Revision 7040
Added by Chris Jones almost 13 years ago
test/edu/ucsb/nceas/metacat/dataone/MNodeServiceTest.java | ||
---|---|---|
32 | 32 |
import java.io.InputStream; |
33 | 33 |
import java.io.UnsupportedEncodingException; |
34 | 34 |
import java.text.SimpleDateFormat; |
35 |
import java.util.ArrayList; |
|
35 | 36 |
import java.util.Calendar; |
36 | 37 |
import java.util.Date; |
38 |
import java.util.List; |
|
37 | 39 |
|
38 | 40 |
import junit.framework.Test; |
39 | 41 |
import junit.framework.TestSuite; |
40 | 42 |
|
41 | 43 |
import org.apache.commons.io.IOUtils; |
42 | 44 |
import org.dataone.configuration.Settings; |
43 |
import org.dataone.service.util.Constants; |
|
44 |
import org.dataone.service.util.DateTimeMarshaller; |
|
45 | 45 |
import org.dataone.service.util.TypeMarshaller; |
46 | 46 |
import org.dataone.service.exceptions.IdentifierNotUnique; |
47 | 47 |
import org.dataone.service.exceptions.InsufficientResources; |
... | ... | |
67 | 67 |
import org.dataone.service.types.v1.ObjectFormatIdentifier; |
68 | 68 |
import org.dataone.service.types.v1.ObjectList; |
69 | 69 |
import org.dataone.service.types.v1.Permission; |
70 |
import org.dataone.service.types.v1.Person; |
|
70 | 71 |
import org.dataone.service.types.v1.Session; |
71 | 72 |
import org.dataone.service.types.v1.Subject; |
73 |
import org.dataone.service.types.v1.SubjectInfo; |
|
72 | 74 |
import org.dataone.service.types.v1.SystemMetadata; |
73 | 75 |
import org.jibx.runtime.JiBXException; |
74 | 76 |
import org.junit.After; |
... | ... | |
111 | 113 |
TestSuite suite = new TestSuite(); |
112 | 114 |
suite.addTest(new MNodeServiceTest("initialize")); |
113 | 115 |
// MNStorage tests |
114 |
suite.addTest(new MNodeServiceTest("testCreate")); |
|
115 |
suite.addTest(new MNodeServiceTest("testUpdate")); |
|
116 |
suite.addTest(new MNodeServiceTest("testDelete")); |
|
117 |
// MNRead tests |
|
118 |
suite.addTest(new MNodeServiceTest("testGet")); |
|
119 |
suite.addTest(new MNodeServiceTest("testGetChecksum")); |
|
120 |
suite.addTest(new MNodeServiceTest("testGetSystemMetadata")); |
|
121 |
suite.addTest(new MNodeServiceTest("testDescribe")); |
|
122 |
suite.addTest(new MNodeServiceTest("testListObjects")); |
|
123 |
suite.addTest(new MNodeServiceTest("testSynchronizationFailed")); |
|
124 |
// MNCore tests |
|
125 |
suite.addTest(new MNodeServiceTest("testPing")); |
|
126 |
suite.addTest(new MNodeServiceTest("testGetLogRecords")); |
|
127 |
suite.addTest(new MNodeServiceTest("testGetOperationStatistics")); |
|
128 |
suite.addTest(new MNodeServiceTest("testGetCapabilities")); |
|
129 |
// include these when they are part of the MN interface definitions |
|
130 |
// suite.addTest(new MNodeServiceTest("testGetObjectStatistics")); |
|
131 |
// suite.addTest(new MNodeServiceTest("testGetStatus")); |
|
132 |
// MNAuthorization tests |
|
133 |
suite.addTest(new MNodeServiceTest("testIsAuthorized")); |
|
134 |
suite.addTest(new MNodeServiceTest("testSetAccessPolicy")); |
|
135 |
// MNreplication tests |
|
136 |
suite.addTest(new MNodeServiceTest("testReplicate")); |
|
116 |
// suite.addTest(new MNodeServiceTest("testCreate")); |
|
117 |
// suite.addTest(new MNodeServiceTest("testUpdate")); |
|
118 |
// suite.addTest(new MNodeServiceTest("testDelete")); |
|
119 |
// // MNRead tests |
|
120 |
// suite.addTest(new MNodeServiceTest("testGet")); |
|
121 |
// suite.addTest(new MNodeServiceTest("testGetChecksum")); |
|
122 |
// suite.addTest(new MNodeServiceTest("testGetSystemMetadata")); |
|
123 |
// suite.addTest(new MNodeServiceTest("testDescribe")); |
|
124 |
// suite.addTest(new MNodeServiceTest("testListObjects")); |
|
125 |
// suite.addTest(new MNodeServiceTest("testSynchronizationFailed")); |
|
126 |
// // MNCore tests |
|
127 |
// suite.addTest(new MNodeServiceTest("testPing")); |
|
128 |
// suite.addTest(new MNodeServiceTest("testGetLogRecords")); |
|
129 |
// suite.addTest(new MNodeServiceTest("testGetOperationStatistics")); |
|
130 |
// suite.addTest(new MNodeServiceTest("testGetCapabilities")); |
|
