fix unit test

This commit is contained in:
Olivier Lamy 2015-02-06 23:09:37 +11:00
parent 8edcb36b95
commit f77d21b589
6 changed files with 90 additions and 27 deletions

View File

@ -22,6 +22,7 @@ package org.apache.archiva.redback.rest.services.interceptors;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
import org.apache.archiva.redback.policy.AccountLockedException;
@ -75,6 +76,7 @@ public class PermissionsInterceptor
{
if ( redbackAuthorization.noRestriction() )
{
log.debug( "redbackAuthorization.noRestriction() so skip permission check" );
// we are fine this services is marked as non restrictive access
return;
}
@ -84,48 +86,64 @@ public class PermissionsInterceptor
&& !( permissions.length == 1 && StringUtils.isEmpty( permissions[0] ) ) )
{
HttpServletRequest request = getHttpServletRequest( message );
SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession( true ) );
SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession() );
AuthenticationResult authenticationResult = message.get( AuthenticationResult.class );
log.debug( "authenticationResult from message: {}", authenticationResult );
if ( authenticationResult == null )
{
try
{
authenticationResult =
httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) );
log.debug( "authenticationResult from request: {}", authenticationResult );
}
catch ( AuthenticationException e )
{
log.debug( "failed to authenticate for path {}", message.get( Message.REQUEST_URI ) );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
}
catch ( AccountLockedException e )
{
log.debug( "account locked for path {}", message.get( Message.REQUEST_URI ) );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
}
catch ( MustChangePasswordException e )
{
log.debug( "must change password for path {}", message.get( Message.REQUEST_URI ) );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
}
}
if ( authenticationResult != null && authenticationResult.isAuthenticated() )
{
message.put( AuthenticationResult.class, authenticationResult );
for ( String permission : permissions )
{
log.debug( "check permission: {} with securitySession {}", permission, securitySession );
if ( StringUtils.isBlank( permission ) )
{
continue;
}
try
{
if ( securitySystem.isAuthorized( securitySession, permission,
StringUtils.isBlank( redbackAuthorization.resource() )
? null
: redbackAuthorization.resource() ) )
AuthorizationResult authorizationResult =
securitySystem.authorize( authenticationResult.getUser(), permission, //
StringUtils.isBlank( redbackAuthorization.resource() ) //
? null : redbackAuthorization.resource() );
/*
if ( securitySystem.isAuthorized( securitySession, permission, //
StringUtils.isBlank( redbackAuthorization.resource() ) //
? null : redbackAuthorization.resource() ) )
*/
if ( authenticationResult != null && authorizationResult.isAuthorized() )
{
log.debug( "isAuthorized for permission {}", permission );
return;
}
else
@ -140,13 +158,12 @@ public class PermissionsInterceptor
}
catch ( AuthorizationException e )
{
log.debug( e.getMessage(), e );
}
}
log.debug( " AuthorizationException " + e.getMessage() //
+ " checking permission " + permission, e );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
}
}
}
else
{

View File

@ -25,6 +25,7 @@ import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.model.UserRegistrationRequest;
import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.api.services.UserService;
import org.apache.archiva.redback.rest.services.mock.EmailMessage;
import org.apache.archiva.redback.rest.services.mock.ServicesAssert;
@ -178,7 +179,7 @@ public class UserServiceTest
}
finally
{
getUserService( authorizationHeader ).deleteUser( "toto" );
deleteUserQuietly( "toto" );
}
}
@ -237,7 +238,7 @@ public class UserServiceTest
}
finally
{
getUserService( authorizationHeader ).deleteUser( "toto" );
deleteUserQuietly( "toto" );
}
}
@ -307,11 +308,23 @@ public class UserServiceTest
}
finally
{
getUserService( authorizationHeader ).deleteUser( "toto" );
deleteUserQuietly( "toto" );
}
}
private void deleteUserQuietly( String userName )
{
try
{
getUserService( authorizationHeader ).deleteUser( userName );
}
catch ( Exception e )
{
log.warn( "ignore fail to delete user " + e.getMessage(), e );
}
}
@Test
public void getAdminPermissions()
throws Exception

