category subCategory,
final Category parentCategory) {
public void addSubCategoryToCategory(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
final Category parentCategory) {
final Category sub = categoryRepo.findById(subCategory.getObjectId());
final Category parent = categoryRepo.findById(parentCategory
.getObjectId());
@ -363,8 +396,10 @@ public class CategoryManager {
sub.setParentCategory(parent);
sub.setCategoryOrder(order);
categoryRepo.save(parent);
categoryRepo.save(sub);
shiro.getSystemUser().execute(() -> {
categoryRepo.save(parent);
categoryRepo.save(sub);
});
}
/**
@ -380,9 +415,12 @@ public class CategoryManager {
* assigned to the provided parent
* category.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void removeSubCategoryFromCategory(final Category subCategory,
final Category parentCategory) {
public void removeSubCategoryFromCategory(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
final Category parentCategory) {
if (subCategory.getParentCategory() == null
|| !subCategory.getParentCategory().equals(parentCategory)) {
@ -401,8 +439,10 @@ public class CategoryManager {
categoryRepo.save(subCategories.get(i));
}
categoryRepo.save(parentCategory);
categoryRepo.save(subCategory);
shiro.getSystemUser().execute(() -> {
categoryRepo.save(parentCategory);
categoryRepo.save(subCategory);
});
}
/**
@ -420,9 +460,12 @@ public class CategoryManager {
* subcategory of the provided parent
* category.
*/
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void increaseCategoryOrder(final Category subCategory,
final Category parentCategory) {
public void increaseCategoryOrder(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
final Category parentCategory) {
if (parentCategory == null) {
throw new IllegalArgumentException("parentCategory can't be null.");
@ -471,8 +514,10 @@ public class CategoryManager {
subCategory.setCategoryOrder(nextOrder);
nextCategory.setCategoryOrder(order);
categoryRepo.save(subCategory);
categoryRepo.save(nextCategory);
shiro.getSystemUser().execute(() -> {
categoryRepo.save(subCategory);
categoryRepo.save(nextCategory);
});
}
/**
@ -490,8 +535,12 @@ public class CategoryManager {
* subcategory of the provided parent
* category.
*/
public void decreaseCategoryOrder(final Category subCategory,
final Category parentCategory) {
@AuthorizationRequired
@Transactional(Transactional.TxType.REQUIRED)
public void decreaseCategoryOrder(
final Category subCategory,
@RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
final Category parentCategory) {
if (parentCategory == null) {
throw new IllegalArgumentException("parentCategory can't be null.");
@ -540,26 +589,10 @@ public class CategoryManager {
subCategory.setCategoryOrder(prevOrder);
prevCategory.setCategoryOrder(order);
categoryRepo.save(subCategory);
categoryRepo.save(prevCategory);
shiro.getSystemUser().execute(() -> {
categoryRepo.save(subCategory);
categoryRepo.save(prevCategory);
});
}
/**
* Swaps the values of the {@code order} properties of two categories.
*
* @param subCategoryA The first category. Can't be {@code null}.
* @param subCategoryB The second category. Can't be {@code null}.
* @param parentCategory The parent category of both subcategories. Can't be
* {@code null}.
*
* @throws IllegalArgumentException If one or both categories are not
* subcategories of the provided parent
* category.qq
*/
// public void swapCategories(final Category subCategoryA,
// final Category subCategoryB,
// final Category parentCategory) {
// // TODO implement method
// throw new UnsupportedOperationException();
// }
}

11
ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
View File

@ -168,15 +168,20 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(
@RequiresPrivilege("manage_categories") final Category category) {
@RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
final Category category) {
super.save(category);
}
@AuthorizationRequired
@RequiresPrivilege("manage_categories")
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Category category) {
public void delete(
@RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
final Category category) {
super.save(category);
}

8
ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java
View File

@ -27,8 +27,11 @@ import javax.transaction.Transactional;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.util.Strings;
import org.libreccm.core.CoreConstants;
import org.libreccm.modules.CcmModule;
import org.libreccm.modules.Module;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import java.util.Arrays;
import java.util.ServiceLoader;
@ -123,6 +126,9 @@ public class ConfigurationManager {
* provided object is not annotation with
* {@link Configuration}.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void saveConfiguration(final Object configuration) {
if (configuration == null) {
throw new IllegalArgumentException("Configuration can't be null");
@ -266,6 +272,8 @@ public class ConfigurationManager {
* @param valueType The type of the value of the setting.
* @param value The value to set.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
private <T> void setSettingValue(final Object configuration,
final String settingName,

5
ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java
View File

@ -30,6 +30,9 @@ import javax.transaction.Transactional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
import org.libreccm.core.CoreConstants;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import java.util.ArrayList;
import java.util.Objects;
@ -220,6 +223,8 @@ public class SettingManager {
*
* @param setting The setting to save.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void saveSetting(final AbstractSetting<?> setting) {
if (setting.getSettingId() == 0) {

10
ccm-core/src/main/java/org/libreccm/core/CoreConstants.java
View File

@ -42,6 +42,16 @@ public final class CoreConstants {
* in the security API.
*/
public static final String ACCESS_DENIED = "Access denied";
/**
* Constant for the {@code admin} privilege.
*/
public static final String ADMIN_PRIVILEGE = "admin";
/**
* Constant for the {@code system} privilege.
*/
public static final String SYSTEM_PRIVILEGE = "system";
private CoreConstants() {
//Nothing

19
ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java
View File

@ -29,6 +29,7 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.libreccm.configuration.ConfigurationManager;
import org.libreccm.configuration.LocalizedStringSetting;
import org.libreccm.core.CoreConstants;
import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.l10n.LocalizedString;
@ -108,6 +109,8 @@ public class ChallengeManager {
*
* @return The text of the challenge mail.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public String createEmailVerification(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@ -125,6 +128,8 @@ public class ChallengeManager {
* @throws MessagingException If there is a problem sending the email to the
* user.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void sendEmailVerification(final User user)
throws MessagingException {
final String text = createEmailVerification(user);
@ -145,6 +150,8 @@ public class ChallengeManager {
* @throws ChallengeFailedException If the provided token does not match the
* stored token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void finishEmailVerification(final User user,
final String submittedToken)
throws ChallengeFailedException {
@ -172,6 +179,8 @@ public class ChallengeManager {
*
* @return The challenge message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public String createAccountActivation(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@ -188,6 +197,8 @@ public class ChallengeManager {
* @throws MessagingException If something goes wrong when sending the
* message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void sendAccountActivation(final User user)
throws MessagingException {
final String text = createAccountActivation(user);
@ -208,6 +219,8 @@ public class ChallengeManager {
* @throws ChallengeFailedException If the submitted token does not match
* the stored token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void finishAccountActivation(final User user,
final String submittedToken)
throws ChallengeFailedException {
@ -233,6 +246,8 @@ public class ChallengeManager {
*
* @return The challenge message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public String createPasswordRecover(final User user) {
if (user == null) {
throw new IllegalArgumentException(
@ -250,6 +265,8 @@ public class ChallengeManager {
* @throws MessagingException If something goes wrong when sending the
* message.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void sendPasswordRecover(final User user)
throws MessagingException {
final String text = createPasswordRecover(user);
@ -271,6 +288,8 @@ public class ChallengeManager {
* @throws ChallengeFailedException If the submitted token does not match
* the stored token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void finishPasswordRecover(final User user,
final String submittedToken,
final String newPassword)

6
ccm-core/src/main/java/org/libreccm/security/GroupManager.java
View File

@ -18,6 +18,8 @@
*/
package org.libreccm.security;
import org.libreccm.core.CoreConstants;
import java.util.List;
import javax.enterprise.context.RequestScoped;
@ -53,6 +55,8 @@ public class GroupManager {
* @param user The user to add to a group.
* @param group The group to which the user is added.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void addMemberToGroup(final User user, final Group group) {
if (user == null) {
@ -90,6 +94,8 @@ public class GroupManager {
* @param member The user to remove from the group.
* @param group The group from which the user is removed.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void removeMemberFromGroup(final User member, final Group group) {
if (member == null) {

5
ccm-core/src/main/java/org/libreccm/security/GroupRepository.java
View File

@ -24,6 +24,7 @@ import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.core.CoreConstants;
import javax.transaction.Transactional;
@ -92,7 +93,7 @@ public class GroupRepository extends AbstractEntityRepository<Long, Group> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Group group) {
@ -100,7 +101,7 @@ public class GroupRepository extends AbstractEntityRepository<Long, Group> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Group entity) {

16
ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java
View File

@ -22,16 +22,26 @@ import org.libreccm.core.CcmObject;
/**
* Subclasses of {@link CcmObject} can implement this interface to inherit
* the permissions of their parent object. This annotation is processed by the
* the permissions of their parent object. This interface is processed by the
* {@link PermissionChecker}.
*
* @see PermissionChecker#checkPermission(java.lang.String, org.libreccm.core.CcmObject)
* @see PermissionChecker#isPermitted(java.lang.String, org.libreccm.core.CcmObject)
* @see PermissionChecker#checkPermission(java.lang.String,
* org.libreccm.core.CcmObject)
* @see PermissionChecker#isPermitted(java.lang.String,
* org.libreccm.core.CcmObject)
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public interface InheritsPermissions {
/**
* This method needs to be overwritten by implementers of interface
*
* @return The parent object of the implementing object. The
* {@link PermissionChecker} will use the permissions granted on the parent
* object in addition to the permissions granted on the object itself to
* determine if a user is granted a specific privilege on the object.
*/
CcmObject getParent();
}

13
ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java
View File

@ -43,6 +43,7 @@ import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.util.ByteSource;
import org.libreccm.core.CoreConstants;
/**
* This class manages the generation and delation of {@link OneTimeAuthToken}s.
@ -77,6 +78,8 @@ public class OneTimeAuthManager {
*
* @return The one time authentication token with the not hashed token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public OneTimeAuthToken createForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
@ -144,6 +147,8 @@ public class OneTimeAuthManager {
* @return The one time auth token for the provided user and purpose or
* {@code null} if there is no such token.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public List<OneTimeAuthToken> retrieveForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
if (user == null || purpose == null) {
@ -171,6 +176,8 @@ public class OneTimeAuthManager {
* @return {@code true} if there is a valid token for the provided user and
* purpose, {@code false} if not.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public boolean validTokenExistsForUser(
final User user, final OneTimeAuthTokenPurpose purpose) {
if (user == null || purpose == null) {
@ -201,6 +208,8 @@ public class OneTimeAuthManager {
*
* @return {@code true} if the token is valid, {@code false} if not.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public boolean isValid(final OneTimeAuthToken token) {
if (token == null) {
throw new IllegalArgumentException("Can't validate a token null");
@ -224,6 +233,8 @@ public class OneTimeAuthManager {
* @return {@code true} if the submitted token is valid and matches {@link token},
* {@code false} if not.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public boolean verify(final OneTimeAuthToken token,
final String submittedToken) {
if (token == null || submittedToken == null) {
@ -253,6 +264,8 @@ public class OneTimeAuthManager {
*
* @param token The token to invalidate.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void invalidate(final OneTimeAuthToken token) {
if (token == null) {