131 |
// // include these when they are part of the MN interface definitions |
|
132 |
// // suite.addTest(new MNodeServiceTest("testGetObjectStatistics")); |
|
133 |
// // suite.addTest(new MNodeServiceTest("testGetStatus")); |
|
134 |
// // MNAuthorization tests |
|
135 |
// suite.addTest(new MNodeServiceTest("testIsAuthorized")); |
|
136 |
suite.addTest(new MNodeServiceTest("testIsEquivIdentityAuthorized")); |
|
137 |
// suite.addTest(new MNodeServiceTest("testSetAccessPolicy")); |
|
138 |
// // MNreplication tests |
|
139 |
// suite.addTest(new MNodeServiceTest("testReplicate")); |
|
137 | 140 |
|
138 | 141 |
|
139 | 142 |
return suite; |
... | ... | |
978 | 981 |
} |
979 | 982 |
|
980 | 983 |
|
984 |
public void testIsEquivIdentityAuthorized() { |
|
985 |
printTestHeader("testIsEquivIdentityAuthorized"); |
|
986 |
|
|
987 |
try { |
|
988 |
Session session = new Session(); |
|
989 |
Subject s = new Subject(); |
|
990 |
s.setValue("cn=test,dc=dataone,dc=org"); |
|
991 |
session.setSubject(s); |
|
992 |
|
|
993 |
Identifier pid = new Identifier(); |
|
994 |
pid.setValue("testIsEquivIdentityAuthorized." + System.currentTimeMillis()); |
|
995 |
InputStream object = new ByteArrayInputStream("test".getBytes("UTF-8")); |
|
996 |
SystemMetadata sysmeta = createSystemMetadata(pid, session.getSubject(), object); |
|
997 |
|
|
998 |
// reset the access policy to only allow 'self' read (no public) |
|
999 |
AccessPolicy ap = new AccessPolicy(); |
|
1000 |
AccessRule ar = new AccessRule(); |
|
1001 |
List<Subject> sList = new ArrayList<Subject>(); |
|
1002 |
sList.add(session.getSubject()); |
|
1003 |
ar.setSubjectList(sList); |
|
1004 |
List<Permission> permList = new ArrayList<Permission>(); |
|
1005 |
permList.add(Permission.CHANGE_PERMISSION); |
|
1006 |
ar.setPermissionList(permList); |
|
1007 |
ap.addAllow(ar); |
|
1008 |
sysmeta.setAccessPolicy(ap); |
|
1009 |
|
|
1010 |
// save it |
|
1011 |
Identifier retPid = CNodeService.getInstance(request).registerSystemMetadata(session, pid, sysmeta); |
|
1012 |
assertEquals(pid.getValue(), retPid.getValue()); |
|
1013 |
|
|
1014 |
//check it against an equivalent identity not listed in the access policy |
|
1015 |
session.getSubject().setValue("cn=newSubject,dc=dataone,dc=org"); |
|
1016 |
SubjectInfo subjectInfo = new SubjectInfo(); |
|
1017 |
Person person = new Person(); |
|
1018 |
person.setSubject(session.getSubject()); |
|
1019 |
List<String> givenNames = new ArrayList<String>(); |
|
1020 |
givenNames.add("New"); |
|
1021 |
person.setGivenNameList(givenNames); |
|
1022 |
person.setFamilyName("Subject"); |
|
1023 |
|
|
1024 |
// add equivalent identities |
|
1025 |
List<Subject> equivIdentities = new ArrayList<Subject>(); |
|
1026 |
Subject mappedSubject2 = new Subject(); |
|
1027 |
mappedSubject2.setValue("cn=test2,dc=dataone,dc=org"); |
|
1028 |
equivIdentities.add(mappedSubject2); |
|
1029 |
|
|
1030 |
Subject mappedSubject = new Subject(); |
|
1031 |
mappedSubject.setValue("cn=test,dc=dataone,dc=org"); |
|
1032 |
equivIdentities.add(mappedSubject); |
|
1033 |
|
|
1034 |
person.setEquivalentIdentityList(equivIdentities); |
|
1035 |
|
|
1036 |
List<Person> personList = new ArrayList<Person>(); |
|
1037 |
personList.add(person); |
|
1038 |
subjectInfo.setPersonList(personList); |
|
1039 |
|
|
1040 |
// update the session to include subject info with a mapped identity |
|
1041 |
session.setSubjectInfo(subjectInfo); |
|
1042 |
boolean result = CNodeService.getInstance(request).isAuthorized(session, pid, Permission.READ); |
|
1043 |
assertTrue(result); |
|
1044 |
|
|
1045 |
} catch (Exception e) { |
|
1046 |
e.printStackTrace(); |
|
1047 |
|
|
1048 |
} |
|
1049 |
|
|
1050 |
} |
|
981 | 1051 |
|
982 | 1052 |
|
1053 |
|
|
1054 |
|
|
983 | 1055 |
} |
Also available in: Unified diff
Add testIsEquivIdentityAuthorized() to ensure that [MN|CN].isAuthorized() is authorizing equivalent identities correctly. Note: Using TypeMarshaller.marshalTypeToOutputStream(type, System.out) to serialize an object seems to jack up output to stdout - not sure why.