View File

@ -21,7 +21,7 @@
<appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%highlight{%d{HH:mm:ss.SSS} [%L] [%t] %-5level %logger{36} - %msg%n}" />
<PatternLayout pattern="%highlight{%d{HH:mm:ss.SSS} [%L] [%t] %-5level %logger{3} - %msg%n}" />
</Console>
</appenders>
@ -32,6 +32,7 @@
<logger name="org.apache.archiva.redback.components.cache" level="error"/>
<logger name="org.apache.archiva.redback.rest.services.interceptors" level="debug"/>
<logger name="org.apache.archiva.redback.rest.services" level="debug"/>
<logger name="org.apache.catalina" level="off" />
<logger name="JPOX" level="ERROR"/>
<root level="info">
<appender-ref ref="console"/>

View File

@ -19,8 +19,8 @@ package org.apache.archiva.redback.system;
* under the License.
*/
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.users.User;
import org.springframework.stereotype.Service;
import java.io.Serializable;
@ -74,4 +74,14 @@ public class DefaultSecuritySession
{
return ( ( user != null ) && authenticated );
}
@Override
public String toString()
{
return "DefaultSecuritySession{" +
"authenticationResult=" + authenticationResult +
", user=" + user +
", authenticated=" + authenticated +
'}';
}
}

View File

@ -19,13 +19,6 @@ package org.apache.archiva.redback.system;
* under the License.
*/
import org.apache.archiva.redback.keys.KeyManager;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationManager;
@ -34,7 +27,14 @@ import org.apache.archiva.redback.authorization.AuthorizationDataSource;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.Authorizer;
import org.apache.archiva.redback.keys.KeyManager;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
@ -47,7 +47,7 @@ import javax.inject.Named;
*
* @author: Jesse McConnell <jesse@codehaus.org>
*/
@Service("securitySystem")
@Service( "securitySystem" )
public class DefaultSecuritySystem
implements SecuritySystem
{
@ -57,15 +57,15 @@ public class DefaultSecuritySystem
private AuthenticationManager authnManager;
@Inject
@Named(value = "authorizer#default")
@Named( value = "authorizer#default" )
private Authorizer authorizer;
@Inject
@Named(value = "userManager#default")
@Named( value = "userManager#default" )
private UserManager userManager;
@Inject
@Named(value = "keyManager#cached")
@Named( value = "keyManager#cached" )
private KeyManager keyManager;
@Inject
@ -92,7 +92,6 @@ public class DefaultSecuritySystem
* @throws UserNotFoundException
* @throws MustChangePasswordException
* @throws org.apache.archiva.redback.policy.AccountLockedException
*
* @throws MustChangePasswordException
*/
public SecuritySession authenticate( AuthenticationDataSource source )
@ -176,6 +175,24 @@ public class DefaultSecuritySystem
return authorizer.isAuthorized( source );
}
public AuthorizationResult authorize( User user, String permission, String resource )
throws AuthorizationException
{
AuthorizationDataSource source = null;
if ( user != null )
{
source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
}
if ( source == null )
{
source = new AuthorizationDataSource( null, null, permission, resource );
}
return authorizer.isAuthorized( source );
}
public boolean isAuthorized( SecuritySession session, String permission )
throws AuthorizationException
{
@ -287,4 +304,5 @@ public class DefaultSecuritySystem
{
return userManager.isReadOnly();
}
}

View File

@ -22,6 +22,7 @@ package org.apache.archiva.redback.system;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
@ -73,6 +74,9 @@ public interface SecuritySystem
AuthorizationResult authorize( SecuritySession session, String permission, String resource )
throws AuthorizationException;
AuthorizationResult authorize( User user, String permission, String resource )
throws AuthorizationException;
boolean isAuthorized( SecuritySession session, String permission, String resource )
throws AuthorizationException;