5
ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
View File

@ -21,6 +21,7 @@ package org.libreccm.security;
import javax.enterprise.context.RequestScoped;
import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.core.CoreConstants;
import java.util.List;
@ -76,7 +77,7 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Party party) {
@ -84,7 +85,7 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final Party party) {

22
ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java
View File

@ -138,15 +138,19 @@ public class PermissionChecker {
if (object instanceof InheritsPermissions) {
final boolean result = isPermitted(privilege, object);
if (result) {
subject.checkPermission(generatePermissionString(privilege,
object));
} else if (((InheritsPermissions) object).getParent() == null) {
subject.checkPermission(generatePermissionString(privilege,
object));
} else {
checkPermission(privilege,
((InheritsPermissions) object).getParent());
if (!result) {
if (((InheritsPermissions) object).getParent() == null) {
if (subject.isAuthenticated()) {
subject.checkPermission(generatePermissionString(
privilege, object));
} else {
shiro.getPublicUser().checkPermission(
generatePermissionString(privilege, object));
}
} else {
checkPermission(privilege,
((InheritsPermissions) object).getParent());
}
}
} else if (subject.isAuthenticated()) {
subject.checkPermission(generatePermissionString(privilege, object));

91
ccm-core/src/main/java/org/libreccm/security/PermissionManager.java
View File

@ -26,13 +26,14 @@ import javax.persistence.Query;
import javax.persistence.TypedQuery;
import org.libreccm.core.CcmObject;
import org.libreccm.core.CoreConstants;
import javax.enterprise.context.RequestScoped;
import javax.transaction.Transactional;
/**
* Manager class for granting and revoking permissions.
*
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
@ -45,28 +46,30 @@ public class PermissionManager {
@SuppressWarnings("PMD.LongVariable")
private static final String QUERY_PARAM_PRIVILEGE = "privilege";
@Inject
private EntityManager entityManager;
/**
* Retrieves a permission by its ID. Useful for UI classes.
*
*
* @param permissionId The id of the permission to retrieve.
*
* @return The permission identified by the provided {@code permissionId).
*/
public Permission findById(final long permissionId) {
return entityManager.find(Permission.class, permissionId);
}
/**
* Grants a privilege on an object to a role. If the privilege was already
* Grants a privilege on an object to a role. If the privilege was already
* granted, the method does nothing.
*
*
* @param privilege The privilege to grant.
* @param grantee The role to which the privilege is granted.
* @param object The object on which the privilege is granted.
* @param grantee The role to which the privilege is granted.
* @param object The object on which the privilege is granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void grantPrivilege(final String privilege,
final Role grantee,
@ -80,7 +83,7 @@ public class PermissionManager {
throw new IllegalArgumentException(
"Can't grant a permission to grantee null.");
}
if (object == null) {
throw new IllegalArgumentException(
"Can't grant a permission on object NULL.");
@ -97,12 +100,14 @@ public class PermissionManager {
}
/**
* Grants a privilege to a role. If the privilege was already granted, the
* Grants a privilege to a role. If the privilege was already granted, the
* method does nothing.
*
*
* @param privilege The privilege to grant.
* @param grantee The role to which the privilege is granted.
* @param grantee The role to which the privilege is granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void grantPrivilege(final String privilege,
final Role grantee) {
@ -127,13 +132,15 @@ public class PermissionManager {
}
/**
* Revokes the permissions granting a privilege on an object from a role.
* If no matching permission exists the method will do nothing.
*
* Revokes the permissions granting a privilege on an object from a role. If
* no matching permission exists the method will do nothing.
*
* @param privilege The privilege granted by the permission to revoke.
* @param grantee The role to which the privilege was granted.
* @param object The object on which the privilege was granted.
* @param grantee The role to which the privilege was granted.
* @param object The object on which the privilege was granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void revokePrivilege(final String privilege,
final Role grantee,
@ -147,7 +154,7 @@ public class PermissionManager {
throw new IllegalArgumentException(
"Can't revoke a permission from grantee null.");
}
if (object == null) {
throw new IllegalArgumentException(
"Can't revoke a permission from object NULL.");
@ -165,14 +172,16 @@ public class PermissionManager {
query.executeUpdate();
}
}
/**
* Revokes the permissions granting a privilege from a role.
* If no matching permission exists the method will do nothing.
*
/**
* Revokes the permissions granting a privilege from a role. If no matching
* permission exists the method will do nothing.
*
* @param privilege The privilege granted by the permission to revoke.
* @param grantee The role to which the privilege was granted.
* @param grantee The role to which the privilege was granted.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void revokePrivilege(final String privilege,
final Role grantee) {
@ -199,15 +208,17 @@ public class PermissionManager {
}
/**
* Copy the permissions from on {@link CcmObject} to another. The
* permissions granted on the {@code target} object will not be removed.
* Instead the permissions from {@code source} object are added the the
* Copy the permissions from on {@link CcmObject} to another. The
* permissions granted on the {@code target} object will not be removed.
* Instead the permissions from {@code source} object are added the the
* permissions.
*
*
*
*
* @param source
* @param target
* @param target
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void copyPermissions(final CcmObject source,
final CcmObject target) {
@ -215,7 +226,7 @@ public class PermissionManager {
throw new IllegalArgumentException(
"Can't copy permissions from source NULL.");
}
if (target == null) {
throw new IllegalArgumentException(
"Can't copy permissions to target NULL.");
@ -236,12 +247,13 @@ public class PermissionManager {
/**
* Checks if a permission granting the provided {@code privilege} on the
* provided {@code object} to the provided {@code role} exists.
*
*
* @param privilege The privilege granted by the permission.
* @param grantee The role to which the privilege was granted.
* @param object The object on which the privilege is granted.
* @param grantee The role to which the privilege was granted.
* @param object The object on which the privilege is granted.
*
* @return {@code true} if there is a matching permission, {@code false} if
* not.
* not.
*/
private boolean existsPermission(final String privilege,
final Role grantee,
@ -256,13 +268,14 @@ public class PermissionManager {
}
/**
* Checks if a permission granting the provided {@code privilege}to the
* Checks if a permission granting the provided {@code privilege}to the
* provided {@code role} exists.
*
*
* @param privilege The privilege granted by the permission.
* @param grantee The role to which the privilege was granted.
* @param grantee The role to which the privilege was granted.
*
* @return {@code true} if there is a matching permission, {@code false} if
* not.
* not.
*/
private boolean existsPermission(final String privilege,
final Role grantee) {

6
ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java
View File

@ -18,17 +18,15 @@
*/
package org.libreccm.security;
import com.arsdigita.bebop.FormProcessException;
import com.arsdigita.globalization.GlobalizedMessage;
import com.arsdigita.ui.login.UserNewForm;
import org.apache.logging.log4j.util.Strings;
import org.libreccm.core.CoreConstants;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.mail.MessagingException;
import static com.arsdigita.ui.login.LoginConstants.*;
/**
* The CDI bean encapsulates all steps for registering a user, for example by a
@ -83,6 +81,8 @@ public class RegistrationManager {
* activation challenge to the new user.
* @throws IllegalArgumentException If the provided {@code user} is
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
public void registerUser(final String userName,
final String familyName,
final String givenName,

6
ccm-core/src/main/java/org/libreccm/security/RoleManager.java
View File

@ -18,6 +18,8 @@
*/
package org.libreccm.security;
import org.libreccm.core.CoreConstants;
import java.util.List;
import javax.enterprise.context.RequestScoped;
@ -53,6 +55,8 @@ public class RoleManager {
* @param role The role to assign.
* @param party The party which to which to role is assigned.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void assignRoleToParty(final Role role, final Party party) {
if (role == null) {
@ -87,6 +91,8 @@ public class RoleManager {
* @param role
* @param party
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void removeRoleFromParty(final Role role, final Party party) {
if (role == null) {

5
ccm-core/src/main/java/org/libreccm/security/RoleRepository.java
View File

@ -24,6 +24,7 @@ import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.core.CoreConstants;
import javax.transaction.Transactional;
@ -82,7 +83,7 @@ public class RoleRepository extends AbstractEntityRepository<Long, Role> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final Role role) {
@ -90,7 +91,7 @@ public class RoleRepository extends AbstractEntityRepository<Long, Role> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Override
@Transactional(Transactional.TxType.REQUIRED)
public void delete(final Role role) {

52
ccm-core/src/main/java/org/libreccm/security/UserManager.java
View File

@ -18,6 +18,7 @@
*/
package org.libreccm.security;
import com.arsdigita.kernel.KernelConfig;
import com.arsdigita.kernel.security.SecurityConfig;
import javax.enterprise.context.RequestScoped;
@ -34,9 +35,14 @@ import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory;
import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.libreccm.configuration.ConfigurationManager;
import org.libreccm.core.CoreConstants;
import org.libreccm.core.EmailAddress;
import javax.transaction.Transactional;
/**
* Provides various operations for user objects.
*
@ -49,6 +55,18 @@ public class UserManager {
@Inject
private UserRepository userRepository;
@Inject
private Subject subject;
@Inject
private Shiro shiro;
@Inject
private PermissionChecker permissionChecker;
@Inject
private ConfigurationManager confManager;
/**
* Creates a new user and saves the user in the database. The method also
* creates the password hash.
@ -63,7 +81,10 @@ public class UserManager {
*
* @return The new user.
*/
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@ValidateOnExecution
@Transactional(Transactional.TxType.REQUIRED)
public User createUser(final String givenName,
final String familyName,
@Pattern(regexp = "[a-zA-Z0-9\\-_]*")
@ -93,17 +114,38 @@ public class UserManager {
* Updates the password of a user. This method allows {@code null} as
* password value. If a user has no password in the database this means that
* the user can't login or that the authentication for this user is done by
* an external system.
* an external system. Only the user itself or user to which the
* {@code admin} privilege has been granted can update the password of user.
*
* @param user The user which password should be upgraded.
* @param newPassword The new password. The password is hashed using the
* algorithm configured in the {@link SecurityConfig}.
*/
@Transactional(Transactional.TxType.REQUIRED)
public void updatePassword(@NotNull final User user,
final String newPassword) {
user.setPassword(hashPassword(newPassword));
// We can't use the authorisation annotations here because we have two
// options. First we check if the current subject is the user whos
// password is updated. If not we check if the current subject has admin
// privileges.
final String userIdentifier;
final KernelConfig kernelConfig = confManager.findConfiguration(
KernelConfig.class);
if (kernelConfig.emailIsPrimaryIdentifier()) {
userIdentifier = user.getPrimaryEmailAddress().getAddress();
} else {
userIdentifier = user.getName();
}
userRepository.save(user);
if (subject.isAuthenticated()
&& userIdentifier.equals(subject.getPrincipal())) {
user.setPassword(hashPassword(newPassword));
shiro.getSystemUser().execute(() -> userRepository.save(user));
} else {
permissionChecker.checkPermission(CoreConstants.ADMIN_PRIVILEGE);
user.setPassword(hashPassword(newPassword));
shiro.getSystemUser().execute(() -> userRepository.save(user));
}
}
/**
@ -149,7 +191,7 @@ public class UserManager {
//format includes the algorithm used, the salt, the number of
//iterations used and the hashed password in special formatted string.
final HashFormatFactory hashFormatFactory
= new DefaultHashFormatFactory();
= new DefaultHashFormatFactory();
final HashFormat hashFormat = hashFormatFactory.getInstance(
Shiro1CryptFormat.class.getName());
@ -171,7 +213,7 @@ public class UserManager {
}
final SecureRandomNumberGenerator generator
= new SecureRandomNumberGenerator();
= new SecureRandomNumberGenerator();
final int byteSize = generatedSaltSize / 8; //generatedSaltSize is in *bits* - convert to byte size:
return generator.nextBytes(byteSize);
}

5
ccm-core/src/main/java/org/libreccm/security/UserRepository.java
View File

@ -19,6 +19,7 @@
package org.libreccm.security;
import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.core.CoreConstants;
import java.util.List;
@ -161,7 +162,7 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final User entity) {
@ -169,7 +170,7 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final User entity) {

12
ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java
View File

@ -21,9 +21,12 @@ package org.libreccm.web;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
import org.libreccm.core.CoreConstants;
import org.libreccm.l10n.GlobalizationHelper;
import org.libreccm.modules.CcmModule;
import org.libreccm.modules.Module;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
import java.util.Collections;
import java.util.HashMap;
@ -34,12 +37,14 @@ import java.util.ResourceBundle;
import java.util.ServiceLoader;
import javax.annotation.PostConstruct;
import javax.ejb.TransactionAttribute;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.transaction.Transactional;
/**
*
@ -80,10 +85,14 @@ public class ApplicationManager {
return Collections.unmodifiableMap(applicationTypes);
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public <T extends CcmApplication> T createInstance(
final ApplicationType type,
final String path,
final Class<T> applicationClass) throws ApplicationCreateException {
try {
@SuppressWarnings("unchecked")
final ApplicationCreator<T> creator = type.creator().newInstance();
@ -98,6 +107,9 @@ public class ApplicationManager {
}
}
@AuthorizationRequired
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
public void deleteInstance(final CcmApplication application) {
entityManager.remove(application);
}

5
ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java
View File

@ -20,6 +20,7 @@ package org.libreccm.web;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.libreccm.core.AbstractEntityRepository;
import org.libreccm.core.CoreConstants;
import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.RequiresPrivilege;
@ -86,7 +87,7 @@ public class ApplicationRepository
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void save(final CcmApplication application) {
@ -94,7 +95,7 @@ public class ApplicationRepository
}
@AuthorizationRequired
@RequiresPrivilege("admin")
@RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
@Transactional(Transactional.TxType.REQUIRED)
@Override
public void delete(final CcmApplication application) {

390
ccm-core/src/test/java/org/libreccm/categorization/CategoryManagerTest.java
View File

@ -18,7 +18,11 @@
*/
package org.libreccm.categorization;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.subject.Subject;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.junit.InSequence;
import org.jboss.arquillian.persistence.CreateSchema;
@ -28,7 +32,6 @@ import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
@ -40,9 +43,11 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.libreccm.core.CcmObject;
import org.libreccm.core.CcmObjectRepository;
import org.libreccm.security.Shiro;
import org.libreccm.tests.categories.IntegrationTest;
import java.io.File;
import java.util.concurrent.Callable;
import javax.inject.Inject;
import javax.persistence.EntityManager;
@ -75,6 +80,12 @@ public class CategoryManagerTest {
@Inject
private DomainRepository domainRepo;
@Inject
private Shiro shiro;
@Inject
private Subject subject;
@PersistenceContext(name = "LibreCCM")
private EntityManager entityManager;
@ -125,16 +136,21 @@ public class CategoryManagerTest {
.getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage())
.addPackage(org.libreccm.security.Permission.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addAsLibraries(libs)
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -165,7 +181,73 @@ public class CategoryManagerTest {
+ "after-add-obj-to-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(1100)
public void addObjectToCategory() {
public void addObjectToCategoryBySystemUser() {
final CcmObject object2 = ccmObjectRepo.findById(-3200L);
final Category foo = categoryRepo.findById(-2100L);
assertThat(object2, is(not(nullValue())));
assertThat(foo, is(not(nullValue())));
shiro.getSystemUser().execute(() -> categoryManager.addObjectToCategory(
object2, foo));
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-add-obj-to-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(1200)
public void addObjectToCategoryAuthByDomain() {
final CcmObject object2 = ccmObjectRepo.findById(-3200L);
final Category foo = categoryRepo.findById(-2100L);
assertThat(object2, is(not(nullValue())));
assertThat(foo, is(not(nullValue())));
final UsernamePasswordToken token = new UsernamePasswordToken(
"jane.doe@example.org", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.addObjectToCategory(object2, foo);
subject.logout();
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-add-obj-to-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(1300)
public void addObjectToCategoryAuthByCategory() {
final CcmObject object2 = ccmObjectRepo.findById(-3200L);
final Category foo = categoryRepo.findById(-2100L);
assertThat(object2, is(not(nullValue())));
assertThat(foo, is(not(nullValue())));
final UsernamePasswordToken token = new UsernamePasswordToken(
"mmuster@example.com", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.addObjectToCategory(object2, foo);
subject.logout();
}
@Test(expected = UnauthorizedException.class)
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldThrowException(UnauthorizedException.class)
@InSequence(1400)
public void addObjectToCategoryNotAuthorized() {
final CcmObject object2 = ccmObjectRepo.findById(-3200L);
final Category foo = categoryRepo.findById(-2100L);
@ -178,11 +260,86 @@ public class CategoryManagerTest {
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(value
= "datasets/org/libreccm/categorization/CategoryManagerTest/after-remove-obj-from-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(1200)
public void removeObjectFromCategory()
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-remove-obj-from-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(2000)
public void removeObjectFromCategoryBySystemUser()
throws ObjectNotAssignedToCategoryException {
final CcmObject object1 = ccmObjectRepo.findById(-3100L);
final Category foo = categoryRepo.findById(-2100L);
assertThat(object1, is(not(nullValue())));
assertThat(foo, is(not(nullValue())));
shiro.getSystemUser().execute(() -> {
categoryManager.removeObjectFromCategory(object1, foo);
return null;
});
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-remove-obj-from-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(2100)
public void removeObjectFromCategoryAuthByDomain()
throws ObjectNotAssignedToCategoryException {
final CcmObject object1 = ccmObjectRepo.findById(-3100L);
final Category foo = categoryRepo.findById(-2100L);
assertThat(object1, is(not(nullValue())));
assertThat(foo, is(not(nullValue())));
final UsernamePasswordToken token = new UsernamePasswordToken(
"jane.doe@example.org", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.removeObjectFromCategory(object1, foo);
subject.logout();
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-remove-obj-from-category.yml",
excludeColumns = {"categorization_id"})
@InSequence(2200)
public void removeObjectFromCategoryAuthByCategory()
throws ObjectNotAssignedToCategoryException {
final CcmObject object1 = ccmObjectRepo.findById(-3100L);
final Category foo = categoryRepo.findById(-2100L);
assertThat(object1, is(not(nullValue())));
assertThat(foo, is(not(nullValue())));
final UsernamePasswordToken token = new UsernamePasswordToken(
"mmuster@example.com", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.removeObjectFromCategory(object1, foo);
subject.logout();
}
@Test(expected = UnauthorizedException.class)
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldThrowException(UnauthorizedException.class)
@InSequence(2300)
public void removeObjectFromCategoryNotAuthorized()
throws ObjectNotAssignedToCategoryException {
final CcmObject object1 = ccmObjectRepo.findById(-3100L);
@ -201,8 +358,98 @@ public class CategoryManagerTest {
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-add-subcategory.yml",
excludeColumns = {"object_id", "uuid"})
@InSequence(2100)
public void addSubCategoryToCategory() {
@InSequence(3000)
public void addSubCategoryToCategoryBySystemUser() {
final Category category = new Category();
category.setName("category-new");
category.setDisplayName("category-new");
category.setUniqueId("catnew");
shiro.getSystemUser().execute(() -> categoryRepo.save(category));
final TypedQuery<Category> query = entityManager.createQuery(
"SELECT c FROM Category c WHERE c.name = :name",
Category.class);
query.setParameter("name", "category-new");
final Category sub = query.getSingleResult();
final Category foo = categoryRepo.findById(-2100L);
shiro.getSystemUser().execute(
() -> categoryManager.addSubCategoryToCategory(sub, foo));
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-add-subcategory.yml",
excludeColumns = {"object_id", "uuid"})
@InSequence(3000)
public void addSubCategoryToCategoryAuthByDomain() {
final Category category = new Category();
category.setName("category-new");
category.setDisplayName("category-new");
category.setUniqueId("catnew");
shiro.getSystemUser().execute(() -> categoryRepo.save(category));
final TypedQuery<Category> query = entityManager.createQuery(
"SELECT c FROM Category c WHERE c.name = :name",
Category.class);
query.setParameter("name", "category-new");
final Category sub = query.getSingleResult();
final Category foo = categoryRepo.findById(-2100L);
final UsernamePasswordToken token = new UsernamePasswordToken(
"jane.doe@example.org", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.addSubCategoryToCategory(sub, foo);
subject.logout();
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-add-subcategory.yml",
excludeColumns = {"object_id", "uuid"})
@InSequence(3000)
public void addSubCategoryToCategoryAuthByCategory() {
final Category category = new Category();
category.setName("category-new");
category.setDisplayName("category-new");
category.setUniqueId("catnew");
shiro.getSystemUser().execute(() -> categoryRepo.save(category));
final TypedQuery<Category> query = entityManager.createQuery(
"SELECT c FROM Category c WHERE c.name = :name",
Category.class);
query.setParameter("name", "category-new");
final Category sub = query.getSingleResult();
final Category foo = categoryRepo.findById(-2100L);
final UsernamePasswordToken token = new UsernamePasswordToken(
"mmuster@example.com", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.addSubCategoryToCategory(sub, foo);
subject.logout();
}
@Test(expected = UnauthorizedException.class)
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldThrowException(UnauthorizedException.class)
@InSequence(3000)
public void addSubCategoryToCategoryNotAuthorized() {
final Category category = new Category();
category.setName("category-new");
category.setDisplayName("category-new");
@ -216,7 +463,6 @@ public class CategoryManagerTest {
final Category sub = query.getSingleResult();
final Category foo = categoryRepo.findById(-2100L);
// final Category sub = categoryRepo.findById(-2200L);
categoryManager.addSubCategoryToCategory(sub, foo);
}
@ -228,8 +474,65 @@ public class CategoryManagerTest {
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-remove-subcategory.yml",
excludeColumns = {"categorization_id", "object_id"})
@InSequence(2200)
public void removeSubCategoryFromCategory() {
@InSequence(4000)
public void removeSubCategoryFromCategoryBySystemUser() {
final Category foo = categoryRepo.findById(-2100L);
final Category bar = categoryRepo.findById(-2200L);
shiro.getSystemUser().execute(
() -> categoryManager.removeSubCategoryFromCategory(bar, foo));
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-remove-subcategory.yml",
excludeColumns = {"categorization_id", "object_id"})
@InSequence(4000)
public void removeSubCategoryFromCategoryAuthByDomain() {
final Category foo = categoryRepo.findById(-2100L);
final Category bar = categoryRepo.findById(-2200L);
final UsernamePasswordToken token = new UsernamePasswordToken(
"jane.doe@example.org", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.removeSubCategoryFromCategory(bar, foo);
subject.logout();
}
@Test
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/categorization/"
+ "CategoryManagerTest/after-remove-subcategory.yml",
excludeColumns = {"categorization_id", "object_id"})
@InSequence(4000)
public void removeSubCategoryFromCategoryAuthByCategory() {
final Category foo = categoryRepo.findById(-2100L);
final Category bar = categoryRepo.findById(-2200L);
final UsernamePasswordToken token = new UsernamePasswordToken(
"mmuster@example.com", "foo123");
token.setRememberMe(true);
subject.login(token);
categoryManager.removeSubCategoryFromCategory(bar, foo);
subject.logout();
}
@Test(expected = UnauthorizedException.class)
@UsingDataSet(
"datasets/org/libreccm/categorization/CategoryManagerTest/data.yml")
@ShouldThrowException(UnauthorizedException.class)
@InSequence(4000)
public void removeSubCategoryFromCategoryNotAuthorized() {
final Category foo = categoryRepo.findById(-2100L);
final Category bar = categoryRepo.findById(-2200L);
@ -243,38 +546,41 @@ public class CategoryManagerTest {
value = "datasets/org/libreccm/categorization/CategoryManagerTest/"
+ "after-create-multiple-categories.yml",
excludeColumns = {"object_id", "uuid"})
@InSequence(3100)
@InSequence(5000)
public void createMultipleCategories() {
final Domain domain = domainRepo.findByDomainKey("test");
final Category root = domain.getRoot();
final Category com = new Category();
com.setName("com");
com.setDisplayName("com");
com.setUniqueId("com");
categoryRepo.save(com);
categoryManager.addSubCategoryToCategory(com, root);
shiro.getSystemUser().execute(() -> {
final Domain domain = domainRepo.findByDomainKey("test");
final Category root = domain.getRoot();
final Category example = new Category();
example.setName("example");
example.setDisplayName("example");
example.setUniqueId("example");
categoryRepo.save(example);
categoryManager.addSubCategoryToCategory(example, com);
final Category com = new Category();
com.setName("com");
com.setDisplayName("com");
com.setUniqueId("com");
categoryRepo.save(com);
categoryManager.addSubCategoryToCategory(com, root);
final Category categories = new Category();
categories.setName("categories");
categories.setDisplayName("categories");
categories.setUniqueId("categories");
categoryRepo.save(categories);
categoryManager.addSubCategoryToCategory(categories, example);
final Category example = new Category();
example.setName("example");
example.setDisplayName("example");
example.setUniqueId("example");
categoryRepo.save(example);
categoryManager.addSubCategoryToCategory(example, com);
final Category test = new Category();
test.setName("test");
test.setDisplayName("test");
test.setUniqueId("test");
categoryRepo.save(test);
categoryManager.addSubCategoryToCategory(test, categories);
final Category categories = new Category();
categories.setName("categories");
categories.setDisplayName("categories");
categories.setUniqueId("categories");
categoryRepo.save(categories);
categoryManager.addSubCategoryToCategory(categories, example);
final Category test = new Category();
test.setName("test");
test.setDisplayName("test");
test.setUniqueId("test");
categoryRepo.save(test);
categoryManager.addSubCategoryToCategory(test, categories);
});
}
}

3
ccm-core/src/test/java/org/libreccm/categorization/CategoryRepositoryTest.java
View File

@ -38,7 +38,6 @@ import org.jboss.arquillian.persistence.ShouldMatchDataSet;
import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.sasl.util.UsernamePasswordHashUtil;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
@ -52,8 +51,6 @@ import org.junit.runner.RunWith;
import org.libreccm.security.Shiro;
import org.libreccm.tests.categories.IntegrationTest;
import javax.ws.rs.NotAuthorizedException;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;

1
ccm-core/src/test/java/org/libreccm/categorization/DatasetsTest.java
View File

@ -46,7 +46,6 @@ public class DatasetsTest extends DatasetsVerifier {
"/datasets/org/libreccm/categorization/CategoryManagerTest/after-remove-obj-from-category.yml",
"/datasets/org/libreccm/categorization/CategoryManagerTest/after-remove-subcategory.yml",
"/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml",
"/datasets/org/libreccm/categorization/CategoryManagerTest/data2.yml",
"/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml",
"/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml"
});

112
ccm-core/src/test/java/org/libreccm/configuration/ConfigurationManagerTest.java
View File

@ -19,9 +19,12 @@
package org.libreccm.configuration;
import com.example.TestConfiguration;
import java.io.File;
import java.math.BigDecimal;
import javax.inject.Inject;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.junit.InSequence;
@ -43,6 +46,7 @@ import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.libreccm.security.Shiro;
import org.libreccm.tests.categories.IntegrationTest;
import static org.hamcrest.Matchers.*;
@ -62,6 +66,9 @@ public class ConfigurationManagerTest {
@Inject
private ConfigurationManager configurationManager;
@Inject
private Shiro shiro;
public ConfigurationManagerTest() {
}
@ -85,10 +92,10 @@ public class ConfigurationManagerTest {
@Deployment
public static WebArchive createDeployment() {
final PomEquippedResolveStage pom = Maven
.resolver()
.loadPomFromFile("pom.xml");
.resolver()
.loadPomFromFile("pom.xml");
final PomEquippedResolveStage dependencies = pom
.importCompileAndRuntimeDependencies();
.importCompileAndRuntimeDependencies();
final File[] libs = dependencies.resolve().withTransitivity().asFile();
for (File lib : libs) {
@ -97,37 +104,41 @@ public class ConfigurationManagerTest {
}
return ShrinkWrap
.create(WebArchive.class,
"LibreCCM-org.libreccm.configuration."
+ "ConfigurationManagerTest.war")
.addPackage(org.libreccm.categorization.Categorization.class.
getPackage())
.addPackage(org.libreccm.configuration.Configuration.class.
getPackage())
.addPackage(org.libreccm.core.CcmObject.class.getPackage())
.addPackage(org.libreccm.jpa.EntityManagerProducer.class.
getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class.
getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class
.getPackage())
.addPackage(org.libreccm.security.Permission.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class.
getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.
getPackage())
.addClass(com.example.TestConfiguration.class)
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource(
"configs/org/libreccm/configuration/ConfigurationManagerTest/"
+ "log4j2.xml",
"log4j2.xml")
.addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
.create(WebArchive.class,
"LibreCCM-org.libreccm.configuration."
+ "ConfigurationManagerTest.war")
.addPackage(org.libreccm.categorization.Categorization.class
.getPackage())
.addPackage(org.libreccm.configuration.Configuration.class
.getPackage())
.addPackage(org.libreccm.core.CcmObject.class.getPackage())
.addPackage(org.libreccm.jpa.EntityManagerProducer.class
.getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
.getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class
.getPackage())
.addPackage(org.libreccm.security.Permission.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.
getPackage())
.addClass(com.example.TestConfiguration.class)
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource(
"configs/org/libreccm/configuration/ConfigurationManagerTest/"
+ "log4j2.xml",
"log4j2.xml")
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -138,7 +149,7 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@InSequence(2)
public void datasetOnly() {
System.out.println("Dataset loaded successfully.");
@ -146,11 +157,11 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@InSequence(1100)
public void loadConfiguration() {
final ExampleConfiguration configuration = configurationManager
.findConfiguration(ExampleConfiguration.class);
.findConfiguration(ExampleConfiguration.class);
assertThat(configuration, is(not(nullValue())));
assertThat(configuration.getPrice(),
@ -167,29 +178,30 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@ShouldMatchDataSet(
"datasets/org/libreccm/configuration/ConfigurationManagerTest/"
+ "after-save-changed.yml")
"datasets/org/libreccm/configuration/ConfigurationManagerTest/"
+ "after-save-changed.yml")
@InSequence(1200)
public void saveConfiguration() {
final ExampleConfiguration configuration = configurationManager
.findConfiguration(ExampleConfiguration.class);
.findConfiguration(ExampleConfiguration.class);
configuration.setPrice(new BigDecimal("109.99"));
configuration.setItemsPerPage(30L);
configuration.addLanguage("es");
configurationManager.saveConfiguration(configuration);
shiro.getSystemUser().execute(
() -> configurationManager.saveConfiguration(configuration));
}
@Test
@UsingDataSet(
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@InSequence(2100)
public void loadNewConfiguration() {
final TestConfiguration configuration = configurationManager
.findConfiguration(TestConfiguration.class);
.findConfiguration(TestConfiguration.class);
assertThat(configuration, is(not(nullValue())));
assertThat(configuration.getEnabled(), is(false));
@ -198,14 +210,16 @@ public class ConfigurationManagerTest {
@Test
@UsingDataSet(
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
"datasets/org/libreccm/configuration/ConfigurationManagerTest/data.yml")
@ShouldMatchDataSet(
value = "datasets/org/libreccm/configuration/"
+ "ConfigurationManagerTest/after-save-new.yml",
excludeColumns = {"setting_id"})
value = "datasets/org/libreccm/configuration/"
+ "ConfigurationManagerTest/after-save-new.yml",
excludeColumns = {"setting_id"})
@InSequence(2200)
public void saveNewConfiguration() {
configurationManager.saveConfiguration(new TestConfiguration());
shiro.getSystemUser().execute(
() -> configurationManager.saveConfiguration(
new TestConfiguration()));
}
}

243
ccm-core/src/test/java/org/libreccm/security/ChallengeManagerTest.java
View File

@ -18,6 +18,7 @@
*/
package org.libreccm.security;
import org.apache.shiro.subject.ExecutionException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
@ -73,6 +74,9 @@ public class ChallengeManagerTest {
@Inject
private ServletContext servletContext;
@Inject
private Shiro shiro;
public ChallengeManagerTest() {
}
@ -113,33 +117,37 @@ public class ChallengeManagerTest {
.addPackage(com.arsdigita.util.Assert.class.getPackage())
.addClass(com.arsdigita.util.servlet.HttpHost.class)
.addPackage(com.arsdigita.web.URL.class.getPackage())
.addPackage(org.libreccm.security.OneTimeAuthManager.class.
getPackage())
.addPackage(org.libreccm.security.OneTimeAuthManager.class
.getPackage())
.addPackage(org.libreccm.core.CcmObject.class.getPackage())
.addPackage(org.libreccm.categorization.Categorization.class.
getPackage())
.addPackage(org.libreccm.categorization.Categorization.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addPackage(
org.libreccm.configuration.ConfigurationManager.class.
getPackage())
org.libreccm.configuration.ConfigurationManager.class
.getPackage())
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.jpa.EntityManagerProducer.class.
getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class.
getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.
getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class.
getPackage())
.addPackage(org.libreccm.jpa.EntityManagerProducer.class
.getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addAsLibraries(libs)
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -176,7 +184,9 @@ public class ChallengeManagerTest {
// path);
final User user = userRepository.findByName("mmuster");
final String mail = challengeManager.createEmailVerification(user);
final String mail = shiro.getSystemUser().execute(() -> {
return challengeManager.createEmailVerification(user);
});
assertThat(mail, is(not(nullValue())));
assertThat(mail.isEmpty(), is(false));
@ -192,8 +202,13 @@ public class ChallengeManagerTest {
@UsingDataSet("datasets/org/libreccm/security/ChallengeManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1200)
public void createEmailVerificationNullUser() {
challengeManager.createEmailVerification(null);
public void createEmailVerificationNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> challengeManager.createEmailVerification(null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -205,9 +220,12 @@ public class ChallengeManagerTest {
@InSequence(1300)
public void finishEmailVerification() throws ChallengeFailedException {
final User user = userRepository.findByName("mmuster");
challengeManager.finishEmailVerification(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
shiro.getSystemUser().execute(() -> {
challengeManager.finishEmailVerification(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
return null;
});
}
@Test(expected = IllegalArgumentException.class)
@ -219,11 +237,18 @@ public class ChallengeManagerTest {
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1400)
public void finishEmailVerificationNullUser()
throws ChallengeFailedException {
throws Throwable {
challengeManager.finishEmailVerification(
null,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishEmailVerification(
null,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -235,11 +260,17 @@ public class ChallengeManagerTest {
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1500)
public void finishEmailVerificationNullToken()
throws ChallengeFailedException {
throws Throwable {
final User user = userRepository.findByName("mmuster");
challengeManager.finishEmailVerification(
user, null);
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishEmailVerification(user, null);
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -262,7 +293,9 @@ public class ChallengeManagerTest {
// path);
final User user = userRepository.findByName("mmuster");
final String mail = challengeManager.createAccountActivation(user);
final String mail = shiro.getSystemUser().execute(() -> {
return challengeManager.createAccountActivation(user);
});
assertThat(mail, is(not(nullValue())));
assertThat(mail.isEmpty(), is(false));
@ -273,8 +306,13 @@ public class ChallengeManagerTest {
@UsingDataSet("datasets/org/libreccm/security/ChallengeManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(2200)
public void createAccountActivationNullUser() {
challengeManager.createAccountActivation(null);
public void createAccountActivationNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> challengeManager.createAccountActivation(null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -284,11 +322,18 @@ public class ChallengeManagerTest {
value = "datasets/org/libreccm/security/ChallengeManagerTest/"
+ "after-finish-account-activation.xml")
@InSequence(2300)
public void finishAccountActivation() throws ChallengeFailedException {
public void finishAccountActivation() throws Throwable {
final User user = userRepository.findByName("mmuster");
challengeManager.finishAccountActivation(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishAccountActivation(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -299,11 +344,17 @@ public class ChallengeManagerTest {
+ "finish-account-activation.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(2400)
public void finishAccountActivationNullUser() throws
ChallengeFailedException {
challengeManager.finishAccountActivation(
null,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
public void finishAccountActivationNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishAccountActivation(
null,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi");
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -314,12 +365,17 @@ public class ChallengeManagerTest {
+ "finish-account-activation.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(2400)
public void finishAccountActivationNullToken() throws
ChallengeFailedException {
public void finishAccountActivationNullToken() throws Throwable {
final User user = userRepository.findByName("mmuster");
challengeManager.finishAccountActivation(
user, null);
try {
final User user = userRepository.findByName("mmuster");
shiro.getSystemUser().execute(() -> {
challengeManager.finishAccountActivation(user, null);
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -343,7 +399,9 @@ public class ChallengeManagerTest {
// path);
final User user = userRepository.findByName("mmuster");
final String mail = challengeManager.createPasswordRecover(user);
final String mail = shiro.getSystemUser().execute(() -> {
return challengeManager.createPasswordRecover(user);
});
assertThat(mail, is(not(nullValue())));
assertThat(mail.isEmpty(), is(false));
@ -354,8 +412,15 @@ public class ChallengeManagerTest {
@UsingDataSet("datasets/org/libreccm/security/ChallengeManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3200)
public void createPasswordRecoverNullUser() {
challengeManager.createPasswordRecover(null);
public void createPasswordRecoverNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(() -> {
challengeManager.createPasswordRecover(null);
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -368,10 +433,13 @@ public class ChallengeManagerTest {
@InSequence(3300)
public void finishPasswordRecover() throws ChallengeFailedException {
final User user = userRepository.findByName("mmuster");
challengeManager.finishPasswordRecover(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
"new-password");
shiro.getSystemUser().execute(() -> {
challengeManager.finishPasswordRecover(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
"new-password");
return null;
});
final User after = userRepository.findByName("mmuster");
assertThat(userManager.verifyPassword(after, "new-password"), is(true));
@ -385,11 +453,18 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3400)
public void finishPasswordRecoverNullUser() throws ChallengeFailedException {
challengeManager.finishPasswordRecover(
null,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
"new-password");
public void finishPasswordRecoverNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishPasswordRecover(
null,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
"new-password");
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -400,11 +475,18 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3400)
public void finishPasswordRecoverNullToken()
throws ChallengeFailedException {
public void finishPasswordRecoverNullToken() throws Throwable {
final User user = userRepository.findByName("mmuster");
challengeManager.finishPasswordRecover(
user, null, "new-password");
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishPasswordRecover(
user, null, "new-password");
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -415,13 +497,20 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3500)
public void finishPasswordRecoverNullPassword()
throws ChallengeFailedException {
public void finishPasswordRecoverNullPassword() throws Throwable {
final User user = userRepository.findByName("mmuster");
challengeManager.finishPasswordRecover(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
null);
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishPasswordRecover(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
null);
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -432,13 +521,19 @@ public class ChallengeManagerTest {
+ "finish-password-recovery.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(3600)
public void finishPasswordRecoverEmptyPassword()
throws ChallengeFailedException {
public void finishPasswordRecoverEmptyPassword() throws Throwable {
final User user = userRepository.findByName("mmuster");
challengeManager.finishPasswordRecover(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
"");
try {
shiro.getSystemUser().execute(() -> {
challengeManager.finishPasswordRecover(
user,
"biXOpuxIPXuRgx9jhk1PzZVIeKGaTmg2qTKoTQ4tl9iiweQ0e5mfmdFI1KjDwjPi",
"");
return null;
});
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
}

66
ccm-core/src/test/java/org/libreccm/security/GroupManagerTest.java
View File

@ -18,6 +18,7 @@
*/
package org.libreccm.security;
import org.apache.shiro.subject.ExecutionException;
import java.io.File;
@ -70,6 +71,9 @@ public class GroupManagerTest {
@Inject
private UserRepository userRepository;
@Inject
private Shiro shiro;
public GroupManagerTest() {
}
@ -119,19 +123,23 @@ public class GroupManagerTest {
.addPackage(org.libreccm.security.User.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(com.arsdigita.kernel.security.SecurityConfig.class
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -165,28 +173,40 @@ public class GroupManagerTest {
final User jdoe = userRepository.findByName("jdoe");
final User mmuster = userRepository.findByName("mmuster");
groupManager.addMemberToGroup(mmuster, admins);
groupManager.addMemberToGroup(jdoe, editors);
shiro.getSystemUser().execute(() -> {
groupManager.addMemberToGroup(mmuster, admins);
groupManager.addMemberToGroup(jdoe, editors);
});
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(210)
public void addNullUserToGroup() {
public void addNullUserToGroup() throws Throwable {
final Group admins = groupRepository.findByName("admins");
groupManager.addMemberToGroup(null, admins);
try {
shiro.getSystemUser().execute(
() -> groupManager.addMemberToGroup(null, admins));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
public void addUserToGroupNull() {
public void addUserToGroupNull() throws Throwable {
final User jdoe = userRepository.findByName("jdoe");
groupManager.addMemberToGroup(jdoe, null);
try {
shiro.getSystemUser().execute(
() -> groupManager.addMemberToGroup(jdoe, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -198,7 +218,8 @@ public class GroupManagerTest {
final Group admins = groupRepository.findByName("admins");
final User jdoe = userRepository.findByName("jdoe");
groupManager.addMemberToGroup(jdoe, admins);
shiro.getSystemUser().execute(
() -> groupManager.addMemberToGroup(jdoe, admins));
}
@Test
@ -216,28 +237,40 @@ public class GroupManagerTest {
assertThat(admins.getMemberships().size(), is(1));
assertThat(users.getMemberships().size(), is(2));
groupManager.removeMemberFromGroup(jdoe, admins);
groupManager.removeMemberFromGroup(mmuster, users);
shiro.getSystemUser().execute(() -> {
groupManager.removeMemberFromGroup(jdoe, admins);
groupManager.removeMemberFromGroup(mmuster, users);
});
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(310)
public void removeUserNullFromGroup() {
public void removeUserNullFromGroup() throws Throwable {
final Group admins = groupRepository.findByName("admins");
groupManager.removeMemberFromGroup(null, admins);
try {
shiro.getSystemUser().execute(
() -> groupManager.removeMemberFromGroup(null, admins));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/GroupManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
public void removeUserFromGroupNull() {
public void removeUserFromGroupNull() throws Throwable {
final User jdoe = userRepository.findByName("jdoe");
groupManager.removeMemberFromGroup(jdoe, null);
try {
shiro.getSystemUser().execute(
() -> groupManager.removeMemberFromGroup(jdoe, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -249,7 +282,8 @@ public class GroupManagerTest {
final Group admins = groupRepository.findByName("admins");
final User mmuster = userRepository.findByName("mmuster");
groupManager.removeMemberFromGroup(mmuster, admins);
shiro.getSystemUser().execute(
() -> groupManager.removeMemberFromGroup(mmuster, admins));
}
}

198
ccm-core/src/test/java/org/libreccm/security/OneTimeAuthManagerTest.java
View File

@ -18,6 +18,8 @@
*/
package org.libreccm.security;
import org.apache.shiro.subject.ExecutionException;
import java.io.File;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
@ -72,6 +74,9 @@ public class OneTimeAuthManagerTest {
@Inject
private UserRepository userRepository;
@Inject
private Shiro shiro;
public OneTimeAuthManagerTest() {
}
@ -109,31 +114,34 @@ public class OneTimeAuthManagerTest {
return ShrinkWrap
.create(WebArchive.class,
"LibreCCM-org.libreccm.security.OneTimeAuthManagerTest.war")
.addPackage(org.libreccm.security.OneTimeAuthManager.class.
getPackage())
.addPackage(org.libreccm.security.OneTimeAuthManager.class
.getPackage())
.addPackage(org.libreccm.core.CcmObject.class.getPackage())
.addPackage(org.libreccm.categorization.Categorization.class.
getPackage())
.addPackage(
org.libreccm.configuration.ConfigurationManager.class.
getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage()).
addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.categorization.Categorization.class
.getPackage())
.addPackage(org.libreccm.configuration.ConfigurationManager.class
.getPackage())
.addPackage(org.libreccm.l10n.LocalizedString.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.jpa.EntityManagerProducer.class.
getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class.
getPackage())
.addPackage(org.libreccm.jpa.EntityManagerProducer.class
.getPackage())
.addPackage(org.libreccm.jpa.utils.MimeTypeConverter.class
.getPackage())
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addClass(com.arsdigita.kernel.KernelConfig.class)
.addClass(com.arsdigita.kernel.security.SecurityConfig.class)
.addPackage(org.libreccm.testutils.EqualsVerifier.class.
getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class.
getPackage())
.addAsLibraries(libs)
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsWebInfResource("test-web.xml", "WEB-INF/web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "WEB-INF/beans.xml");
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -152,9 +160,11 @@ public class OneTimeAuthManagerTest {
@InSequence(100)
public void createTokenForUser() {
final User mmuster = userRepository.findByName("mmuster");
final OneTimeAuthToken token = oneTimeAuthManager.createForUser(
mmuster,
OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
final OneTimeAuthToken token = shiro.getSystemUser().execute(() -> {
return oneTimeAuthManager.createForUser(
mmuster,
OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
});
final LocalDateTime now = LocalDateTime.now(ZoneOffset.UTC);
final LocalDateTime tokenValidUntil = LocalDateTime.ofInstant(
@ -176,9 +186,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(200)
public void createTokenNullUser() {
oneTimeAuthManager.createForUser(
null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD);
public void createTokenNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.createForUser(
null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -186,9 +201,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(300)
public void createTokenNullPurpose() {
public void createTokenNullPurpose() throws Throwable {
final User user = new User();
oneTimeAuthManager.createForUser(user, null);
try {
shiro.getSystemUser().execute(() -> oneTimeAuthManager
.createForUser(user, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -198,9 +218,11 @@ public class OneTimeAuthManagerTest {
public void retrieveTokenForUser() {
final User jdoe = userRepository.findByName("jdoe");
final List<OneTimeAuthToken> result = oneTimeAuthManager.
retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
final List<OneTimeAuthToken> result = shiro.getSystemUser().execute(
() -> {
return oneTimeAuthManager.retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
});
assertThat(result, is(not(nullValue())));
assertThat(result, is(not(empty())));
@ -219,9 +241,11 @@ public class OneTimeAuthManagerTest {
public void retrieveNotExistingTokenForUser() {
final User mmuster = userRepository.findByName("mmuster");
final List<OneTimeAuthToken> result = oneTimeAuthManager.
retrieveForUser(
mmuster, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
final List<OneTimeAuthToken> result = shiro.getSystemUser().execute(
() -> {
return oneTimeAuthManager.retrieveForUser(
mmuster, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
});
assertThat(result, is(empty()));
}
@ -231,9 +255,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(600)
public void retrieveTokenNullUser() {
oneTimeAuthManager.retrieveForUser(
null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD);
public void retrieveTokenNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.retrieveForUser(
null, OneTimeAuthTokenPurpose.RECOVER_PASSWORD));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -241,10 +270,15 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(700)
public void retrieveTokenNullPurpose() {
public void retrieveTokenNullPurpose() throws Throwable {
final User mmuster = userRepository.findByName("mmuster");
oneTimeAuthManager.retrieveForUser(mmuster, null);
try {
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.retrieveForUser(mmuster, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -254,10 +288,11 @@ public class OneTimeAuthManagerTest {
public void validTokenExistsForUser() {
final User user = userRepository.findByName("jdoe");
assertThat(
oneTimeAuthManager.validTokenExistsForUser(
user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
is(true));
shiro.getSystemUser().execute(
() -> assertThat(
oneTimeAuthManager.validTokenExistsForUser(
user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
is(true)));
}
@Test
@ -267,10 +302,11 @@ public class OneTimeAuthManagerTest {
public void validTokenDoesNotExist() {
final User user = userRepository.findByName("mmuster");
assertThat(
oneTimeAuthManager.validTokenExistsForUser(
user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
is(false));
shiro.getSystemUser().execute(
() -> assertThat(
oneTimeAuthManager.validTokenExistsForUser(
user, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION),
is(false)));
}
@Test(expected = IllegalArgumentException.class)
@ -278,9 +314,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1000)
public void validTokenNullUser() {
oneTimeAuthManager.validTokenExistsForUser(
null, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
public void validTokenNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.validTokenExistsForUser(
null, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -288,10 +329,14 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1100)
public void validTokenNullPurpose() {
final User user = userRepository.findByName("mmuster");
oneTimeAuthManager.validTokenExistsForUser(
user, null);
public void validTokenNullPurpose() throws Throwable {
try {
final User user = userRepository.findByName("mmuster");
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.validTokenExistsForUser(user, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -301,12 +346,15 @@ public class OneTimeAuthManagerTest {
public void isValid() {
final User jdoe = userRepository.findByName("jdoe");
final List<OneTimeAuthToken> result = oneTimeAuthManager.
retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
final List<OneTimeAuthToken> result = shiro.getSystemUser().execute(
() -> {
return oneTimeAuthManager.retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
});
assertThat(result, is(not(empty())));
assertThat(oneTimeAuthManager.isValid(result.get(0)), is(true));
shiro.getSystemUser().execute(
() -> assertThat(oneTimeAuthManager.isValid(result.get(0)),
is(true)));
}
@Test
@ -316,9 +364,11 @@ public class OneTimeAuthManagerTest {
public void isInvalid() {
final User jdoe = userRepository.findByName("jdoe");
final List<OneTimeAuthToken> result = oneTimeAuthManager.
retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
final List<OneTimeAuthToken> result = shiro.getSystemUser().execute(
() -> {
return oneTimeAuthManager.retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
});
assertThat(result, is(not(empty())));
final OneTimeAuthToken token = result.get(0);
@ -327,7 +377,8 @@ public class OneTimeAuthManagerTest {
.now(ZoneOffset.UTC).minus(1800, ChronoUnit.SECONDS);
token.setValidUntil(Date.from(date.toInstant(ZoneOffset.UTC)));
assertThat(oneTimeAuthManager.isValid(token), is(false));
shiro.getSystemUser().execute(
() -> assertThat(oneTimeAuthManager.isValid(token), is(false)));
}
@ -336,8 +387,13 @@ public class OneTimeAuthManagerTest {
"datasets/org/libreccm/security/OneTimeAuthManagerTest/data.xml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1400)
public void isValidNullToken() {
oneTimeAuthManager.isValid(null);
public void isValidNullToken() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.isValid(null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -350,12 +406,15 @@ public class OneTimeAuthManagerTest {
public void invalidateToken() {
final User jdoe = userRepository.findByName("jdoe");
final List<OneTimeAuthToken> result = oneTimeAuthManager.
retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
final List<OneTimeAuthToken> result = shiro.getSystemUser().execute(
() -> {
return oneTimeAuthManager.retrieveForUser(
jdoe, OneTimeAuthTokenPurpose.EMAIL_VERIFICATION);
});
assertThat(result, is(not(empty())));
oneTimeAuthManager.invalidate(result.get(0));
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.invalidate(result.get(0)));
}
@Test(expected = IllegalArgumentException.class)
@ -364,7 +423,8 @@ public class OneTimeAuthManagerTest {
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(1400)
public void invalidateNullToken() {
oneTimeAuthManager.invalidate(null);
shiro.getSystemUser().execute(
() -> oneTimeAuthManager.invalidate(null));
}
}

212
ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java
View File

@ -18,7 +18,7 @@
*/
package org.libreccm.security;
import org.apache.shiro.subject.ExecutionException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
@ -76,6 +76,9 @@ public class PermissionManagerTest {
@Inject
private EntityManager entityManager;
@Inject
private Shiro shiro;
public PermissionManagerTest() {
}
@ -125,7 +128,8 @@ public class PermissionManagerTest {
.addPackage(org.libreccm.security.User.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage())
@ -133,12 +137,13 @@ public class PermissionManagerTest {
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -171,8 +176,10 @@ public class PermissionManagerTest {
final Role role2 = roleRepository.findByName("role2");
final CcmObject object3 = ccmObjectRepository.findById(-20003L);
permissionManager.grantPrivilege("privilege2", role2, object3);
permissionManager.grantPrivilege("privilege3", role2);
shiro.getSystemUser().execute(() -> {
permissionManager.grantPrivilege("privilege2", role2, object3);
permissionManager.grantPrivilege("privilege3", role2);
});
}
@Test
@ -186,8 +193,10 @@ public class PermissionManagerTest {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.grantPrivilege("privilege1", role1);
permissionManager.grantPrivilege("privilege2", role1, object1);
shiro.getSystemUser().execute(() -> {
permissionManager.grantPrivilege("privilege1", role1);
permissionManager.grantPrivilege("privilege2", role1, object1);
});
}
@Test(expected = IllegalArgumentException.class)
@ -195,10 +204,15 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
public void grantPermissionPrivilegeNull() {
public void grantPermissionPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.grantPrivilege(null, role1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege(null, role1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -206,11 +220,16 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(225)
public void grantPermissionOnObjectPrivilegeNull() {
public void grantPermissionOnObjectPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.grantPrivilege(null, role1, object1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege(null, role1, object1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -218,10 +237,15 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(230)
public void grantPermissionEmptyPrivilege() {
public void grantPermissionEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.grantPrivilege("", role1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege("", role1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -229,11 +253,16 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(235)
public void grantPermissionOnObjectEmptyPrivilege() {
public void grantPermissionOnObjectEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.grantPrivilege("", role1, object1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege("", role1, object1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -241,8 +270,13 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(240)
public void grantPermissionToRoleNull() {
permissionManager.grantPrivilege("privilege", null);
public void grantPermissionToRoleNull() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege("privilege", null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -250,10 +284,17 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(240)
public void grantPermissionOnObjectToRoleNull() {
public void grantPermissionOnObjectToRoleNull() throws Throwable {
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.grantPrivilege("privilege", null, object1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege("privilege",
null,
object1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -261,10 +302,17 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(250)
public void grantPermissionNullObject() {
public void grantPermissionNullObject() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.grantPrivilege("privilege1", role1, null);
try {
shiro.getSystemUser().execute(
() -> permissionManager.grantPrivilege("privilege1",
role1,
null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -279,8 +327,10 @@ public class PermissionManagerTest {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.revokePrivilege("privilege1", role1);
permissionManager.revokePrivilege("privilege2", role1, object1);
shiro.getSystemUser().execute(() -> {
permissionManager.revokePrivilege("privilege1", role1);
permissionManager.revokePrivilege("privilege2", role1, object1);
});
}
@Test
@ -290,10 +340,11 @@ public class PermissionManagerTest {
value = "datasets/org/libreccm/security/PermissionManagerTest/"
+ "data.yml")
@InSequence(310)
public void revokeNotExistingPermission() {
public void revokeNotExistingPermission() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.revokePrivilege("privilege999", role1);
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("privilege999", role1));
}
@Test
@ -307,7 +358,10 @@ public class PermissionManagerTest {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.revokePrivilege("privilege999", role1, object1);
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("privilege999",
role1,
object1));
}
@Test(expected = IllegalArgumentException.class)
@ -315,10 +369,15 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
public void revokePermissionPrivilegeNull() {
public void revokePermissionPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.revokePrivilege(null, role1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege(null, role1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -326,11 +385,16 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
public void revokePermissionOnObjectPrivilegeNull() {
public void revokePermissionOnObjectPrivilegeNull() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.revokePrivilege(null, role1, object1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege(null, role1, object1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -338,31 +402,48 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(330)
public void revokePermissionEmptyPrivilege() {
public void revokePermissionEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.revokePrivilege("", role1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("", role1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@Test(expected
= IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(320)
public void revokePermissionOnObjectEmptyPrivilege() {
public void revokePermissionOnObjectEmptyPrivilege() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.revokePrivilege("", role1, object1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("", role1, object1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@Test(expected
= IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(340)
public void revokePermissionFromRoleNull() {
permissionManager.revokePrivilege("privilege1", null);
public void revokePermissionFromRoleNull() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("privilege1", null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@ -370,22 +451,36 @@ public class PermissionManagerTest {
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(345)
public void revokePermissionOnObjectFromRoleNull() {
public void revokePermissionOnObjectFromRoleNull() throws Throwable {
final CcmObject object1 = ccmObjectRepository.findById(-20001L);
permissionManager.revokePrivilege("privilege1", null, object1);
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("privilege1",
null,
object1));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@Test(expected
= IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(350)
public void revokePermissionNullObject() {
public void revokePermissionNullObject() throws Throwable {
final Role role1 = roleRepository.findByName("role1");
permissionManager.revokePrivilege("privilege2", role1, null);
try {
shiro.getSystemUser().execute(
() -> permissionManager.revokePrivilege("privilege2",
role1,
null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -396,33 +491,46 @@ public class PermissionManagerTest {
+ "after-copy.yml",
excludeColumns = {"permission_id"})
@InSequence(400)
public void copyPermissions() {
public void copyPermissions() throws Throwable {
final CcmObject object2 = ccmObjectRepository.findById(-20002L);
final CcmObject object3 = ccmObjectRepository.findById(-20003L);
permissionManager.copyPermissions(object2, object3);
shiro.getSystemUser().execute(
() -> permissionManager.copyPermissions(object2, object3));
}
@Test(expected = IllegalArgumentException.class)
@Test(expected
= IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(410)
public void copyPermissionsNullSource() {
public void copyPermissionsNullSource() throws Throwable {
final CcmObject object3 = ccmObjectRepository.findById(-20003L);
permissionManager.copyPermissions(null, object3);
try {
shiro.getSystemUser().execute(
() -> permissionManager.copyPermissions(null, object3));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@Test(expected
= IllegalArgumentException.class)
@UsingDataSet(
"datasets/org/libreccm/security/PermissionManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(420)
public void copyPermissionsNullTarget() {
public void copyPermissionsNullTarget() throws Throwable {
final CcmObject object2 = ccmObjectRepository.findById(-20002L);
permissionManager.copyPermissions(object2, null);
try {
shiro.getSystemUser().execute(
() -> permissionManager.copyPermissions(object2, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
}

66
ccm-core/src/test/java/org/libreccm/security/RoleManagerTest.java
View File

@ -18,6 +18,7 @@
*/
package org.libreccm.security;
import org.apache.shiro.subject.ExecutionException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.ShouldThrowException;
import org.jboss.arquillian.junit.Arquillian;
@ -29,7 +30,6 @@ import org.jboss.arquillian.persistence.UsingDataSet;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
@ -69,6 +69,9 @@ public class RoleManagerTest {
@Inject
private PartyRepository partyRepository;
@Inject
private Shiro shiro;
public RoleManagerTest() {
}
@ -118,7 +121,8 @@ public class RoleManagerTest {
.addPackage(org.libreccm.security.User.class.getPackage())
.addPackage(org.libreccm.web.CcmApplication.class.getPackage())
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage())
@ -126,12 +130,13 @@ public class RoleManagerTest {
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -153,28 +158,40 @@ public class RoleManagerTest {
final Party joe = partyRepository.findByName("joe");
final Party group1 = partyRepository.findByName("group1");
roleManager.assignRoleToParty(role1, joe);
roleManager.assignRoleToParty(role3, group1);
shiro.getSystemUser().execute(() -> {
roleManager.assignRoleToParty(role1, joe);
roleManager.assignRoleToParty(role3, group1);
});
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(210)
public void assignRoleNullToParty() {
public void assignRoleNullToParty() throws Throwable {
final Party party = partyRepository.findByName("jdoe");
roleManager.assignRoleToParty(null, party);
try {
shiro.getSystemUser().execute(
() -> roleManager.assignRoleToParty(null, party));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
public void assignRoleToPartyNull() {
public void assignRoleToPartyNull() throws Throwable {
final Role role = roleRepository.findByName("role1");
roleManager.assignRoleToParty(role, null);
try {
shiro.getSystemUser().execute(
() -> roleManager.assignRoleToParty(role, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -186,7 +203,8 @@ public class RoleManagerTest {
final Party jdoe = partyRepository.findByName("jdoe");
final Role role1 = roleRepository.findByName("role1");
roleManager.assignRoleToParty(role1, jdoe);
shiro.getSystemUser().execute(
() -> roleManager.assignRoleToParty(role1, jdoe));
}
@Test
@ -203,28 +221,39 @@ public class RoleManagerTest {
final Party jdoe = partyRepository.findByName("jdoe");
final Party group1 = partyRepository.findByName("group1");
roleManager.removeRoleFromParty(role1, jdoe);
roleManager.removeRoleFromParty(role2, group1);
shiro.getSystemUser().execute(() -> {
roleManager.removeRoleFromParty(role1, jdoe);
roleManager.removeRoleFromParty(role2, group1);
});
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(310)
public void removeRoleNullFromParty() {
public void removeRoleNullFromParty() throws Throwable {
final Party party = partyRepository.findByName("jdoe");
roleManager.removeRoleFromParty(null, party);
try {
shiro.getSystemUser().execute(
() -> roleManager.removeRoleFromParty(null, party));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test(expected = IllegalArgumentException.class)
@UsingDataSet("datasets/org/libreccm/security/RoleManagerTest/data.yml")
@ShouldThrowException(IllegalArgumentException.class)
@InSequence(220)
public void removeRoleFromPartyNull() {
public void removeRoleFromPartyNull() throws Throwable {
final Role role = roleRepository.findByName("role1");
roleManager.removeRoleFromParty(role, null);
try {
shiro.getSystemUser().execute(
() -> roleManager.removeRoleFromParty(role, null));
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
@Test
@ -236,7 +265,8 @@ public class RoleManagerTest {
final Role role2 = roleRepository.findByName("role2");
final Party jdoe = partyRepository.findByName("jdoe");
roleManager.removeRoleFromParty(role2, jdoe);
shiro.getSystemUser().execute(
() -> roleManager.removeRoleFromParty(role2, jdoe));
}
}

51
ccm-core/src/test/java/org/libreccm/security/UserManagerTest.java
View File

@ -18,6 +18,7 @@
*/
package org.libreccm.security;
import org.apache.shiro.subject.ExecutionException;
import java.io.File;
@ -39,7 +40,6 @@ import org.jboss.arquillian.test.spi.ArquillianProxyException;
import org.jboss.arquillian.transaction.api.annotation.TransactionMode;
import org.jboss.arquillian.transaction.api.annotation.Transactional;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.resolver.api.maven.Maven;
import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
@ -71,6 +71,9 @@ public class UserManagerTest {
@Inject
private UserRepository userRepository;
@Inject
private Shiro shiro;
public UserManagerTest() {
}
@ -123,18 +126,20 @@ public class UserManagerTest {
.addPackage(org.libreccm.workflow.Workflow.class.getPackage())
.addPackage(org.libreccm.tests.categories.IntegrationTest.class
.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class.getPackage())
.addPackage(org.libreccm.testutils.EqualsVerifier.class
.getPackage())
.addPackage(com.arsdigita.kernel.KernelConfig.class.getPackage())
.addPackage(com.arsdigita.kernel.security.SecurityConfig.class
.getPackage())
.addPackage(com.arsdigita.util.UncheckedWrapperException.class
.getPackage())
.addPackage(org.libreccm.cdi.utils.CdiUtil.class.getPackage())
.addAsLibraries(libs)
.addAsResource("test-persistence.xml",
"META-INF/persistence.xml")
.addAsResource("configs/shiro.ini", "shiro.ini")
.addAsWebInfResource("test-web.xml", "web.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
.addAsWebInfResource("META-INF/beans.xml", "beans.xml");
}
@Test
@ -170,11 +175,12 @@ public class UserManagerTest {
excludeColumns = {"party_id", "password"})
@InSequence(300)
public void createUser() {
userManager.createUser("Jane",
"Doe",
"jane",
"jane.doe@example.org",
"foo456");
shiro.getSystemUser().execute(
() -> userManager.createUser("Jane",
"Doe",
"jane",
"jane.doe@example.org",
"foo456"));
final User jane2 = userRepository.findByName("jane");
assertThat(userManager.verifyPassword(jane2, "foo456"), is(true));
@ -184,12 +190,17 @@ public class UserManagerTest {
@UsingDataSet("datasets/org/libreccm/security/UserManagerTest/data.yml")
@ShouldThrowException(ConstraintViolationException.class)
@InSequence(400)
public void createUserWithInValidName() {
userManager.createUser("Jane",
"Doe",
"j#ne",
"jane.doe@example.org",
"foo456");
public void createUserWithInValidName() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> userManager.createUser("Jane",
"Doe",
"j#ne",
"jane.doe@example.org",
"foo456"));
} catch (ExecutionException ex) {
throw ex.getCause();
}
fail();
}
@ -198,7 +209,8 @@ public class UserManagerTest {
@InSequence(500)
public void updatePassword() {
final User jdoe = userRepository.findByName("jdoe");
userManager.updatePassword(jdoe, "foo456");
shiro.getSystemUser().execute(
() -> userManager.updatePassword(jdoe, "foo456"));
final User jdoe2 = userRepository.findByName("jdoe");
assertThat(userManager.verifyPassword(jdoe, "foo456"), is(true));
@ -212,8 +224,13 @@ public class UserManagerTest {
@UsingDataSet("datasets/org/libreccm/security/UserManagerTest/data.yml")
@ShouldThrowException(ConstraintViolationException.class)
@InSequence(600)
public void updatePasswordNullUser() {
userManager.updatePassword(null, "foo");
public void updatePasswordNullUser() throws Throwable {
try {
shiro.getSystemUser().execute(
() -> userManager.updatePassword(null, "foo"));
} catch (ExecutionException ex) {
throw ex.getCause();
}
fail();
}

72
ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data.yml
View File

@ -65,4 +65,74 @@ ccm_core.categorizations:
object_id: -3300
category_order: 1
object_order: 1
category_index: false
category_index: false
ccm_core.parties:
- party_id: -3000
name: public-user
- party_id: -3100
name: jdoe
- party_id: -3200
name: mmuster
ccm_core.users:
- party_id: -3000
given_name: public
family_name: user
email_address: public-user@localhost
banned: false
bouncing: false
verified: true
password_reset_required: false
- party_id: -3100
given_name: Jane
family_name: Doe
email_address: jane.doe@example.org
# foo123
password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
banned: false
bouncing: false
verified: true
password_reset_required: false
- party_id: -3200
given_name: Maria
family_name: Muster
email_address: mmuster@example.com
# foo123
password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
banned: false
bouncing: false
verified: true
password_reset_required: false
ccm_core.ccm_roles:
- role_id: -4000
name: domain_test_category_manager
- role_id: -4100
name: category_foo_manager
ccm_core.role_memberships:
- membership_id: -5000
role_id: -4000
member_id: -3100
- membership_id: 5100
role_id: -4100
member_id: -3200
ccm_core.permissions:
- permission_id: -6000
granted_privilege: manage_category
grantee_id: -4000
object_id: -2000
- permission_id: -6100
granted_privilege: manage_category_objects
grantee_id: -4000
object_id: -2000
- permission_id: -6200
granted_privilege: manage_category
grantee_id: -4100
object_id: -2100
- permission_id: -6300
granted_privilege: manage_category_objects
grantee_id: -4100
object_id: -2100

79
ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryManagerTest/data2.yml
View File

@ -1,79 +0,0 @@
ccm_core.ccm_objects:
- object_id: -1000
display_name: test
uuid: dc1788a7-79b3-4298-94f2-e23cba97301d
- object_id: -2000
display_name: test_root
uuid: c78a2311-3751-4b69-b6ed-358b29571407
- object_id: -2100
display_name: foo
uuid: 6b25f081-0144-419f-886c-1fcdfba2aa54
- object_id: -2200
display_name: bar
uuid: dc76f9b8-f69f-408d-918a-bd80d4755166
- object_id: -3100
display_name: object1
uuid: 2cd8b84e-3dc5-4268-98eb-e297f7f93cd4
- object_id: -3200
display_name: object2
uuid: ce0c5964-f3ce-4d9e-93c8-7d57ce03a505
- object_id: -3300
display_name: object3
uuid: c66c5063-8912-4dec-8195-a0b45161419d
- object_id: -2300
display_name: category-new
uuid: 2b801a2c-0c0e-4a52-b17b-58fb5b775b09
ccm_core.categories:
- object_id: -2000
unique_id: test0001
name: test-root
enabled: true
visible: true
abstract_category: false
category_order: 0
- object_id: -2100
unique_id: test0002
name: foo
parent_category_id: -2000
enabled: true
visible: true
abstract_category: false
category_order: 0
- object_id: -2200
unique_id: test0003
name: bar
parent_category_id: -2100
enabled: true
visible: true
abstract_category: false
category_order: 0
- object_id: -2300
unique_id: catnew
name: category-new
enabled: true
visible: true
abstract_category: false
category_order: 1
ccm_core.category_domains:
- object_id: -1000
domain_key: test
root_category_id: -2000
uri: http://libreccm.org/test
version: 1.0
ccm_core.categorizations:
- categorization_id: -10000
category_id: -2100
object_id: -3100
object_order: 1
category_order: 1
category_index: false
- categorization_id: -10100
category_id: -2200
object_id: -3300
category_order: 1
object_order: 1
category_index: false

58
ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/after-save-new-category.yml
View File

@ -54,4 +54,62 @@ ccm_core.category_domains:
uri: http://libreccm.org/test
version: 1.0
ccm_core.parties:
- party_id: -100
name: public-user
- party_id: -200
name: jdoe
- party_id: -300
name: mmuster
ccm_core.users:
- party_id: -100
given_name: public
family_name: user
email_address: public-user@localhost
banned: false
bouncing: false
verified: true
password_reset_required: false
- party_id: -200
given_name: John
family_name: Doe
email_address: john.doe@example.org
password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
banned: false
bouncing: false
verified: true
password_reset_required: false
- party_id: -300
given_name: Max
family_name: Mustermann
email_address: max.mustermann@example.org
password: $shiro1$SHA-512$500000$Y7CnccN1h25sR7KCElMOXg==$CVLWBhetodaEzzhDfGjRcCFZtSW02xOnjH7xhBx0lbxO66grKIt6LWmXoUhLEydce1JZ7cbzNLYOxIwwTeqi5Q==
banned: false
bouncing: false
verified: true
password_reset_required: false
ccm_core.ccm_roles:
- role_id: -500
name: category_manager
- role_id: -510
name: category_manager_domain_test
ccm_core.role_memberships:
- membership_id: -600
role_id: -500
member_id: -200
- membership_id: -610
role_id: -510
member_id: -300
ccm_core.permissions:
- permission_id: -700
granted_privilege: manage_category
grantee_id: -500
- permission_id: -710
granted_privilege: manage_category
grantee_id: -510
object_id: -1000

4
ccm-core/src/test/resources/datasets/org/libreccm/categorization/CategoryRepositoryTest/data.yml
View File

@ -96,9 +96,9 @@ ccm_core.role_memberships:
ccm_core.permissions:
- permission_id: -700
granted_privilege: manage_categories
granted_privilege: manage_category
grantee_id: -500
- permission_id: -710
granted_privilege: manage_categories
granted_privilege: manage_category
grantee_id: -510
object_id: -1000

12
ccm-shortcuts/src/test/java/org/libreccm/shortcuts/ShortcutRepositoryTest.java
View File

@ -172,18 +172,18 @@ public class ShortcutRepositoryTest {
final Optional<Shortcut> shop = shortcutRepository.findByUrlKey("shop");
assertThat(members.isPresent(), is(true));
assertThat(members.get().getUrlKey(), is(equalTo("members")));
assertThat(members.get().getUrlKey(), is(equalTo("/members/")));
assertThat(members.get().getRedirect(),
is(equalTo("/ccm/navigation/members")));
assertThat(mitglieder.isPresent(), is(true));
assertThat(mitglieder.get().getUrlKey(), is(equalTo("mitglieder")));
assertThat(mitglieder.get().getUrlKey(), is(equalTo("/mitglieder/")));
assertThat(mitglieder.get().getRedirect(),
is(equalTo("/ccm/navigation/members")));
assertThat(shop.isPresent(), is(true));
assertThat(shop.get().getUrlKey(),
is(equalTo("shop")));
is(equalTo("/shop/")));
assertThat(shop.get().getRedirect(),
is(equalTo("http://www.example.com")));
}
@ -209,17 +209,17 @@ public class ShortcutRepositoryTest {
final List<Shortcut> toMembers = shortcutRepository.findByRedirect(
"/ccm/navigation/members");
assertThat(toMembers.size(), is(2));
assertThat(toMembers.get(0).getUrlKey(), is(equalTo("members")));
assertThat(toMembers.get(0).getUrlKey(), is(equalTo("/members/")));
assertThat(toMembers.get(0).getRedirect(),
is(equalTo("/ccm/navigation/members")));
assertThat(toMembers.get(1).getUrlKey(), is(equalTo("mitglieder")));
assertThat(toMembers.get(1).getUrlKey(), is(equalTo("/mitglieder/")));
assertThat(toMembers.get(1).getRedirect(),
is(equalTo("/ccm/navigation/members")));
final List<Shortcut> toExampleCom = shortcutRepository.findByRedirect(
"http://www.example.com");
assertThat(toExampleCom.size(), is(1));
assertThat(toExampleCom.get(0).getUrlKey(), is(equalTo("shop")));
assertThat(toExampleCom.get(0).getUrlKey(), is(equalTo("/shop/")));
assertThat(toExampleCom.get(0).getRedirect(),
is(equalTo("http://www.example.com")));
}

4
ccm-shortcuts/src/test/resources/datasets/org/libreccm/shortcuts/ShortcutManagerTest/data.xml
View File

@ -32,8 +32,8 @@
member_id="-110" />
<ccm_core.permissions permission_id="-400"
granted_privilege="manage_shortcuts"
grantee_id="-200" />
granted_privilege="manage_shortcuts"
grantee_id="-200" />
<ccm_shortcuts.shortcuts shortcut_id="-10"
url_key="/mitglieder/"

8
ccm-shortcuts/src/test/resources/datasets/org/libreccm/shortcuts/ShortcutRepositoryTest/data.xml
View File

@ -1,15 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<dataset>
<ccm_shortcuts.shortcuts shortcut_id="-10"
url_key="mitglieder"
url_key="/mitglieder/"
redirect="/ccm/navigation/members" />
<ccm_shortcuts.shortcuts shortcut_id="-20"
url_key="members"
url_key="/members/"
redirect="/ccm/navigation/members" />
<ccm_shortcuts.shortcuts shortcut_id="-30"
url_key="privacy"
url_key="/privacy/"
redirect="/ccm/navigation/privacy" />
<ccm_shortcuts.shortcuts shortcut_id="-40"
url_key="shop"
url_key="/shop/"
redirect="http://www.example.com" />
</dataset>